From: Mason Harris (MHarris@xxxxxxxxxx)
Date: Mon Sep 13 1999 - 00:10:29 GMT-3
James--
Thanks! Thought I was headed to the looney farm. The impt. piece of info is
that r5 will work without a key but will fail on restart. Makes perfect
sense since r5 is really an extension of area 0. Also, thanks for the
summarization tip, I will test tomorrow when I have a little more energy.
Mason
-----Original Message-----
From: James Ramsay
To: 'Mason Harris'
Sent: 9/12/99 9:23 PM
Subject: RE: OSPF Virtual link and area authentication (md5)
Hey there - your config for R5 is the right thing to do.
If you type 'sh ip ospf' on R5 you will see it in all three areas - and
so
if you are using md5 in Area 0 you need it on this interface too
It is a whilesince I practice this but.....
My notes say:
* If MD5 used and there is a VLink - the transit area needs MD5
too
* The solution does need a key
* Without a Key it will work, but then fails on a restart
* Vlink transit has to be same type of authentication but does not
need to be the same string
Hope these help - but most importantly you are on the right track!
GOOD LUCK
James
ALSO - TOP TIP
If you are summarising the transit Area address range you must also
summarise addressing on the VLink boundary to the remote area - else the
remote area will advertise its self as having longer match routes into
the
transit area - even thoughthe metrics are longer.
> -----Original Message-----
> From: Mason Harris [SMTP:MHarris@nspnet.com]
> Sent: Monday, 13 September 1999 12:23
> To: 'ccielab@groupstudy.com'
> Subject: OSPF Virtual link and area authentication (md5)
>
> Hello All--
>
> My lab routers are all 11.2 configured in a typical multi-area OSPF
config
> like this:
>
>
> area 0 area 1 area 2
> r1--------r3=========r5---------r4
>
> R1 and r3 are part of area 0
> r3 and r5 are part of area 1 (w/ virtual-link)
> r5 and r4 are part of area 2
>
> First, everything works as expected without any authentication. I see
all
> routes both E1, E2, IA, etc. (this is part of a bigger lab config)
>
> Problem is when I configure authentication and the appropriate key and
> password on the respective interfaces of Area 0, everything works
great,
> except for area 2 and the virtual link.
>
> Area 2 will not see any OSPF (IA or external) routes via the vlink
unless
> I
> configure r5 with the area 0 authentication message-digest command
under
> OSPF but with NO key or password statement under any interface.
>
> But the behavior is inconsistent. After i remove the authentication
> statement on r5 and do a shut/no shut on r5's s0 intf, sometimes the
> routes
> come back and sometimes they don't. Sho ip ospf virtual-link shows it
is
> always up, irregardless if routes appear or don't.
>
> I am pulling my hair out. Anybody know if this is a bug or if I am
just
> missing the big picture? Can provide config snippets, if necessary.
>
> TIA,
> Mason
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:50 GMT-3