From: Ademola Osindero (osindero@xxxxxxxxxxxxxxxxx)
Date: Mon Oct 22 2001 - 15:52:55 GMT-3
John,
Well if you are using MD5, you have to specify area 0 authentication
message-digest on the cut-off router along with your area x virtual-link
ip-address message-digest command or else it will not work. I have done
this several times - a friend, Ohanusi, taught me.
I haven't tried plain text authentication but I guess you would need to use
area 0 authentication <cr> in this case.
Ademola
At 11:44 AM 10/22/2001 -0700, John Neiberger wrote:
>This shouldn't be necessary if I'm using simple password authentication,
>which is the case. At one point I tried MD5 to see if the results were
>different, but they weren't.
>
>Keep in mind--and I don't think I mentioned this before--I have three other
>routers in area 0 and they authenticate just fine. It is only across the
>virtual link that authentication breaks.
>
>Someone else just suggested that I use two configuration lines for the
>virtual link: one to turn on authentication and the other to specify the
>key. I'm going to give that a shot tonight.
>
>Thanks,
>John
>
>On Mon, 22 Oct 2001 16:29:26 +0100, Ademola Osindero wrote:
>
>| John,
>|
>| You need to add
>|
>| area 0 authentication message-digest
>|
>| to R5 to inform it that this kind of authentication is been used in the
>| backbone. Show ip ospf on any router should inform you whether
>| authentication is been used in area 0 since all routers talk with it.
>|
>| Also ensure that the password used in area 0 is the same as that used for
>
>| the virtual link. the Virtual link only serves to extend a "cut-off"
>router
>| to area 0. The cut off router should then be informed of what holds in
>the
>| backbone by specifying area 0 authentication message-digest (or
>whatever).
>| Since there is no direct interface on which to use ip ospf
>| message-digest-key , the virtual-link serves this place and uses area 1
>| virtual-link ip-address message-digest-key command.
>|
>| Ademola
>|
>|
>|
>| At 08:01 AM 10/22/2001 -0700, John Neiberger wrote:
>| >Yep, I'm positive. I've retyped them many, many times and I learned the
>| >hard way a couple of years ago the dangers of white space at the end of
>| >passwords.
>| >
>| >Thanks,
>| >John
>| >
>| >On Mon, 22 Oct 2001 02:11:44 -0400 (EDT), Jason Gardiner wrote:
>| >
>| >| White spaces at the end of passwords are killers. Are you sure the
>| >| password match exactly?
>| >|
>| >| Thanks,
>| >|
>| >| Jason Gardiner
>| >| Supervisor, Engineering Services
>| >| Sprint <Insert Division Name>
>| >|
>| >| "You can swim all day in the Sea of Knowledge and
>| >| still come out completely dry. Most people do."
>| >|
>| >| - Norton Juster
>| >|
>| >| On Sun, 21 Oct 2001, John Neiberger wrote:
>| >|
>| >| > I was working on Fatkid 401 OSPF lab tonight and I could never get
>the
>| >| > virtual link authentication to work correctly. No matter what I
>did, I
>| >| > would get errors stating I had a mismatched authentication key.
>Well,
>| >the
>| >| > key was "cisco" so that's not too hard to type in correctly.
>Still, I
>| >| > played with the configs on the two relevant routers and I rebooted
>them
>| >| > several times, all to no avail.
>| >| >
>| >| > I even changed the authentication type to md5 and got the same
>message.
>| >| > Very weird. I thought at one point this was an IOS issue because
>one
>| >router
>| >| > was running 11.2(7) and the other 11.2(25a). I upgraded the first
>one
>| >to
>| >| > 11.2(25a) and I still see the same error.
>| >| >
>| >| > I peeked at the solution and saw that I had it configured exactly
>how
>| >they
>| >| > suggested. Then I checked CCO and saw that they suggest the same
>| >| > configuration.
>| >| >
>| >| > Do any of you have any tips for configuring virtual link
>| >authentication?
>| >| > This seems to be a pretty simple config and I don't see what I'm
>| >missing.
>| >| >
>| >| > Thanks,
>| >| > John
>| >| >
>| >| >
>| >| >
>| >| >
>| >| >
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:23 GMT-3