From: Bill Reilly (william.j.reilly@xxxxxxxxxxx)
Date: Tue Nov 20 2001 - 19:11:18 GMT-3
Albert,
The config below worked. Because the remote router has to authenticate
through area 10 I did not need the area 0 auth message-digest there.
However I did need in my Area 0 router to authenticate.
Bill
Albert Lu wrote:
>Bill,
>
>I think you need 'area 0 authentication message-digest' for the virtual link
>to be doing authentication, since the virtual link is like a link into area
>0.
>
>Albert
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Bill Reilly
>Sent: Monday, November 12, 2001 11:56 AM
>To: Steve O'Ney; ccielab@groupstudy.com
>Subject: Re: Virtual Link Auth Again
>
>
>Sure.
>
>Here is my area 0 router:
>
>The VL is coming in over the e0 interface, but because i am only trying to
>authenticate the VL router I do not put any authentication information
>there, it
>is under the ospf process.
>
>!
>interface Ethernet0
> ip address 10.0.1.1 255.255.255.0
> ip ospf priority 100
> no keepalive
>!
>interface Serial0
> ip address 130.10.1.1 255.255.255.0
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 cisco
> ip ospf priority 100
>!
>router ospf 64733
> network 10.0.1.0 0.0.0.255 area 10
> network 130.10.1.0 0.0.0.255 area 0
> network 1.1.1.0 0.0.0.255 area 1
> neighbor 130.10.1.6 priority 4
> neighbor 130.10.1.5 priority 2
> area 0 authentication message-digest
> area 10 virtual-link 5.5.5.5 message-digest-key 1 md5 cisco
>
>Here is my remote router:
>
>interface Ethernet0/0
> ip address 10.0.1.22 255.255.255.0
> full-duplex
> service-policy output QoS-Policy
>!
>interface Serial1/0
> ip address 50.40.1.1 255.255.255.252
> no ip mroute-cache
> clockrate 128000
>!
>router ospf 64733
> log-adjacency-changes
> area 5 virtual-link 4.4.4.4
> area 10 virtual-link 1.1.1.1 authentication message-digest
> area 10 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
> network 10.0.1.0 0.0.0.255 area 10
> network 50.40.1.0 0.0.0.255 area 5
>
>Bill
>
>Steve O'Ney wrote:
>
>>Bill,
>>
>>Could I get a sample config from your router?
>>
>>THanks
>>
>>Steve
>>
>>----- Original Message -----
>>From: "Bill Reilly" <william.j.reilly@verizon.net>
>>To: "Steve O'Ney" <soney@proaptiv.com>; <ccielab@groupstudy.com>
>>Sent: Sunday, November 11, 2001 5:16 PM
>>Subject: Re: Virtual Link Auth Again
>>
>>>Steve,
>>>
>>>When you use the command listed below, you set up plain text
>>>
>>authentication on
>>
>>>both routers. This is the type 1 part of the message in the clip I
>>>
>sent.
>
>>>I was able to get this working, then changed my authentication type to
>>>message-digest with md5. Once I set my area 0 auth to message-digest
>>>
>and
>
>>set up
>>
>>>my keys on both my area 0 router and my remote router everything came
>>>
>up.
>
>>>
>>>Thanks,
>>>Bill
>>>
>>>Steve O'Ney wrote:
>>>
>>>>Bill,
>>>>
>>>>I have knocked my head against the wall on several occasions over this
>>>>
>>and I
>>
>>>>have found a fix, type this command on both ends of your virtual link.
>>>>
>I
>
>>>>can't say why this works because I don't have a clue, I can't find it
>>>>anywhere but this is what worked for me:
>>>>
>>>>area [#] virtual-link X.X.X.X authentication
>>>>
>>>>don't ask me why but it works.
>>>>
>>>>Steve
>>>>
>>>>----- Original Message -----
>>>>From: "Bill Reilly" <william.j.reilly@verizon.net>
>>>>To: <ccielab@groupstudy.com>
>>>>Sent: Sunday, November 11, 2001 11:36 AM
>>>>Subject: Virtual Link Auth Again
>>>>
>>>>>I have been working on some VL labs with and without different types
>>>>>
>>of
>>
>>>>>authentication. Now the first issue I have is some of my routers
>>>>>
>are
>
>>>>>running 11.2 and some are running 12.1. I suspect my issue resides
>>>>>
>in
>
>>>>>the differences in IOS, but what I am seeing is when I try to use
>>>>>message-digest I am not able to authenticate my VL.
>>>>>
>>>>>My debug output on both routers states "Rcv pkt from 10.0.1.22,
>>>>>Ethernet0 : Mismatch Authentication type. Input pa
>>>>>cket specified type 0, we use type 1"
>>>>>
>>>>>Any help would be appreciated.
>>>>>
>>>>>Bill
>>>>>
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:19 GMT-3