From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Sun May 13 2001 - 15:10:03 GMT-3
Jeff,
Since area 0 has authentication md5, have you tried:
area 1 virtual x.x.x.x message-digest-key 1 md5 cisco ?
>From: Jeff Kimes <jkimes1@pacbell.net>
>Reply-To: Jeff Kimes <jkimes1@pacbell.net>
>To: Kecin Shirazawa <Kecin@conecta.com.br>, Ccieyet2b@aol.com,
>ccielab@groupstudy.com, Roger@inteqnet.com
>Subject: RE: OSPF: area 0 authentication and the virtual-link
>Date: Sun, 13 May 2001 09:37:36 -0700
>
>Ok, mebbe I'm messed up too... this is my configuration.
>
>hostname Router1
>
>interface Loopback0
> ip address 172.16.11.1 255.255.255.0
>
>interface Ethernet0
> ip address 172.16.0.1 255.255.255.0
> ip ospf message-digest-key 1 md5 cisco
>
>interface Serial0
> ip address 172.16.1.1 255.255.255.0
> clockrate 56000
>
>router ospf 1
> area 0 authentication message-digest
> area 1 virtual-link 172.16.22.2
> network 172.16.0.0 0.0.0.255 area 0
> network 172.16.1.0 0.0.0.255 area 1
> network 172.16.11.0 0.0.0.255 area 0
>
>-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>
>hostname Router2
>
>interface Loopback0
> ip address 172.16.22.2 255.255.255.0
>
>interface Ethernet0
> ip address 172.16.2.2 255.255.255.0
>
>interface Serial0
> ip address 172.16.1.2 255.255.255.0
> ip ospf message-digest-key 1 md5 cisco (I've tried with and without this)
>
>router ospf 1
> area 0 authentication message-digest
> area 1 virtual-link 172.16.11.1
> network 172.16.1.0 0.0.0.255 area 1
> network 172.16.2.0 0.0.0.255 area 2
> network 172.16.22.0 0.0.0.255 area 1
>
>-*-*-*-*-*-*-*-*-*-
>
>When I do a sh ip ospf vir on Router2, I get:
>Virtual Link OSPF_VL2 to router 172.16.11.1 is up
> Transit area 1, via interface Serial0, Cost of using 64
> Message digest authentication enabled
> No key configured, using default key id 0
>
>Regardless, when I do a sh ip ospf dat in Router1, I do not see area 2. I
>have a feeling that it has something to do with the key not being
>configured.
>
>I was playing around with message-digest-authentication in the virtual-link
>statement but I couldn't get that to work either. I think that statement
>only authenticates across area 1??? Dunno.
>
>Anyway, if anyone has any ideas, I'd be greatly appreciated!
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Kecin Shirazawa
>Sent: Saturday, May 12, 2001 4:57 AM
>To: Ccieyet2b@aol.com; ccielab@groupstudy.com; Roger@inteqnet.com
>Subject: RE: OSPF: area 0 authentication and the virtual-link
>
>
>Hi Roger;
>
> You are absolutely right, but you don't need the command on interface
>on
>the router that goes to Virtual link ( I mean,the router at the far end ),
>just identify the area 0 with authentication ( authentication or
>message-digest-key ) and the link will be up. Remenber that area 0 will be
>extended to the far end router. The interface is just the path for that.
>
> Regards;
>
> Kecin ( 2 days to go...)
>
>
> >>> "Wang, Roger" <Roger@inteqnet.com> 11/05/01 21:25 >>>
>You need "area 0 authentication message-digest" (if you use md5) or "area 0
>authentication" (if you use plain text) at the other end of the virtual
>link, the end (the router) where no interfaces are in area 0.
>
>For example, if area 1 is the virtual link area, then you need "area 0
>authentication" at both ends (both routers). One of the routers has no
>interfaces in area 0, as you know. What virtual link does is that it
>"extends" area 0 across the virtual link. So, if you think about it, it
>makes sense to have "area 0 authentication [message-digest]" at that router
>as well.
>
>I don't have equipment to test on right now, but you might also need the
>command "ip ospf message-digest-key keyid md5 key" (used with md5) or "ip
>ospf authentication-key key" (used with plain text) that goes on the
>interface connecting the virtual link for the whole thing to work.
>
>HTH,
>
>-Rog
>
> > -----Original Message-----
> > From: Ccieyet2b@aol.com [mailto:Ccieyet2b@aol.com]
> > Sent: Friday, May 11, 2001 7:53 PM
> > To: ccielab@groupstudy.com
> > Subject: OSPF: area 0 authentication and the virtual-link
> >
> >
> > Hi all,
> >
> > I've tried a number of different ways to get routes seen in
> > an area connected
> > to area 0 via a virtual link, but if I have authentication on
> > area 0, nothing
> > I've tried so far works. (All subnets are visable when area
> > 0 doesn't have
> > authentication).
> >
> > Here are some of the things that don't work:
> >
> > Configuring authentication on the transit area with the
> > same passwords as
> > used in area 0.
> > Configuring authentication on the virtual link itself
> > (both ends), area x
> > virtual x.x.x.x authen-key password
> > Configuring both of the above at the same time.
> >
> > If you know how to make this work, could you show me the
> > actual config?
> > thanks a whole bunch.
> >
> > Jim
> > **Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:40 GMT-3