From: Patrick McKinnis (pmckinni@xxxxxxxxx)
Date: Tue Feb 29 2000 - 13:36:25 GMT-3
Revised working configs for the OSPF virtual-link authentication.
Oops. I wasn't doing authentication yet! I left out the "area 0 authenticatio
n message-digest" in each config:
HUB (Backbone/Area 0) Router:
router ospf 100
network 172.16.100.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.255 area 10
network 13.0.0.0 0.255.255.255 area 0
area 0 authentication message-digest
area 10 virtual-link 172.16.200.2 message-digest-key 1 md5 sanfran
SPOKE (Area 10/5) Router:
router ospf 100
area 0 authentication message-digest
area 10 virtual-link 172.16.200.1 message-digest-key 1 md5 sanfran
redistribute rip metric-type 1 subnets
network 172.16.200.0 0.0.0.255 area 10
network 180.180.180.0 0.0.0.255 area 5
Check out the last line in the show command (my other config below didn't confi
rm this - hence, my changes):
r4#sh ip ospf virtual-links
Virtual Link OSPF_VL1 to router 172.16.200.1 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 10, via interface Serial0/0.1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Adjacency State FULL (Hello suppressed)
Index 1/1, retransmission queue length 0, number of retransmission 5
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
<------ the money line.
Youngest key id is 1
Again, hope this helps.
Patrick
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Patrick
McKinnis
Sent: Monday, February 28, 2000 6:18 PM
To: ccielab@groupstudy.com
Subject: RE: OSPF Authentication and Virtual Links
Joel's right. I got it up without a hitch. Here are my configs.
HUB (Backbone/Area 0) Router:
router ospf 100
network 172.16.100.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.255 area 10
network 13.0.0.0 0.255.255.255 area 0
area 10 virtual-link 172.16.200.2 message-digest-key 1 md5 sanfran
SPOKE (Area 10/5) Router:
router ospf 100
area 10 virtual-link 172.16.200.1 message-digest-key 1 md5 sanfran
redistribute rip metric-type 1 subnets
network 172.16.200.0 0.0.0.255 area 10
network 180.180.180.0 0.0.0.255 area 5
I have Area 0 on the HUB Router, and Area 10 on the serial link between HUB and
SPOKE. A loopback in Area 5 on
SPOKE is virtual-linked across Area 10 to Area 0. As you can see, I have MD5 a
uthentication enabled and working.
Here's HUB Router's routing table:
r1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
180.180.0.0/32 is subnetted, 1 subnets
O IA 180.180.180.180 [110/65] via 172.16.200.2, 00:06:12, Serial0.2
144.144.0.0/24 is subnetted, 1 subnets
O E1 144.144.144.0 [110/84] via 172.16.200.2, 00:06:12, Serial0.2
C 13.0.0.0/8 is directly connected, BRI0
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.200.0 is directly connected, Serial0.2
O 172.16.25.0 [110/128] via 172.16.100.2, 00:06:12, Serial0.1
C 172.16.100.0 is directly connected, Serial0.1
The presence of 180.180.180.180/32 is the money route. Notice it's a host-spec
ific route. OSPF treats loopbacks
as stub areas and reflects that with the 32-bit subnet mask.
Hope this helps.
Patrick
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:54 GMT-3