Fortigate OSPF Failure Cases with Debug
- Introduction
- Case 1: OSPF Adjacency Forming but no routes are exchanged due to Mismatched Network Types
- Case 2: OSPF Adjacency Not Forming due to Mismatched Hello and/or Dead Intervals
- Case 3: OSPF Adjacency Not Forming due to Mismatched MTU
- Case 4: Mismatched Area ID
- Case 5: Network Mask Mismatch
- Case 6: OSPF Authentication Mismatch
- Case 7: Mismatched Authentication Types with identical passwords
- Case 8: Mismatched Password in the Authentication
- Additional resources
Introduction
While OSPF protocol can be heavy on theory and hard to understand all of its inner workings, the way it may fail in the real life scenarios is finite after all. And as many OSPF failures happen due to misconfigurations, I bring you the most common cases with debug and diagnostics commands so you can troubleshoot them even without deep knowledge of OSPF.
For all cases below the diagram is very simple - 2 Fortigates, connected directly each on port1, and initially, all OPSF configs are default until changed, network type broadcast, no authentication, same area, all real time debug runs on FGT2:
Inital configs:
FGT1 (ospf) # show
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
FGT2 (ospf) # show
config router ospf
set router-id 13.13.13.13
config area
edit 0.0.0.0
next
end
config network
edit 1
set prefix 0.0.0.0 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
In all cases, unless said, the real-time debug output is done with:
diagnose ip router ospf level info
diagnose ip router ospf all enable
dia deb duration 300
dia deb enable
Sometimes, to speed up changes, I reset the whole OSPF router process (all OSPF routes get deleted!):
exec router clear ospf process
Case 1: OSPF Adjacency Forming but no routes are exchanged due to Mismatched Network Types
This one is nasty, as Fortigate doesn’t tell you what types can work together and which cannot. The debug will also not tell you that anything is wrong. And if mixing point-to-point with broadcast types, even the adjacency will form as expected! Only that no routes will be exchanged.
A lot has been written about that, so here is the shortlist of what types can be mixed:
-
Broadcast to Broadcast
-
Non-Broadcast to Non-Broadcast
-
Point-to-Point to Point-to-Point
-
Point-to-Multipoint to Point-to-Multipoint
-
Broadcast to Non-Broadcast (adjust hello/dead timers)
-
Point-to-Point to Point-to-Multipoint (adjust hello/dead timers)
More info from people who know much more about OSPF is available, e.g. - https://anetworkartist.blogspot.com/2010/02/mixing-matching-different-ospf-network.html .
So, for this scenario, I leave FGT2 at its default network type - broadcast, and change only FGT1 to point-to-point:
But first, the routes learned before the change:
FGT2 # get router info routing all | grep O
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
O 12.12.12.12/32 [110/101] via 192.168.200.5, port1, 00:00:18
FGT1 # get router info routing all | grep O
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
O 13.13.13.13/32 [110/101] via 192.168.200.6, port1, 00:00:51
As we can see - FGT1 learns 13.13.13.13, and FGT2 learns 12.12.12.12 from each other.
Now I change FGT1 network type to point-to-point:
FGT1 (to_FGT2) # set network-type
broadcast Broadcast.
non-broadcast Non-broadcast.
point-to-point Point-to-point.
point-to-multipoint Point-to-multipoint.
point-to-multipoint-non-broadcast Point-to-multipoint and non-broadcast.
