RE: OSPF: area 0 authentication and the virtual-link

From: Wang, Roger (Roger@xxxxxxxxxxxx)
Date: Fri May 11 2001 - 21:25:33 GMT-3

• Next message: Curtis Lindsay: "RE: Clarification on lab swaps (Potential Problem)"
• Previous message: Ccieyet2b@xxxxxxx: "OSPF: area 0 authentication and the virtual-link"
• Maybe in reply to: Ccieyet2b@xxxxxxx: "OSPF: area 0 authentication and the virtual-link"
• Next in thread: Dirar Hakeem: "Re: OSPF: area 0 authentication and the virtual-link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You need "area 0 authentication message-digest" (if you use md5) or "area 0
authentication" (if you use plain text) at the other end of the virtual
link, the end (the router) where no interfaces are in area 0.

For example, if area 1 is the virtual link area, then you need "area 0
authentication" at both ends (both routers). One of the routers has no
interfaces in area 0, as you know. What virtual link does is that it
"extends" area 0 across the virtual link. So, if you think about it, it
makes sense to have "area 0 authentication [message-digest]" at that router
as well.

I don't have equipment to test on right now, but you might also need the
command "ip ospf message-digest-key keyid md5 key" (used with md5) or "ip
ospf authentication-key key" (used with plain text) that goes on the
interface connecting the virtual link for the whole thing to work.

HTH,

-Rog

> -----Original Message-----
> From: Ccieyet2b@aol.com [mailto:Ccieyet2b@aol.com]
> Sent: Friday, May 11, 2001 7:53 PM
> To: ccielab@groupstudy.com
> Subject: OSPF: area 0 authentication and the virtual-link
>
>
> Hi all,
>
> I've tried a number of different ways to get routes seen in
> an area connected
> to area 0 via a virtual link, but if I have authentication on
> area 0, nothing
> I've tried so far works. (All subnets are visable when area
> 0 doesn't have
> authentication).
>
> Here are some of the things that don't work:
>
> Configuring authentication on the transit area with the
> same passwords as
> used in area 0.
> Configuring authentication on the virtual link itself
> (both ends), area x
> virtual x.x.x.x authen-key password
> Configuring both of the above at the same time.
>
> If you know how to make this work, could you show me the
> actual config?
> thanks a whole bunch.
>
> Jim
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Curtis Lindsay: "RE: Clarification on lab swaps (Potential Problem)"
• Previous message: Ccieyet2b@xxxxxxx: "OSPF: area 0 authentication and the virtual-link"
• Maybe in reply to: Ccieyet2b@xxxxxxx: "OSPF: area 0 authentication and the virtual-link"
• Next in thread: Dirar Hakeem: "Re: OSPF: area 0 authentication and the virtual-link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:40 GMT-3