RE: Virtual Links

From: kym blair (kymblair@xxxxxxxxxxx)
Date: Thu Apr 18 2002 - 18:48:03 GMT-3

• Next message: kris.keen@xxxxxxxxxx: "Re: How much did your employer pay?"
• Previous message: Lupi, Guy: "Dialer watch questions"
• Maybe in reply to: Tarek Sabry: "Virtual Links"
• Next in thread: yakout esmat: "RE: Virtual Links"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Eric,

If only area 0 was authenticated (not area 2), the remote router (has area 4
and area 2) would not need any authentication statements on any interfaces
since no interfaces are in area 0. Under the ospf routing process, it would
need:

router ospf 64
area 0 authentication message-digest
area 2 virtual-link X.X.X.X message-digest-key 1 md5 KEY5

The area 0 router would have the same two commands, plus it would have the
following command on any interfaces that are in area 0:

  ip ospf message-digest-key 1 md5 KEY5

My biggest problem was a dumb error ... I needed to check the RID (using
"show ip ospf database") of each router then build the virtual-link
statements using the IP addresses that ospf sees as the RID.

HTH, Kym

--------------------------------------------------------

>From: Eric Lemmons <ericlemmons@yahoo.com>
>Reply-To: Eric Lemmons <ericlemmons@yahoo.com>
>To: kym blair <kymblair@hotmail.com>, yesmat@iprimus.com.au,
>tsabry@houston.sns.slb.com, ccielab@groupstudy.com
>Subject: RE: Virtual Links
>Date: Thu, 18 Apr 2002 11:03:14 -0700 (PDT)
>
>Do you also need to add the authentication statements to every
>interface in the area that is virtual linked to area 0?
>If I'm virtual linking from area 4, across area 2, for instance, do
>the ospf interfaces in area 4 all have to have the authentication
>statements. Also, do you need an "area 4 authentication ... "
>statement under the ospf process in addition to the one on the area x
>virtual link" command?
>Eric
>
>--- kym blair <kymblair@hotmail.com> wrote:
> > Thanks Ya. After watching Tarek struggle with it for a few hours I
> > got
> > interested (thinking it would only distract me for maybe an hour)
> > and
> > basically spent the rest of the day on it. So I've found all the
> > tricks and
> > really hope I see it in the lab too!
> >
> > Kym
> >
> >
> > >From: "yakout esmat" <yesmat@iprimus.com.au>
> > >Reply-To: "yakout esmat" <yesmat@iprimus.com.au>
> > >To: "kym blair" <kymblair@hotmail.com>,
> > <tsabry@houston.sns.slb.com>,
> > > <ccielab@groupstudy.com>
> > >Subject: RE: Virtual Links
> > >Date: Thu, 18 Apr 2002 21:56:36 +1000
> > >
> > >Kym,
> > >
> > >When you have Area 0 Authent, you also HAVE to add at the end of
> > ALL your
> > >"Area x virtual a.b.c.d..." command the authentication Key and
> > password
> > >like
> > >so:
> > >
> > >"area 2 virtual-link 192.168.1.1 message-digest key md5 cisco",
> > and that
> > >applies to all area x virtual commands in your network.
> > >
> > >In your example below, you will not need the Interface serial 0
> > >authentication because in router B you have no area 0.
> > >
> > >I can say I am pretty sure about this one, I spent lots of time
> > practicing
> > >it.
> > >
> > >HTH
> > >Ya
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> > Behalf Of
> > >kym blair
> > >Sent: Thursday, April 18, 2002 8:28 AM
> > >To: tsabry@houston.sns.slb.com; ccielab@groupstudy.com
> > >Subject: Re: Virtual Links
> > >
> > >
> > >Tarek,
> > >
> > >I could only guess on the answer to your first question, so I'll
> > let
> > >someone
> > >else answer. On your second question, "If area 0 is
> > authenticated, do I
> > >have to put authentication on the virtual link?", the answer is
> > yes. For
> > >example:
> > >
> > >Router A (has area 0 and area 2)
> > >
> > >Router B (has area 2 and area 3):
> > > router ospf 64
> > > network 192.168.1.2 0.0.0.0 area 2
> > > network 172.48.3.2 0.0.0.0 area 3
> > > area 2 virtual-link 192.168.1.1
> > > area 0 authentication message-digest
> > >interface serial 0
> > > ip ospf message-digest-key 1 md5 KEY1
> > >
> > >
> > >HTH, Kym
> > >
> > >
> > >
> > >
> > > >From: Tarek Sabry <tsabry@houston.sns.slb.com>
> > > >Reply-To: Tarek Sabry <tsabry@houston.sns.slb.com>
> > > >To: ccielab@groupstudy.com
> > > >Subject: Virtual Links
> > > >Date: Wed, 17 Apr 2002 16:58:53 -0500
> > > >
> > > >Hi
> > > >
> > > >This is a quick one. When I have 2 spokes that can act as ABRs
> > between
> > >area
> > > >1 and area 2 let's say, do I need 2 virtual links to area 0? Or
> > should I
> > > >only have one virtual link that I choose?
> > > >
> > > >Another question, if area 0 is authenticated then do I have to
> > enable
> > > >authentication on the virtual link? I thought I should, but the
> > only way
> > > >I'm
> > > >able to bring one of the virtual links up is to remove the md5
> > > >authentication!! