From: Patrick McKinnis (pmckinni@xxxxxxxxx)
Date: Mon Feb 28 2000 - 21:18:03 GMT-3
Joel's right. I got it up without a hitch. Here are my configs.
HUB (Backbone/Area 0) Router:
router ospf 100
network 172.16.100.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.255 area 10
network 13.0.0.0 0.255.255.255 area 0
area 10 virtual-link 172.16.200.2 message-digest-key 1 md5 sanfran
SPOKE (Area 10/5) Router:
router ospf 100
area 10 virtual-link 172.16.200.1 message-digest-key 1 md5 sanfran
redistribute rip metric-type 1 subnets
network 172.16.200.0 0.0.0.255 area 10
network 180.180.180.0 0.0.0.255 area 5
I have Area 0 on the HUB Router, and Area 10 on the serial link
between HUB and SPOKE. A loopback in Area 5 on SPOKE is
virtual-linked across Area 10 to Area 0. As you can see, I have MD5
authentication enabled and working. Here's HUB Router's routing
table:
r1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * -
candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
180.180.0.0/32 is subnetted, 1 subnets
O IA 180.180.180.180 [110/65] via 172.16.200.2, 00:06:12, Serial0.2
144.144.0.0/24 is subnetted, 1 subnets
O E1 144.144.144.0 [110/84] via 172.16.200.2, 00:06:12, Serial0.2
C 13.0.0.0/8 is directly connected, BRI0
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.200.0 is directly connected, Serial0.2
O 172.16.25.0 [110/128] via 172.16.100.2, 00:06:12, Serial0.1
C 172.16.100.0 is directly connected, Serial0.1
The presence of 180.180.180.180/32 is the money route. Notice it's a
host-specific route. OSPF treats loopbacks as stub areas and reflects
that with the 32-bit subnet mask.
Hope this helps.
Patrick
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Joel A. Cochran
Sent: Monday, February 28, 2000 5:01 PM
To: Richard Wagner; ccielab@groupstudy.com
Subject: Re: OSPF Authentication and Virtual Links
Richard,
Keep in mind that the virtual link is a logical connection to area
0. Although you have not put any interfaces on the router with the
virtual link into area 0, the virtual link is considered an interface
in area 0.
Easy fix:
On the router not connected to area 0:
router ospf xx
area 0 authentication {message-digest} if using md5.
Set it up just as if you were on area 0... you just dont have the
interface commands.
I've tried it, and this works.
Joel Cochran, CCIE# 5448.
----- Original Message -----
From: Richard Wagner
To: 'ccielab@groupstudy.com'
Sent: Monday, February 28, 2000 4:28 PM
Subject: OSPF Authentication and Virtual Links
When configuring OSPF with multiple areas, I tried implementing md5
authentication in Area0.
I had the whole mess working without the authentication, and the
the virtual
link was working fine.
When I enable authentication in Area0, the virtual link no longer
worked.
I pounded on it for a while and just couldn't make it work. I
tried a few
things with no success:
-applying authentication parameters on the virtual-link statements
(seemed
reasonable)
-applying md5 authentication to all areas and interfaces
*everywhere* on
*every* router (shotgun approach)
(I was hoping that those desparate measures would yield a working
config
where I could remove things one-by-one to determine what was really
necessary)
The debugs would show (I'm recalling this while at work)...
"expected type
2, got type 0 for ospf authentication" or something like that
(sorry for not
being exact).
In the end, I removed all authentication statements and the world
worked
again.
There's a "stunt" here... does anybody know what it is?
Thanks for your help everybody!
Richard
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:54 GMT-3