Problem and solution when an OSPF neighbor relationship fails to be established between the interconnected firewall and NE40E if OSPF MD5 authentication is configured on the devices

5

The reason that an OSPF neighbor relationship fails to be established between the interconnected firewall and NE40E if OSPF MD5 authentication is configured on the devices is that OSPF authentication is configured but not enabled on the firewall interface. You need to configure authentication-mode md5 in the corresponding area to enable the OSPF authentication mechanism. OSPF authentication needs to be configured only on the interface connecting the NE40E to the firewall.

Other related questions:
Problem and solution when the OSPF status is abnormal
To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps: 1. Check the OSPF status. Check whether the OSPF neighboring relationship can be established between the firewall and the peer device. 2. If no, check the security policy configuration. Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function. To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded. For details, see OSPF can not step into full state caused by security policy deny.

Can an OSPF neighbor relationship be established between devices that are on different subnets
A neighbor relationship can be established between two routers that are not on the same subnet only when the devices are connected through point-to-point (P2P) links. On a Point-to-Multipoint (P2MP) network, you can determine whether adjacencies can be formed between neighbors that are not on the same subnet. In all other cases, the devices must be on the same subnet.

How to configure OSPF on S series switches
For OSPF configuration on S series switches, see Common OSPF Operations on S Series Switches. For typical OSPF configuration examples on S series switches, see "Typical Routing Configuration - Typical OSPF Configuration" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.

Can OSPF establish a neighbor relationship by using the secondary IP address
In OSPF, a neighbor relationship cannot be established by using the secondary IP address; instead, a neighbor relationship can be established only by using the primary address of an interface. If the network to which the secondary IP address belongs is added to the OSPF configuration, however, the corresponding route can be advertised.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top