From: perez claude-vincent (claude_vincent@xxxxxxxxx)
Date: Mon May 14 2001 - 22:50:19 GMT-3
To make it work, as said by Hakeem, you need
absolutely this command. Also area 1 authe mess.
Do a sh ip ospf and you will see that your area 1 has
no authentication.
Vincent
--- Dirar Hakeem <dirarhakeem@yahoo.com> wrote:
> NOt sure if you got this to work, but you do need
> the
> command:
> > area 1 virtual x.x.x.x message-digest-key 1 md5
> > cisco
>
> I think that will only activate authentication on
> the
> virtual link , and not on all of area 1.
>
>
> --- Jeff Kimes <jkimes1@pacbell.net> wrote:
> > I haven't... and that is because area 1 is not
> > supposed to have
> > authentication...
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > tom cheung
> > Sent: Sunday, May 13, 2001 11:10 AM
> > To: jkimes1@pacbell.net; Kecin@conecta.com.br;
> > Ccieyet2b@aol.com;
> > ccielab@groupstudy.com; Roger@inteqnet.com
> > Subject: RE: OSPF: area 0 authentication and the
> > virtual-link
> >
> >
> > Jeff,
> > Since area 0 has authentication md5, have you
> tried:
> > area 1 virtual x.x.x.x message-digest-key 1 md5
> > cisco ?
> >
> >
> > >From: Jeff Kimes <jkimes1@pacbell.net>
> > >Reply-To: Jeff Kimes <jkimes1@pacbell.net>
> > >To: Kecin Shirazawa <Kecin@conecta.com.br>,
> > Ccieyet2b@aol.com,
> > >ccielab@groupstudy.com, Roger@inteqnet.com
> > >Subject: RE: OSPF: area 0 authentication and the
> > virtual-link
> > >Date: Sun, 13 May 2001 09:37:36 -0700
> > >
> > >Ok, mebbe I'm messed up too... this is my
> > configuration.
> > >
> > >hostname Router1
> > >
> > >interface Loopback0
> > > ip address 172.16.11.1 255.255.255.0
> > >
> > >interface Ethernet0
> > > ip address 172.16.0.1 255.255.255.0
> > > ip ospf message-digest-key 1 md5 cisco
> > >
> > >interface Serial0
> > > ip address 172.16.1.1 255.255.255.0
> > > clockrate 56000
> > >
> > >router ospf 1
> > > area 0 authentication message-digest
> > > area 1 virtual-link 172.16.22.2
> > > network 172.16.0.0 0.0.0.255 area 0
> > > network 172.16.1.0 0.0.0.255 area 1
> > > network 172.16.11.0 0.0.0.255 area 0
> > >
> > >-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
> > >
> > >hostname Router2
> > >
> > >interface Loopback0
> > > ip address 172.16.22.2 255.255.255.0
> > >
> > >interface Ethernet0
> > > ip address 172.16.2.2 255.255.255.0
> > >
> > >interface Serial0
> > > ip address 172.16.1.2 255.255.255.0
> > > ip ospf message-digest-key 1 md5 cisco (I've
> > tried with and without this)
> > >
> > >router ospf 1
> > > area 0 authentication message-digest
> > > area 1 virtual-link 172.16.11.1
> > > network 172.16.1.0 0.0.0.255 area 1
> > > network 172.16.2.0 0.0.0.255 area 2
> > > network 172.16.22.0 0.0.0.255 area 1
> > >
> > >-*-*-*-*-*-*-*-*-*-
> > >
> > >When I do a sh ip ospf vir on Router2, I get:
> > >Virtual Link OSPF_VL2 to router 172.16.11.1 is up
> > > Transit area 1, via interface Serial0, Cost of
> > using 64
> > > Message digest authentication enabled
> > > No key configured, using default key id 0
> > >
> > >Regardless, when I do a sh ip ospf dat in
> Router1,
> > I do not see area 2. I
> > >have a feeling that it has something to do with
> the
> > key not being
> > >configured.
> > >
> > >I was playing around with
> > message-digest-authentication in the virtual-link
> > >statement but I couldn't get that to work either.
>
> > I think that statement
> > >only authenticates across area 1??? Dunno.
> > >
> > >Anyway, if anyone has any ideas, I'd be greatly
> > appreciated!
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > >Kecin Shirazawa
> > >Sent: Saturday, May 12, 2001 4:57 AM
> > >To: Ccieyet2b@aol.com; ccielab@groupstudy.com;
> > Roger@inteqnet.com
> > >Subject: RE: OSPF: area 0 authentication and the
> > virtual-link
> > >
> > >
> > >Hi Roger;
> > >
> > > You are absolutely right, but you don't need
> > the command on interface
> > >on
> > >the router that goes to Virtual link ( I mean,the
> > router at the far end ),
> > >just identify the area 0 with authentication (
> > authentication or
> > >message-digest-key ) and the link will be up.
> > Remenber that area 0 will be
> > >extended to the far end router. The interface is
> > just the path for that.
> > >
> > > Regards;
> > >
> > > Kecin ( 2 days to go...)
> > >
> > >
> > > >>> "Wang, Roger" <Roger@inteqnet.com> 11/05/01
> > 21:25 >>>
> > >You need "area 0 authentication message-digest"
> (if
> > you use md5) or "area 0
> > >authentication" (if you use plain text) at the
> > other end of the virtual
> > >link, the end (the router) where no interfaces
> are
> > in area 0.
> > >
> > >For example, if area 1 is the virtual link area,
> > then you need "area 0
> > >authentication" at both ends (both routers). One
> > of the routers has no
> > >interfaces in area 0, as you know. What virtual
> > link does is that it
> > >"extends" area 0 across the virtual link. So, if
> > you think about it, it
> > >makes sense to have "area 0 authentication
> > [message-digest]" at that router
> > >as well.
> > >
> > >I don't have equipment to test on right now, but
> > you might also need the
> > >command "ip ospf message-digest-key keyid md5
> key"
> > (used with md5) or "ip
> > >ospf authentication-key key" (used with plain
> text)
> > that goes on the
> > >interface connecting the virtual link for the
> whole
> > thing to work.
> > >
> > >HTH,
> > >
> > >-Rog
> > >
> > > > -----Original Message-----
> > > > From: Ccieyet2b@aol.com
> > [mailto:Ccieyet2b@aol.com]
> > > > Sent: Friday, May 11, 2001 7:53 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: OSPF: area 0 authentication and the
> > virtual-link
> > > >
> > > >
> > > > Hi all,
> > > >
> > > > I've tried a number of different ways to get
> > routes seen in
> > > > an area connected
> > > > to area 0 via a virtual link, but if I have
> > authentication on
>
=== message truncated ===
=====
Vincent
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:41 GMT-3