From: Bryan Ginman (ginmanb@xxxxxxxxxxx)
Date: Tue Nov 20 2001 - 20:24:38 GMT-3
I just did a test on this and I found this is what you need to stop those
Mismatch Authentication types even though the link shows up and the routes
are in the tables correctly. I had that same problem. This assumes that the
transit area is not using authentication. It was weird but I was almost sure
that I had it this way the first time this way. I reloaded the routers still
same thing, wiped them and redid it and it worked. I tried to do it in
sequence and it worked fine I will try to test it out of order do some
things first etc.. and see what I get.
on the Area 0 ABR:
x = transit area
router ospf 1
area 0 authentication message-digest
area x virtual-link %Router-ID to ABR vir-link% authentication
message-digest
area x virtual-link %Router-ID to ABR vir-link% message-digest-key 1 md5
"keyword"
int %area0%
ip ospf message-digest-key 1 md5 "keyword"
on the ABR of the separated area:
router ospf 1
area 0 authentication message-digest
area x virtual-link authentication message-digest
area x virtual-link message-digest 1 md5 "keyword"
cheers,
Bryan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Albert Lu
Sent: Tuesday, November 20, 2001 3:48 PM
To: 'Bill Reilly'
Cc: 'Steve O'Ney'; ccielab@groupstudy.com
Subject: RE: Virtual Link Auth Again
Bill,
I think you need 'area 0 authentication message-digest' for the virtual link
to be doing authentication, since the virtual link is like a link into area
0.
Albert
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bill Reilly
Sent: Monday, November 12, 2001 11:56 AM
To: Steve O'Ney; ccielab@groupstudy.com
Subject: Re: Virtual Link Auth Again
Sure.
Here is my area 0 router:
The VL is coming in over the e0 interface, but because i am only trying to
authenticate the VL router I do not put any authentication information
there, it
is under the ospf process.
!
interface Ethernet0
ip address 10.0.1.1 255.255.255.0
ip ospf priority 100
no keepalive
!
interface Serial0
ip address 130.10.1.1 255.255.255.0
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf priority 100
!
router ospf 64733
network 10.0.1.0 0.0.0.255 area 10
network 130.10.1.0 0.0.0.255 area 0
network 1.1.1.0 0.0.0.255 area 1
neighbor 130.10.1.6 priority 4
neighbor 130.10.1.5 priority 2
area 0 authentication message-digest
area 10 virtual-link 5.5.5.5 message-digest-key 1 md5 cisco
Here is my remote router:
interface Ethernet0/0
ip address 10.0.1.22 255.255.255.0
full-duplex
service-policy output QoS-Policy
!
interface Serial1/0
ip address 50.40.1.1 255.255.255.252
no ip mroute-cache
clockrate 128000
!
router ospf 64733
log-adjacency-changes
area 5 virtual-link 4.4.4.4
area 10 virtual-link 1.1.1.1 authentication message-digest
area 10 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
network 10.0.1.0 0.0.0.255 area 10
network 50.40.1.0 0.0.0.255 area 5
Bill
Steve O'Ney wrote:
> Bill,
>
> Could I get a sample config from your router?
>
> THanks
>
> Steve
>
> ----- Original Message -----
> From: "Bill Reilly" <william.j.reilly@verizon.net>
> To: "Steve O'Ney" <soney@proaptiv.com>; <ccielab@groupstudy.com>
> Sent: Sunday, November 11, 2001 5:16 PM
> Subject: Re: Virtual Link Auth Again
>
> > Steve,
> >
> > When you use the command listed below, you set up plain text
> authentication on
> > both routers. This is the type 1 part of the message in the clip I
sent.
> >
> > I was able to get this working, then changed my authentication type to
> > message-digest with md5. Once I set my area 0 auth to message-digest
and
> set up
> > my keys on both my area 0 router and my remote router everything came
up.
> >
> >
> > Thanks,
> > Bill
> >
> > Steve O'Ney wrote:
> >
> > > Bill,
> > >
> > > I have knocked my head against the wall on several occasions over this
> and I
> > > have found a fix, type this command on both ends of your virtual link.
I
> > > can't say why this works because I don't have a clue, I can't find it
> > > anywhere but this is what worked for me:
> > >
> > > area [#] virtual-link X.X.X.X authentication
> > >
> > > don't ask me why but it works.
> > >
> > > Steve
> > >
> > > ----- Original Message -----
> > > From: "Bill Reilly" <william.j.reilly@verizon.net>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Sunday, November 11, 2001 11:36 AM
> > > Subject: Virtual Link Auth Again
> > >
> > > > I have been working on some VL labs with and without different types
> of
> > > > authentication. Now the first issue I have is some of my routers
are
> > > > running 11.2 and some are running 12.1. I suspect my issue resides
in
> > > > the differences in IOS, but what I am seeing is when I try to use
> > > > message-digest I am not able to authenticate my VL.
> > > >
> > > > My debug output on both routers states "Rcv pkt from 10.0.1.22,
> > > > Ethernet0 : Mismatch Authentication type. Input pa
> > > > cket specified type 0, we use type 1"
> > > >
> > > > Any help would be appreciated.
> > > >
> > > > Bill
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:19 GMT-3