From: Khalid Nafie (knafie@xxxxxxxxxx)
Date: Mon Oct 29 2001 - 21:42:08 GMT-3
Dear All,
regarding to the following link it shows that auth under the
interfaces and for the virtual links are done in one line
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
and
ip ospf message-digest-key 1 md5 cisco
but it didn't work with me till i added this line
area 1 virtual-link 3.3.3.3 auth mess
any comments
-----Original Message-----
From: Bryan Osoro [mailto:bosoro@hotmail.com]
Sent: Monday, October 29, 2001 4:29 PM
To: 'Khalid Nafie'
Cc: ccielab@groupstudy.com
Subject: RE: Virtual Link Authentication
This link is pretty helpful in OSPF Virtual Link Authentication issues.
It sure saved my butt.
http://www.cisco.com/warp/public/104/27.html
-Bryan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Khalid Nafie
Sent: Monday, October 29, 2001 5:12 PM
To: Ajaz Nawaz; Eric Sarraf
Cc: ccielab@groupstudy.com
Subject: RE: Virtual Link Authentication
her is the config :
R6
interface Ethernet0
ip address 150.10.2.1 255.255.255.0
no ip directed-broadcast
ip irdp
ip irdp preference 50
ip ospf cost 100
!
interface Serial0
ip address 150.10.1.1 255.255.255.240
no ip directed-broadcast
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf cost 120
ip ospf priority 0
no ip mroute-cache
logging event subif-link-status
logging event dlci-status-change
no fair-queue
frame-relay map ip 150.10.1.5 201 broadcast
frame-relay lmi-type ansi
!
router ospf 90
area 1 authentication message-digest
area 1 virtual-link 150.10.15.5 message-digest-key 1 md5 cisco
network 150.10.1.0 0.0.0.15 area 1
network 150.10.2.0 0.0.0.255 area 2
network 150.10.10.0 0.0.0.255 area 1
R3:
interface Serial0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
logging event subif-link-status
logging event dlci-status-change
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 150.10.5.5 255.255.255.240
no ip directed-broadcast
ip ospf network point-to-multipoint
frame-relay interface-dlci 101
!
interface Serial0.2 multipoint
ip address 150.10.1.5 255.255.255.240
no ip directed-broadcast
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf priority 100
frame-relay map ip 150.10.1.1 102 broadcast
frame-relay map ip 150.10.1.3 103 broadcast
no frame-relay inverse-arp
!
router ospf 90
area 0 authentication message-digest
area 1 authentication message-digest
area 1 virtual-link 150.10.10.1 message-digest-key 1 md5 cisco
summary-address 150.10.1.0 255.255.255.0
summary-address 150.10.4.0 255.255.255.0
redistribute connected subnets
redistribute igrp 100 subnets route-map no-isdn
network 150.10.0.0 0.0.0.255 area 0
network 150.10.1.0 0.0.0.15 area 1
network 150.10.4.0 0.0.0.3 area 5
network 150.10.5.0 0.0.0.15 area 5
network 150.10.10.0 0.0.0.255 area 0
network 150.10.15.0 0.0.0.255 area 0
neighbor 150.10.1.3
neighbor 150.10.1.1
!
-----Original Message-----
From: Ajaz Nawaz [mailto:anawaz@cisco.com]
Sent: Monday, October 29, 2001 3:22 PM
To: Eric Sarraf
Cc: ccielab@groupstudy.com
Subject: RE: Virtual Link Authentication
Please send us the full configs from both routers
We need to see what is configured under the interfaces as well.
tia
jaz
-----Original Message-----
From: Eric Sarraf [mailto:esarraf@cisco.com]
Sent: 29 October 2001 19:37
To: Ajaz Nawaz
Cc: ccielab@groupstudy.com
Subject: RE: Virtual Link Authentication
Yes, I reset both routers but with no help. One router is running IOS
version 12.1(7) and the other one 12.0(15).
thanks, Eric
At 07:16 PM 10/29/2001 +0000, Ajaz Nawaz wrote:
>have you tried reloading the routers ?
>
>remember to save the configs though before doing so :)
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Eric Sarraf
>Sent: 29 October 2001 17:50
>To: ccielab@groupstudy.com
>Subject: Virtual Link Authentication
>
>
>I have enabled message-digest authentication on area 0. There is also
>virtual link between my two routers R4 and R5 residing on area 45 (R5
also
>resides on area 0). I have also enabled authentication on the virtual
link
>. Things work fine with below configurations. However, if I replace
"area
>45 virtual-link 4.4.4.4 authentication" with "area 45 virtual-link
4.4.4.4
>authentication message digest" I get the following error on both
routers:
>
>1w1d: OSPF: Rcv pkt from 160.5.54.5, Ethernet0 : Mismatch
Authentication
>Key - Message Digest Key 1
>
>Why can not I have "message-digest" on my viurtual link statement?
>
>Thanks, Eric
>
>R5 router:
>
>router ospf 1
> log-adjacency-changes
> area 0 authentication message-digest
> area 45 virtual-link 4.4.4.4 authentication
> area 45 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
> area 55 range 160.5.64.0 255.255.248.0
> redistribute connected subnets
> network 160.5.1.0 0.0.0.255 area 0
> network 160.5.53.0 0.0.0.255 area 5
> network 160.5.54.0 0.0.0.255 area 45
> network 160.5.64.0 0.0.7.255 area 55
> neighbor 160.5.1.1
> neighbor 160.5.1.3
>
>
>R4 router:
>
>router ospf 1
> area 45 virtual-link 160.5.68.1 authentication
> area 45 virtual-link 160.5.68.1 message-digest-key 1 md5 cisco
> redistribute connected subnets
> redistribute rip subnets
> network 150.100.1.5 0.0.0.0 area 4
> network 160.5.14.2 0.0.0.0 area 14
> network 160.5.54.0 0.0.0.255 area 45
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:28 GMT-3