FGT1 (ospf) # show
config router ospf
config ospf-interface
edit "to_FGT2"
set interface "port1"
set authentication message-digest
set keychain "to_FGT2"
set network-type point-to-point
next
end
end
After the change, the adjacency does NOT go down. FGT2 still thinks he has adjacency and Full/Backup state with FGT1:
FGT2 # get router info ospf ne OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface 12.12.12.12 1 Full/Backup 00:00:37 192.168.200.5 port1
The FGT1, having changed network type to point-to-point, also thinks adjacency is up, except that it cannot be Full/DRother etc anymore as p-t-p does not elect DR/BDR:
FGT1 # get router info ospf ne OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface 13.13.13.13 1 Full/ - 00:00:34 192.168.200.6 port1
But both FGTs lose all OSPF routes learned from each other:
FGT1 # get router info routing all | grep O
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
FGT1 #
FGT2 # get router info routing all | grep O
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
FGT2 #
Debug on FGT2 and FGT1 does not tell us that anything wrong:
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 48 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x0 OSPF: AuType 2 OSPF: Cryptographic Authentication <-- Authentication is done in later cases, just ignore it here OSPF: Key ID 0 OSPF: Auth Data Len 20 OSPF: Sequence number 44869 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 0.0.0.0 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 1 OSPF: Neighbor 13.13.13.13 OSPF: ----------------------------------------------------- OSPF: NFSM[port1:192.168.200.6-12.12.12.12]: Full (HelloReceived) OSPF: NFSM[port1:192.168.200.6-12.12.12.12]: nfsm_ignore called OSPF: NFSM[port1:192.168.200.6-12.12.12.12]: Full (2-WayReceived)
The only hint I can see is in debug on FGT2/FGT1 - when receiving Hello packet from FGT2, we can see IPs of DR/BDR, while when FGT1 is sending its own Hello - those fields are 0, as p-t-p does not elect DR/BDR:
OSPF: RECV[Hello]: From 13.13.13.13 via port1:192.168.200.5 (192.168.200.6 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 48 OSPF: Router ID 13.13.13.13 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x0 OSPF: AuType 2 OSPF: Cryptographic Authentication OSPF: Key ID 0 OSPF: Auth Data Len 20 OSPF: Sequence number 1002 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 192.168.200.6 <-- FGT2 sends DR/BDR IPs OSPF: BDRouter 192.168.200.5 OSPF: # Neighbors 1 OSPF: Neighbor 12.12.12.12 OSPF: ----------------------------------------------------- OSPF: NFSM[port1:192.168.200.5-13.13.13.13]: Full (HelloReceived) OSPF: NFSM[port1:192.168.200.5-13.13.13.13]: nfsm_ignore called OSPF: NFSM[port1:192.168.200.5-13.13.13.13]: Full (2-WayReceived) OSPF: LSA[Refresh]: timer expired OSPF: LSA[MaxAge]: Maxage walker finished (0.000000 sec) OSPF: LSA[MaxAge]: Maxage walker finished (0.000000 sec) FGT1 # FGT1 # FGT1 # dia deb diOSPF: IFSM[port1:192.168.200.5]: Hello timer expire OSPF: SEND[Hello]: To 224.0.0.5 via port1:192.168.200.5, length 68 OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 48 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x0 OSPF: AuType 2 OSPF: Cryptographic Authentication OSPF: Key ID 0 OSPF: Auth Data Len 20 OSPF: Sequence number 44876 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 0.0.0.0 <-- FGT1 sends 0s for DR/BDR OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 1 OSPF: Neighbor 13.13.13.13 OSPF: -----------------------------------------------------
Case 2: OSPF Adjacency Not Forming due to Mismatched Hello and/or Dead Intervals
Mismatched Dead and/or Hello intervals will cause neighbors to go out of adjacency if present, or not form the adjacency if restarted.
Debug on FGT2:
OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: HelloInterval mismatch OSPF: NFSM[port1:192.168.200.6-12.12.12.12]: Inactivity timer expire OSPF: NFSM[port1:192.168.200.6-12.12.12.12]: Status change Full -> Down
When you have access to both devices, here FGT1 and FGT2 , you can compare the intervals via get router info ospf int port1 | grep -i timer
FGT2:
get router info ospf int port1 | grep -i timer Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
FGT1:
get router info ospf int port1 | grep -i timer Timer intervals configured, Hello 30.000, Dead 120, Wait 120, Retransmit 5
To fix it, make sure the Hello and Dead intervals match on both sides. Here, on FGT1 I need to delete this:
FGT1:
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set hello-interval 30 <-- DELETE THIS
next
end
end
Mismatched Dead interval only
On FGT2 debug we see:
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 44 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0xe472 OSPF: AuType 0 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 60 <-- MISMATCH OSPF: DRouter 0.0.0.0 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 0 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: RouterDeadInterval mismatch OSPF: LSA[MaxAge]: Maxage walker finished (0.000000 sec) OSPF: LSA[Refresh]: timer expired
The same command shows us the Dead interval.
