From: Dirar Hakeem (dirarhakeem@xxxxxxxxx)
Date: Mon May 14 2001 - 10:59:19 GMT-3
NOt sure if you got this to work, but you do need the
command:
> area 1 virtual x.x.x.x message-digest-key 1 md5
> cisco
I think that will only activate authentication on the
virtual link , and not on all of area 1.
--- Jeff Kimes <jkimes1@pacbell.net> wrote:
> I haven't... and that is because area 1 is not
> supposed to have
> authentication...
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> tom cheung
> Sent: Sunday, May 13, 2001 11:10 AM
> To: jkimes1@pacbell.net; Kecin@conecta.com.br;
> Ccieyet2b@aol.com;
> ccielab@groupstudy.com; Roger@inteqnet.com
> Subject: RE: OSPF: area 0 authentication and the
> virtual-link
>
>
> Jeff,
> Since area 0 has authentication md5, have you tried:
> area 1 virtual x.x.x.x message-digest-key 1 md5
> cisco ?
>
>
> >From: Jeff Kimes <jkimes1@pacbell.net>
> >Reply-To: Jeff Kimes <jkimes1@pacbell.net>
> >To: Kecin Shirazawa <Kecin@conecta.com.br>,
> Ccieyet2b@aol.com,
> >ccielab@groupstudy.com, Roger@inteqnet.com
> >Subject: RE: OSPF: area 0 authentication and the
> virtual-link
> >Date: Sun, 13 May 2001 09:37:36 -0700
> >
> >Ok, mebbe I'm messed up too... this is my
> configuration.
> >
> >hostname Router1
> >
> >interface Loopback0
> > ip address 172.16.11.1 255.255.255.0
> >
> >interface Ethernet0
> > ip address 172.16.0.1 255.255.255.0
> > ip ospf message-digest-key 1 md5 cisco
> >
> >interface Serial0
> > ip address 172.16.1.1 255.255.255.0
> > clockrate 56000
> >
> >router ospf 1
> > area 0 authentication message-digest
> > area 1 virtual-link 172.16.22.2
> > network 172.16.0.0 0.0.0.255 area 0
> > network 172.16.1.0 0.0.0.255 area 1
> > network 172.16.11.0 0.0.0.255 area 0
> >
> >-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
> >
> >hostname Router2
> >
> >interface Loopback0
> > ip address 172.16.22.2 255.255.255.0
> >
> >interface Ethernet0
> > ip address 172.16.2.2 255.255.255.0
> >
> >interface Serial0
> > ip address 172.16.1.2 255.255.255.0
> > ip ospf message-digest-key 1 md5 cisco (I've
> tried with and without this)
> >
> >router ospf 1
> > area 0 authentication message-digest
> > area 1 virtual-link 172.16.11.1
> > network 172.16.1.0 0.0.0.255 area 1
> > network 172.16.2.0 0.0.0.255 area 2
> > network 172.16.22.0 0.0.0.255 area 1
> >
> >-*-*-*-*-*-*-*-*-*-
> >
> >When I do a sh ip ospf vir on Router2, I get:
> >Virtual Link OSPF_VL2 to router 172.16.11.1 is up
> > Transit area 1, via interface Serial0, Cost of
> using 64
> > Message digest authentication enabled
> > No key configured, using default key id 0
> >
> >Regardless, when I do a sh ip ospf dat in Router1,
> I do not see area 2. I
> >have a feeling that it has something to do with the
> key not being
> >configured.
> >
> >I was playing around with
> message-digest-authentication in the virtual-link
> >statement but I couldn't get that to work either.
> I think that statement
> >only authenticates across area 1??? Dunno.
> >
> >Anyway, if anyone has any ideas, I'd be greatly
> appreciated!
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> >Kecin Shirazawa
> >Sent: Saturday, May 12, 2001 4:57 AM
> >To: Ccieyet2b@aol.com; ccielab@groupstudy.com;
> Roger@inteqnet.com
> >Subject: RE: OSPF: area 0 authentication and the
> virtual-link
> >
> >
> >Hi Roger;
> >
> > You are absolutely right, but you don't need
> the command on interface
> >on
> >the router that goes to Virtual link ( I mean,the
> router at the far end ),
> >just identify the area 0 with authentication (
> authentication or
> >message-digest-key ) and the link will be up.
> Remenber that area 0 will be
> >extended to the far end router. The interface is
> just the path for that.
> >
> > Regards;
> >
> > Kecin ( 2 days to go...)
> >
> >
> > >>> "Wang, Roger" <Roger@inteqnet.com> 11/05/01
> 21:25 >>>
> >You need "area 0 authentication message-digest" (if
> you use md5) or "area 0
> >authentication" (if you use plain text) at the
> other end of the virtual
> >link, the end (the router) where no interfaces are
> in area 0.
> >
> >For example, if area 1 is the virtual link area,
> then you need "area 0
> >authentication" at both ends (both routers). One
> of the routers has no
> >interfaces in area 0, as you know. What virtual
> link does is that it
> >"extends" area 0 across the virtual link. So, if
> you think about it, it
> >makes sense to have "area 0 authentication
> [message-digest]" at that router
> >as well.
> >
> >I don't have equipment to test on right now, but
> you might also need the
> >command "ip ospf message-digest-key keyid md5 key"
> (used with md5) or "ip
> >ospf authentication-key key" (used with plain text)
> that goes on the
> >interface connecting the virtual link for the whole
> thing to work.
> >
> >HTH,
> >
> >-Rog
> >
> > > -----Original Message-----
> > > From: Ccieyet2b@aol.com
> [mailto:Ccieyet2b@aol.com]
> > > Sent: Friday, May 11, 2001 7:53 PM
> > > To: ccielab@groupstudy.com
> > > Subject: OSPF: area 0 authentication and the
> virtual-link
> > >
> > >
> > > Hi all,
> > >
> > > I've tried a number of different ways to get
> routes seen in
> > > an area connected
> > > to area 0 via a virtual link, but if I have
> authentication on
> > > area 0, nothing
> > > I've tried so far works. (All subnets are
> visable when area
> > > 0 doesn't have
> > > authentication).
> > >
> > > Here are some of the things that don't work:
> > >
> > > Configuring authentication on the transit
> area with the
> > > same passwords as
> > > used in area 0.
> > > Configuring authentication on the virtual
> link itself
> > > (both ends), area x
> > > virtual x.x.x.x authen-key password
> > > Configuring both of the above at the same
> time.
> > >
> > > If you know how to make this work, could you
> show me the
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:41 GMT-3