From: Richard Foltz (ccie2b@xxxxxxxxxx)
Date: Wed Oct 24 2001 - 01:29:03 GMT-3
might wanna try a 'clear ip ospf process' instead of rebooting all the time.
Richard Foltz, CCNP-Voice, CCDP, MCSE+I, Network+, A+
3rd Attemp @ RTP 11/2-3
----- Original Message -----
From: "John Neiberger" <neiby@excite.com>
To: <cisco@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, October 23, 2001 11:07 PM
Subject: Resolved, was OSPF Virtual Link Authentication [7:23867]
> Well...sort of resolved. After upgrading more of my routers to 12.1(10) I
> rebuilt my lab and attempted the ospf lab again. This time it still would
> not work, but instead of getting a Mismatched Authentication Key error
> during debugging I was getting a Mismatched Authentication Type. It
claimed
> that one end was using Type 0 and the other was Type 1. I don't really
know
> what that means so I tinkered for a while.
>
> I tried many different combinations to no avail and eventually put
> everything back the way I honestly thought it should be. Still nothing.
> So, I rebooted...and guess what...it came up just fine.
>
> This really irritates me. Why would I need to reboot? It seems like I do
a
> lot of rebooting when playing with ospf! :-) Maybe that's just me,
though.
>
> Anyway, here is what the final working config looks like (and it's exactly
> what I *thought* should have worked in the first place):
>
> R4 is in Area 0 and Area 1. R5 connects to R4 and has interfaces in area
5.
>
> R4 ospf config:
>
> router ospf 1
> log-adjacency-changes
> area 0 authentication
> area 1 virtual-link 212.1.22.1 authentication-key cisco
> network 200.100.100.17 0.0.0.0 area 4
> network 212.1.22.33 0.0.0.0 area 1
> network 212.1.22.84 0.0.0.0 area 0
>
> R5 ospf config:
>
> router ospf 1
> network 212.1.22.34 0.0.0.0 area 1
> network 20.1.1.1 0.0.0.0 area 5
> network 20.1.2.1 0.0.0.0 area 5
> network 20.1.3.1 0.0.0.0 area 5
> area 0 authentication
> area 1 virtual-link 200.100.100.17 authentication-key cisco
> area 5 range 20.1.0.0 255.255.0.0
>
> Very simple, very straightforward, and dang it, it should have worked two
> days ago! Oh well. Perhaps I was overlooking something and tonight's
> configs are *exactly* the same as I had them two days ago.
>
> Thanks to everyone for their help and suggestions!
>
> John
>
>
> On Tue, 23 Oct 2001 21:40:50 -0400, Ryan Ngai Hon Kong wrote:
>
> | Don't you think fixing up the router-id in this scenario is
> | better to ensure consistent virtual link and since
> | you keep rebooting the router?
> |
> | Just an opinion. :)
> | Regards,
> | Ryan
> |
> | -----Original Message-----
> | From: John Neiberger [mailto:john.neiberger@efirstbank.com]
> | Sent: Tuesday, October 23, 2001 10:06 PM
> | To: cisco@groupstudy.com
> | Subject: RE: OSPF Virtual Link Authentication [7:23867]
> |
> |
> | Thanks. I was configuring it as you suggest. I played around with
this
> | more last night and I never got it to work. It's frustrating because
it
> | seems so simple, yet I must be missing something that's right under my
> | nose.
> |
> | I had some problems with lab equipment last night that I finally
> | resolved. So, tonight I'll rebuild everything from scratch and see if
I
> | can make it work.
> |
> | John
> |
> | >>> "Frank B" 10/23/01 1:10:15 AM >>>
> | Not sure if you received any possible issues other than the whitespace.
> | But
> | another common error...there are NO interface commands required for
> | the
> | interfaces into the transit area. The authentication commands are
> | placed at
> | the end of the area x virtual-link command under the ospf process.
> | For
> | instance:
> |
> |
> | Ra-----area0-----Rb-----area1-----Rc-----area2------Rd
> |
> | If area0 requires authentication, the only commands required to
> | authenticate
> | on the virtual-link transiting area1 are:
> |
> | Rc#
> | router ospf 1
> | area 1 virtual-link [Rb rtr id] authenticatio-key cisco
> | area 0 authentication
> |
> | AND of course the same commands on the ospf process of Rb also. This
> | example was plain text but the "question mark" will help get you the
> | md5
> | commands. The way I remember it...this virtual link IS my interface
> | into
> | the backbone so I ONLY need to configure there.
> |
> | Hope this helps, aloha, Frank
> |
> | -----Original Message-----
> | From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> | John Neiberger
> | Sent: Sunday, October 21, 2001 6:54 PM
> | To: ccielab@groupstudy.com
> | Subject: OSPF Virtual Link Authentication
> |
> |
> | I was working on Fatkid 401 OSPF lab tonight and I could never get the
> | virtual link authentication to work correctly. No matter what I did,
> | I
> | would get errors stating I had a mismatched authentication key. Well,
> | the
> | key was "cisco" so that's not too hard to type in correctly. Still, I
> | played with the configs on the two relevant routers and I rebooted
> | them
> | several times, all to no avail.
> |
> | I even changed the authentication type to md5 and got the same
> | message.
> | Very weird. I thought at one point this was an IOS issue because one
> | router
> | was running 11.2(7) and the other 11.2(25a). I upgraded the first one
> | to
> | 11.2(25a) and I still see the same error.
> |
> | I peeked at the solution and saw that I had it configured exactly how
> | they
> | suggested. Then I checked CCO and saw that they suggest the same
> | configuration.
> |
> | Do any of you have any tips for configuring virtual link
> | authentication?
> | This seems to be a pretty simple config and I don't see what I'm
> | missing.
> |
> | Thanks,
> | John
> |
> |
> |
> |
> |
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:24 GMT-3