From: Jim Newton (jnewton@xxxxxxxxxxxxxxx)
Date: Mon Mar 11 2002 - 00:37:49 GMT-3
I've spent a lot of time playing with this, and for some reason, I get the
virtual link to come up just by putting the "area o authentication
message-digest" command in the router that is on the far end of the virtual
link. When I do a debug, it says that authentication is configured, but for
some reason on the virtual I don't need to enter the key. In area 0, I need
to or they won't establish adjacencies.
Has anyone else seen this, and what am I dong wrong? Is this because on the
core router I am not putting the message-digest statement on my virtual link
command? I think this mean that you are still using md5, but just using the
default key. At least that's what I get from the debugs. And if so, if they
state that you need to authenticate area 0 with md5, do you also need to on
the virtual link? And is the default key enough?
Thanks
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Bob
Sinclair
Sent: Sunday, March 10, 2002 6:39 PM
To: Carl Phelan
Cc: ccielab@groupstudy.com
Subject: Re: OSPF Virtual-Link
The virtual link command stretches area 0 across your area 1 to your
Router4. If you go to R4 and do "sh ip ospf" I think you will see it now
has areas 1, 55 and 0. I think you need to put a key on your virtual link,
like:
area 1 virtual-link x.x.x.x message-digest key 1 md5 cisco
----- Original Message -----
From: "Carl Phelan" <carlphelan@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, March 10, 2002 7:07 PM
Subject: OSPF Virtual-Link
> Hi All,
>
> I have configured OSPF Type II authentication in area 0 but now my
> virtual-link has gone down. The router R2 is physically connected to
> area 0 and uses the transit area 1 for the virtual link to R4. The
> output for the virtual link status shows as follows:
>
> r2#sh ip ospf v
> Virtual Link OSPF_VL0 to router 135.14.4.4 is up
> Run as demand circuit
> DoNotAge LSA allowed.
> Transit area 1, via interface Ethernet0, Cost of using 10
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:08
> Message digest authentication enabled
> No key configured, using default key id 0
>
> Yet I have not configured any authentication neither on area 1 nor the
> virtual link so why is it looking for any? I include the configs for R2
> and R4. Many thanks
>
>
>
>
>
>
> R2
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname r2
> !
> enable password 7 02050D480809
> !
> username alll password 7 11
> ip subnet-zero
> ipx routing 0002.0002.0002
> !
> !
> !
> interface Loopback0
> ip address 135.14.2.2 255.255.255.0
> no ip directed-broadcast
> !
> interface Ethernet0
> ip address 135.14.220.1 255.255.255.0
> no ip directed-broadcast
> ipx network 60
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> !
> interface Serial1
> ip address 135.14.190.2 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 7 104D000A0618
> ip ospf priority 0
> logging event subif-link-status
> logging event dlci-status-change
> ipx network 34
> no arp frame-relay
> frame-relay map ipx 34.0005.0005.0005 111 broadcast
> frame-relay map ip 135.14.190.1 111 broadcast
> frame-relay map ip 135.14.190.3 111 broadcast
> frame-relay map ipx 34.0003.0003.0003 111 broadcast
> no frame-relay inverse-arp
> !
> interface BRI0
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router ospf 1
> area 0 authentication message-digest
> area 1 virtual-link 135.14.4.4
> network 135.14.190.2 0.0.0.0 area 0
> network 135.14.220.1 0.0.0.0 area 1
> !
> ip classless
> !
> logging trap critical
> logging 150.14.1.200
> !
> !
> ipx router eigrp 1
> network 34
> !
> !
> ipx router rip
> no network 34
> !
> !
> !
> alias exec ospf sh ip ospf ne
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password 7 13061E010803
> login
> !
> end
>
>
> R4
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r4
> !
> enable password cisco
> !
> ip subnet-zero
> ipx routing 0004.0004.0004
> !
> !
> !
> interface Loopback0
> ip address 135.14.4.4 255.255.255.0
> no ip directed-broadcast
> !
> interface Ethernet0
> ip address 135.14.220.2 255.255.255.0
> no ip directed-broadcast
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> no fair-queue
> !
> interface Serial1
> ip address 135.14.170.2 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> logging event subif-link-status
> logging event dlci-status-change
> ipx network 50
> no arp frame-relay
> frame-relay map ip 135.14.170.1 131 broadcast
> no frame-relay inverse-arp
> !
> interface BRI0
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router ospf 1
> area 1 virtual-link 135.14.2.2
> network 135.14.4.4 0.0.0.0 area 55
> network 135.14.220.2 0.0.0.0 area 1
> !
> ip classless
> !
> !
> !
> !
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> !
> end
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:59 GMT-3