FGT2:
FGT2 # get router info ospf int port1 | grep -i timer Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
FGT1:
FGT1 # get router info ospf int port1 | grep -i timer Timer intervals configured, Hello 10.000, Dead 60, Wait 60, Retransmit 5
To fix it on FGT1:
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set dead-interval 60 <-- DELETE THIS
next
end
end
Case 3: OSPF Adjacency Not Forming due to Mismatched MTU
This happens when peers have different MTU values on the interfaces participating in neighborship establishment. The MTU may be mis-configured on either actual interface or under OSPF configuration.
To simulate such problem, I changed MTU to 1325 bytes on FGT1 under ospf-interface:
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
edit 1.1.1.1
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set mtu 1325 <-- MTU set here
next
end
end
Unfortunately, debug on FGT2 does not tell us explicitly that MTU mismatches, only that negotiations failed:
RECV[DD]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 192.168.200.6) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 2 (Database Description) OSPF: Packet Len 32 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x916e OSPF: AuType 0 OSPF: Database Description OSPF: Interface MTU 1325 <-- RECEIVED MTU FROM NEIGHBOR OSPF: Options 0x42 (*|O|-|-|-|-|E|-) OSPF: Bits 7 (-|I|M|MS) OSPF: Sequence Number 0x00050d1e OSPF: # LSA Headers 0 OSPF: ----------------------------------------------------- OSPF: RECV[DD]: From 12.12.12.12 via port1:192.168.200.6: Negotiation fails, packet discarded OSPF: LSA[Refresh]: timer expired OSPF: LSA[MaxAge]: Maxage walker finished (0.000000 sec)
But the neighbor state will be stuck in "ExStart/Exchange" state for both FGTs:
FGT2 # get router info ospf ne OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface 12.12.12.12 1 ExStart/Backup 00:00:33 192.168.200.5 port1
If we have access to both sides, we can verify MTU as seen by OSPF:
FGT2 # get router info ospf int port1 | grep mtu -i Internet Address 192.168.200.6/24, Area 0.0.0.0, MTU 1500 FGT1 # get router info ospf int port1 | grep mtu -i Internet Address 192.168.200.5/24, Area 0.0.0.0, MTU 1325
BTW to fix it we have 2 options - either change MTU to be the same on both Fortigates at the interface/OSPF level, or instruct BOTH Fortigates to ignore the MTU mismatch, which is OK for lab but is usually a bad idea for production.
FGT1 (ospf) # show
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
edit 1.1.1.1
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set mtu 1325
set mtu-ignore enable <-- IGNORE MTU MISMATCH
next
end
end
FGT2 # sho router ospf
config router ospf
set router-id 13.13.13.13
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "to_FGT1"
set interface "port1"
set mtu-ignore enable <-- IGNORE MTU MISMATCH
next
end
The actual MTU difference stays in place but OSPF adjacency forms successfully:
FGT2 # get router info ospf int port1 | grep -i mtu Internet Address 192.168.200.6/24, Area 0.0.0.0, MTU 1500 FGT1 # get router info ospf int port1 | grep -i mtu Internet Address 192.168.200.5/24, Area 0.0.0.0, MTU 1325
Case 4: Mismatched Area ID
When OSPF area IDs do not match on both sides, neighbors will not form adjacency, and will not even start negotiations. So the output of neighbors will be empty:
FGT1 # get router info ospf ne OSPF process 0, VRF 0: Neighbor ID Pri State Dead Time Address Interface
To simulate this case I created and assigned all networks on FGT1 to area 1.1.1.1:
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
edit 1.1.1.1
next
end
config network
edit 1
set prefix 0.0.0.0 0.0.0.0
set area 1.1.1.1
next
end
The debug will be clear in this case (Invalid Area ID):
RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 44 OSPF: Router ID 12.12.12.12 OSPF: Area ID 1.1.1.1 <-- MISMATCHED AREA ID OSPF: Checksum 0x59d6 OSPF: AuType 0 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 192.168.200.5 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 0 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: Invalid Area ID 1.1.1.1
Case 5: Network Mask Mismatch
In a broadcast network type, setting different subnet masks on either side will cause OSPF adjacency not to form. This will happen even if the different subnet masks do not prevent connectivity between peers.
To show how it fails, I change subnet on FGT1 port1 from /24 to /26:
config system interface
edit "port1"
set vdom "root"
set ip 192.168.200.5 255.255.255.192
set allowaccess ping ssh http
next
end
While on FGT2 it remains /24.
