From: Joel A. Cochran (joelc@xxxxxxxxxxxxxxxxx)
Date: Wed Mar 01 2000 - 12:28:32 GMT-3
Sheryl,
Let's say you were doing authentication on a serial interface between
router B and C. That link was in area 0. You would put the authentication
info with the hash and key on the serial interface. You would also put the
command "area 0 authentication message-digest" under the ospf configuration.
You would start getting errors on router B that the updates you were
receiving on the virtual link from router A were type 0 but you expect type
2 because of the area 0 authentication command.
To fix it all you have to do is put the "area0 authentication
message-digest" in the ospf config of router A. It is not necessary to put
the hash and password on the virtual link config because you dont need the
key exchanges on the virtual link, just the correct update types. If you
put it on one side, you should put it on the other, but hash/key on the
virtual link is optional.
Hope this helps...
Joel Cochran, CCIE #5448
----- Original Message -----
From: Sheryl Zhang <sheryl.zhang@diablo.cisco.com>
To: Patrick McKinnis <pmckinni@cisco.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, March 01, 2000 12:48 AM
Subject: RE: OSPF Authentication and Virtual Links
Hi Patrick,
Sorry for come back with this question.
I followed your suggestion and it does work, but why we don't need the
interface authentication command in both side of the virtual link?
Thanks./sheryl
At 10:36 AM 2/29/00 -0600, you wrote:
>Revised working configs for the OSPF virtual-link authentication.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:03 GMT-3