From: Ganich, Mike (M.J.) (mganich@xxxxxxxx)
Date: Mon Oct 04 1999 - 15:30:49 GMT-3
I know this has been discussed quite a bit, but I still can't get this to
work. The only way I was able to get the virtual link to carry traffic was
to configure Area 0, Transit Area, and Virtual Link ALL with different key's
and keyid's. However, I ran into the same problem that Mason did - when one
of the routers on the transit area's was rebooted, the virtual link stops
passing routes. Is there anything else that needs to be done?
-----Original Message-----
From: Mason Harris [mailto:MHarris@nspnet.com]
Sent: Sunday, September 12, 1999 11:10 PM
To: 'James Ramsay '
Cc: 'ccielab@groupstudy.com'
Subject: RE: OSPF Virtual link and area
authentication (md5)
James--
Thanks! Thought I was headed to the looney farm. The impt.
piece of info is
that r5 will work without a key but will fail on restart.
Makes perfect
sense since r5 is really an extension of area 0. Also,
thanks for the
summarization tip, I will test tomorrow when I have a little
more energy.
Mason
-----Original Message-----
From: James Ramsay
To: 'Mason Harris'
Sent: 9/12/99 9:23 PM
Subject: RE: OSPF Virtual link and area authentication (md5)
Hey there - your config for R5 is the right thing to do.
If you type 'sh ip ospf' on R5 you will see it in all three
areas - and
so
if you are using md5 in Area 0 you need it on this interface
too
It is a whilesince I practice this but.....
My notes say:
* If MD5 used and there is a VLink - the transit area
needs MD5
too
* The solution does need a key
* Without a Key it will work, but then fails on a
restart
* Vlink transit has to be same type of authentication
but does not
need to be the same string
Hope these help - but most importantly you are on the right
track!
GOOD LUCK
James
ALSO - TOP TIP
If you are summarising the transit Area address range you
must also
summarise addressing on the VLink boundary to the remote
area - else the
remote area will advertise its self as having longer match
routes into
the
transit area - even thoughthe metrics are longer.
> -----Original Message-----
> From: Mason Harris [SMTP:MHarris@nspnet.com]
> Sent: Monday, 13 September 1999 12:23
> To: 'ccielab@groupstudy.com'
> Subject: OSPF Virtual link and area authentication
(md5)
>
> Hello All--
>
> My lab routers are all 11.2 configured in a typical
multi-area OSPF
config
> like this:
>
>
> area 0 area 1 area 2
> r1--------r3=========r5---------r4
>
> R1 and r3 are part of area 0
> r3 and r5 are part of area 1 (w/ virtual-link)
> r5 and r4 are part of area 2
>
> First, everything works as expected without any
authentication. I see
all
> routes both E1, E2, IA, etc. (this is part of a bigger lab
config)
>
> Problem is when I configure authentication and the
appropriate key and
> password on the respective interfaces of Area 0,
everything works
great,
> except for area 2 and the virtual link.
>
> Area 2 will not see any OSPF (IA or external) routes via
the vlink
unless
> I
> configure r5 with the area 0 authentication message-digest
command
under
> OSPF but with NO key or password statement under any
interface.
>
> But the behavior is inconsistent. After i remove the
authentication
> statement on r5 and do a shut/no shut on r5's s0 intf,
sometimes the
> routes
> come back and sometimes they don't. Sho ip ospf
virtual-link shows it
is
> always up, irregardless if routes appear or don't.
>
> I am pulling my hair out. Anybody know if this is a bug or
if I am
just
> missing the big picture? Can provide config snippets, if
necessary.
>
> TIA,
> Mason
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:52 GMT-3