From: Jeff Kimes (jkimes1@xxxxxxxxxxx)
Date: Sun May 13 2001 - 13:37:36 GMT-3
Ok, mebbe I'm messed up too... this is my configuration.
hostname Router1
interface Loopback0
ip address 172.16.11.1 255.255.255.0
interface Ethernet0
ip address 172.16.0.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco
interface Serial0
ip address 172.16.1.1 255.255.255.0
clockrate 56000
router ospf 1
area 0 authentication message-digest
area 1 virtual-link 172.16.22.2
network 172.16.0.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 1
network 172.16.11.0 0.0.0.255 area 0
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
hostname Router2
interface Loopback0
ip address 172.16.22.2 255.255.255.0
interface Ethernet0
ip address 172.16.2.2 255.255.255.0
interface Serial0
ip address 172.16.1.2 255.255.255.0
ip ospf message-digest-key 1 md5 cisco (I've tried with and without this)
router ospf 1
area 0 authentication message-digest
area 1 virtual-link 172.16.11.1
network 172.16.1.0 0.0.0.255 area 1
network 172.16.2.0 0.0.0.255 area 2
network 172.16.22.0 0.0.0.255 area 1
-*-*-*-*-*-*-*-*-*-
When I do a sh ip ospf vir on Router2, I get:
Virtual Link OSPF_VL2 to router 172.16.11.1 is up
Transit area 1, via interface Serial0, Cost of using 64
Message digest authentication enabled
No key configured, using default key id 0
Regardless, when I do a sh ip ospf dat in Router1, I do not see area 2. I
have a feeling that it has something to do with the key not being
configured.
I was playing around with message-digest-authentication in the virtual-link
statement but I couldn't get that to work either. I think that statement
only authenticates across area 1??? Dunno.
Anyway, if anyone has any ideas, I'd be greatly appreciated!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Kecin Shirazawa
Sent: Saturday, May 12, 2001 4:57 AM
To: Ccieyet2b@aol.com; ccielab@groupstudy.com; Roger@inteqnet.com
Subject: RE: OSPF: area 0 authentication and the virtual-link
Hi Roger;
You are absolutely right, but you don't need the command on interface on
the router that goes to Virtual link ( I mean,the router at the far end ),
just identify the area 0 with authentication ( authentication or
message-digest-key ) and the link will be up. Remenber that area 0 will be
extended to the far end router. The interface is just the path for that.
Regards;
Kecin ( 2 days to go...)
>>> "Wang, Roger" <Roger@inteqnet.com> 11/05/01 21:25 >>>
You need "area 0 authentication message-digest" (if you use md5) or "area 0
authentication" (if you use plain text) at the other end of the virtual
link, the end (the router) where no interfaces are in area 0.
For example, if area 1 is the virtual link area, then you need "area 0
authentication" at both ends (both routers). One of the routers has no
interfaces in area 0, as you know. What virtual link does is that it
"extends" area 0 across the virtual link. So, if you think about it, it
makes sense to have "area 0 authentication [message-digest]" at that router
as well.
I don't have equipment to test on right now, but you might also need the
command "ip ospf message-digest-key keyid md5 key" (used with md5) or "ip
ospf authentication-key key" (used with plain text) that goes on the
interface connecting the virtual link for the whole thing to work.
HTH,
-Rog
> -----Original Message-----
> From: Ccieyet2b@aol.com [mailto:Ccieyet2b@aol.com]
> Sent: Friday, May 11, 2001 7:53 PM
> To: ccielab@groupstudy.com
> Subject: OSPF: area 0 authentication and the virtual-link
>
>
> Hi all,
>
> I've tried a number of different ways to get routes seen in
> an area connected
> to area 0 via a virtual link, but if I have authentication on
> area 0, nothing
> I've tried so far works. (All subnets are visable when area
> 0 doesn't have
> authentication).
>
> Here are some of the things that don't work:
>
> Configuring authentication on the transit area with the
> same passwords as
> used in area 0.
> Configuring authentication on the virtual link itself
> (both ends), area x
> virtual x.x.x.x authen-key password
> Configuring both of the above at the same time.
>
> If you know how to make this work, could you show me the
> actual config?
> thanks a whole bunch.
>
> Jim
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:40 GMT-3