RE: OSPF Authentication ?

From: Annu Roopa (annu_roopa@xxxxxxxxx)
Date: Tue Mar 05 2002 - 21:44:45 GMT-3

• Next message: Sasa Milic: "Re: IPSec question"
• Previous message: danyye: "lab swap in beijing . want 4/10 change to any date before 5/20 call me 13908653659"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
JP,

Doing 'area 0' authentication is not mandatory as i
understand. In my scenario i had 'area 0'
authentication with plain text as i remember and i had
MD5 authetication on the virtual link. But for
authetication purpose the Vlink must have the
authetication same as 'area 0' also to work.

Maybe this doc will clarify all doubts. I used
this.Let me know if this does not clear it up.

http://www.cisco.com/warp/public/104/27.html

HTH.Good luck,
Annu

--- Jeongwoo Park <Jpark@wams.com> wrote:
> Hi all
> this post has been quite while.
> I came across a question.
> Why would you need to authenticate area 0.
> Is this due to the virtual link?
> If so, without the virtual link, it is not necessary
> to authenticate the
> area 0?
>
> Just want to clear the question.
>
> Thanks in adv.
>
> JP
>
> -----Original Message-----
> From: Annu [mailto:annu_roopa@yahoo.com]
> Sent: Saturday, December 15, 2001 1:12 PM
> To: Mannan Venkatesan; ccielab@groupstudy.com
> Cc: scfeldberg@hotmail.com;
> gpalacios@microstrategy.com;
> cciestudy@bennedsgaard.dk
> Subject: Re: OSPF Authentication ?
>
>
> Group,
>
> Thanks to all those who replied.I added the "Area 0
> authetication message-digest" on R12 as u people
> said
> and it works though i had to reboot in the process.
>
> The Virtual Link authentication was not working.Will
> also look into the 11.X and 12.X compatibility
> problems.
>
> Thanks once again to all.
> Annu
>
> --- Mannan Venkatesan <mv70@lucent.com> wrote:
> > I would try,
> >
> > 'area 1 virtual-link 3.3.3.3 message-digest-key 1
> > md5' on r9 and
> > 'area 0 auth mess' on r12.
> >
> > Mannan
> >
> >
> >
> > ----- Original Message -----
> > From: "Annu" <annu_roopa@yahoo.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Friday, December 14, 2001 12:14 AM
> > Subject: OSPF Authentication ?
> >
> >
> > > Gurus,
> > >
> > > I have the following setup with which I am
> trying
> > to
> > > do OSPF MD5 authentication.
> > >
> > > R9
> > > | eo=.1
> > > |
> > > |--------------------------| (192.1.1.0/24)
> > > |e0=.2 |.3
> > > R11 R12
> > > |
> > > |
> > > R1
> > >
> > > R9/R11/R12 are in area 1
> > > R1 is in Area 100 with Virtual link to R9.
> > >
> > > The problem is that OSPF authentication between
> R9
> > and
> > > R12 is not working.Its working between R9 and
> R11
> > on
> > > same Ethernet network. It gives "invalid
> > > authentication type" error on R9. The configs
> and
> > > version information is as follows.
> > >
> > > R12 (11.2(17)
> > > ----
> > > interface Ethernet0
> > > ip address 192.1.1.1 255.255.255.0
> > > no ip directed-broadcast
> > > no ip route-cache
> > > ip ospf message-digest-key 1 md5 roopa
> > > no ip mroute-cache
> > >
> > > router ospf 100
> > > network 10.0.0.0 0.255.255.255 area 0
> > > network 192.1.1.0 0.0.0.255 area 1
> > > area 0 authentication message-digest
> > > area 1 authentication message-digest
> > > area 1 virtual-link 3.3.3.3
> > >
> > > R9#debug ip ospf events
> > > OSPF events debugging is on
> > > termsrver#
> > > 01:13:42: OSPF: Send with youngest Key 0
> > > 01:13:43: OSPF: Send with youngest Key 1
> > > 01:13:43: OSPF: Send with youngest Key 1
> > > 01:13:50: OSPF: Rcv pkt from 192.1.1.3,
> Ethernet0
> > :
> > > Mismatch Authentication type. Input packet
> > specified
> > > type 0, we use type 2
> > > 01:13:52: OSPF: Send with youngest Key 0
> > > 01:13:53: OSPF: Send with youngest Key 1
> > > 01:13:53: OSPF: Send with youngest Key 1
> > > 01:14:00: OSPF: Rcv pkt from 192.1.1.3,
> Ethernet0
> > :
> > > Mismatch Authentication type. Input packet
> > specified
> > > type 0, we use type 2
> > >
> > >
> > > ---------------------
> > >
> > > On R12 (Version 12.0(5)
> > >
> > > interface Ethernet0
> > > ip address 192.1.1.3 255.255.255.0
> > > no ip directed-broadcast
> > > no ip route-cache
> > > ip ospf message-digest-key 1 md5 roopa
> > > ip ospf priority 100
> > > no ip mroute-cache
> > >
> > > router ospf 100
> > > network 3.3.3.3 0.0.0.0 area 1
> > > network 172.16.0.0 0.0.255.255 area 100
> > > network 192.1.1.0 0.0.0.255 area 1
> > > area 1 authentication message-digest
> > > area 1 virtual-link 1.1.1.1 message-digest-key 1
> > md5
> > > roopa
> > >
> > > ------------------------
> > > AM I missing something or doing something wrong
> ??
> > i
> > > think it could be a bug.The "debug ip ospf
> packet"
> > > shows correct Auth type.
> > >
> > > Let me know.Thanks for ur time to got thru this.
> > >
> > > Annu
> > >
> > >
> > >
> > >

• Next message: Sasa Milic: "Re: IPSec question"
• Previous message: danyye: "lab swap in beijing . want 4/10 change to any date before 5/20 call me 13908653659"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:54 GMT-3