The debug on FGT2 clearly states the problem:
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 44 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0xe3c6 OSPF: AuType 0 OSPF: Hello OSPF: NetworkMask 255.255.255.192 <-- MISMATCHED MASK on FGT1 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 0.0.0.0 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 0 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: NetworkMask mismatch(26,24)
Case 6: OSPF Authentication Mismatch
When OSPF authentication is enabled on one side but not on the other, adjacency will not form.
To showcase, I enable clear text authentication on FGT1, while not doing so on FGT2:
FGT1:
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set authentication text
set authentication-key p@ssword
next
end
end
Debug on FGT2 tells us of authentication mismatch, the funny thing about that is that Fortigate will give this message in most authentication-related troubles cases, without being specific what exactly is wrong.
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 48 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0xb909 OSPF: AuType 1 <-- AUTHENTICATION TYPE 1 (CLEAR TEXT) OF THE PEER OSPF: Simple Password p@ssword <-- Clear text password OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 192.168.200.6 OSPF: BDRouter 192.168.200.5 OSPF: # Neighbors 1 OSPF: Neighbor 13.13.13.13 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: Authentication type mismatch
To fix it, either disable authentication on FGT1 or enable it on FGT2 with the same parameters (clear text, and the password).
Case 7: Mismatched Authentication Types with identical passwords
Here I set the correct password on both sides, but FGT1 will have Clear Type and FGT2 MD5 authentication types.
FGT1:
config ospf-interface
edit "to_FGT2"
set interface "port1"
set authentication text
set authentication-key p@ssword
next
end
end
FGT2:
For crypto hash key, we need to create first key-chain:
config router key-chain
edit "OSPF_to_FGT1"
config key
edit "0"
set accept-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set send-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set key-string ENC p@ssword
next
end
next
end
Now, we can use it under OSPF-interface towards FGT1:
config router ospf
config ospf-interface
edit "to_FGT1"
set interface "port1"
set authentication message-digest
set keychain "OSPF_to_FGT1"
next
end
end
The error in debug again is Authentication type mismatch:
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 44 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x5bd7 OSPF: AuType 1 OSPF: Simple Password p@ssword OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 192.168.200.5 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 0 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: Authentication type mismatch
Case 8: Mismatched Password in the Authentication
And finally, I will configure different passwords with SHA hashing algorithms.
FGT1 # sh router key-chain
config router key-chain
edit "to_FGT2"
config key
edit "0"
set accept-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set send-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set key-string p2ssword
set algorithm hmac-sha1
next
end
next
end
FGT1 # show router ospf
config router ospf
set router-id 12.12.12.12
config area
edit 0.0.0.0
set shortcut enable
next
edit 1.1.1.1
next
end
config ospf-interface
edit "to_FGT2"
set interface "port1"
set authentication message-digest
set keychain "to_FGT2"
next
end
end
FGT2 # sho router key-chain
config router key-chain
edit "OSPF_to_FGT1"
config key
edit "0"
set accept-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set send-lifetime 21:00:00 24 11 2025 21:00:00 05 12 2025
set key-string PAssword
set algorithm hmac-sha1
next
end
next
end
config router ospf
set router-id 13.13.13.13
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "to_FGT1"
set interface "port1"
set authentication message-digest
set keychain "OSPF_to_FGT1"
next
end
end
Debug on FGT2 shows:
FGT2 # OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6 (192.168.200.5 -> 224.0.0.5) OSPF: ----------------------------------------------------- OSPF: Header OSPF: Version 2 OSPF: Type 1 (Hello) OSPF: Packet Len 44 OSPF: Router ID 12.12.12.12 OSPF: Area ID 0.0.0.0 OSPF: Checksum 0x0 OSPF: AuType 2 OSPF: Cryptographic Authentication OSPF: Key ID 0 OSPF: Auth Data Len 20 OSPF: Sequence number 44676 OSPF: Hello OSPF: NetworkMask 255.255.255.0 OSPF: HelloInterval 10 OSPF: Options 0x2 (*|-|-|-|-|-|E|-) OSPF: RtrPriority 1 OSPF: RtrDeadInterval 40 OSPF: DRouter 192.168.200.5 OSPF: BDRouter 0.0.0.0 OSPF: # Neighbors 0 OSPF: ----------------------------------------------------- OSPF: RECV[Hello]: From 12.12.12.12 via port1:192.168.200.6: Cryptographic authentication error