From: Carl Phelan (carlphelan@xxxxxxxxxxx)
Date: Mon Mar 11 2002 - 07:31:59 GMT-3
Hi All,
Yes indeed Jim, this works by simply adding the command 'area 0
authentication message-digest' on R4 in OSPF config mode. R2 now has
the loopback on R4 which is in Area 55 in its routing table and sees the
virtual link as FULL. BUT the question is, is this the right way of
doing it? Should authentication be added to the virtual link and
because R2 was looking for a message-digest key, should this be provided
or can it be different form the area 0 key.
I like this method but in the lab will the proctors agree?
-----Original Message-----
From: Jim Newton [mailto:jnewton@InternetNOC.com]
Sent: 11 March 2002 03:38
To: Bob Sinclair; Carl Phelan
Cc: ccielab@groupstudy.com
Subject: RE: OSPF Virtual-Link
I've spent a lot of time playing with this, and for some reason, I get
the
virtual link to come up just by putting the "area o authentication
message-digest" command in the router that is on the far end of the
virtual
link. When I do a debug, it says that authentication is configured, but
for
some reason on the virtual I don't need to enter the key. In area 0, I
need
to or they won't establish adjacencies.
Has anyone else seen this, and what am I dong wrong? Is this because on
the
core router I am not putting the message-digest statement on my virtual
link
command? I think this mean that you are still using md5, but just using
the
default key. At least that's what I get from the debugs. And if so, if
they
state that you need to authenticate area 0 with md5, do you also need to
on
the virtual link? And is the default key enough?
Thanks
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bob
Sinclair
Sent: Sunday, March 10, 2002 6:39 PM
To: Carl Phelan
Cc: ccielab@groupstudy.com
Subject: Re: OSPF Virtual-Link
The virtual link command stretches area 0 across your area 1 to your
Router4. If you go to R4 and do "sh ip ospf" I think you will see it
now
has areas 1, 55 and 0. I think you need to put a key on your virtual
link,
like:
area 1 virtual-link x.x.x.x message-digest key 1 md5 cisco
----- Original Message -----
From: "Carl Phelan" <carlphelan@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, March 10, 2002 7:07 PM
Subject: OSPF Virtual-Link
> Hi All,
>
> I have configured OSPF Type II authentication in area 0 but now my
> virtual-link has gone down. The router R2 is physically connected to
> area 0 and uses the transit area 1 for the virtual link to R4. The
> output for the virtual link status shows as follows:
>
> r2#sh ip ospf v
> Virtual Link OSPF_VL0 to router 135.14.4.4 is up
> Run as demand circuit
> DoNotAge LSA allowed.
> Transit area 1, via interface Ethernet0, Cost of using 10
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:08
> Message digest authentication enabled
> No key configured, using default key id 0
>
> Yet I have not configured any authentication neither on area 1 nor the
> virtual link so why is it looking for any? I include the configs for
R2
> and R4. Many thanks
>
>
>
>
>
>
> R2
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname r2
> !
> enable password 7 02050D480809
> !
> username alll password 7 11
> ip subnet-zero
> ipx routing 0002.0002.0002
> !
> !
> !
> interface Loopback0
> ip address 135.14.2.2 255.255.255.0
> no ip directed-broadcast
> !
> interface Ethernet0
> ip address 135.14.220.1 255.255.255.0
> no ip directed-broadcast
> ipx network 60
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> !
> interface Serial1
> ip address 135.14.190.2 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 7 104D000A0618
> ip ospf priority 0
> logging event subif-link-status
> logging event dlci-status-change
> ipx network 34
> no arp frame-relay
> frame-relay map ipx 34.0005.0005.0005 111 broadcast
> frame-relay map ip 135.14.190.1 111 broadcast
> frame-relay map ip 135.14.190.3 111 broadcast
> frame-relay map ipx 34.0003.0003.0003 111 broadcast
> no frame-relay inverse-arp
> !
> interface BRI0
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router ospf 1
> area 0 authentication message-digest
> area 1 virtual-link 135.14.4.4
> network 135.14.190.2 0.0.0.0 area 0
> network 135.14.220.1 0.0.0.0 area 1
> !
> ip classless
> !
> logging trap critical
> logging 150.14.1.200
> !
> !
> ipx router eigrp 1
> network 34
> !
> !
> ipx router rip
> no network 34
> !
> !
> !
> alias exec ospf sh ip ospf ne
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password 7 13061E010803
> login
> !
> end
>
>
> R4
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r4
> !
> enable password cisco
> !
> ip subnet-zero
> ipx routing 0004.0004.0004
> !
> !
> !
> interface Loopback0
> ip address 135.14.4.4 255.255.255.0
> no ip directed-broadcast
> !
> interface Ethernet0
> ip address 135.14.220.2 255.255.255.0
> no ip directed-broadcast
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> no fair-queue
> !
> interface Serial1
> ip address 135.14.170.2 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> logging event subif-link-status
> logging event dlci-status-change
> ipx network 50
> no arp frame-relay
> frame-relay map ip 135.14.170.1 131 broadcast
> no frame-relay inverse-arp
> !
> interface BRI0
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router ospf 1
> area 1 virtual-link 135.14.2.2
> network 135.14.4.4 0.0.0.0 area 55
> network 135.14.220.2 0.0.0.0 area 1
> !
> ip classless
> !
> !
> !
> !
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> !
> end
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:00 GMT-3