From: Jim Ervin (eminopapa@xxxxxxxxx)
Date: Mon Feb 28 2000 - 20:17:52 GMT-3
On the router that is the "far" end of the virtual
link (ie. the router not in area 0) you need to add
the statement "area 0 authentication md5 ..." I can't
remember the exact syntax. If you do a "show prot" on
that router you will see that it has a virtual
interface in area 0, that's why you need the
authentication statement on that router.
You can also add authentication commands to the
interface but what I mentioned above will get the
thing working. Also turn on debug ip ospf adj on the
thing and watch what happens.
Jim Ervin
CCIE No. 5592
--- Richard Wagner <Richard.Wagner@mitchell.com>
wrote:
> When configuring OSPF with multiple areas, I tried
> implementing md5
> authentication in Area0.
>
> I had the whole mess working without the
> authentication, and the the virtual
> link was working fine.
>
> When I enable authentication in Area0, the virtual
> link no longer worked.
>
> I pounded on it for a while and just couldn't make
> it work. I tried a few
> things with no success:
>
> -applying authentication parameters on the
> virtual-link statements (seemed
> reasonable)
> -applying md5 authentication to all areas and
> interfaces *everywhere* on
> *every* router (shotgun approach)
>
> (I was hoping that those desparate measures would
> yield a working config
> where I could remove things one-by-one to determine
> what was really
> necessary)
>
> The debugs would show (I'm recalling this while at
> work)... "expected type
> 2, got type 0 for ospf authentication" or something
> like that (sorry for not
> being exact).
>
> In the end, I removed all authentication statements
> and the world worked
> again.
>
> There's a "stunt" here... does anybody know what it
> is?
>
>
> Thanks for your help everybody!
>
> Richard
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:54 GMT-3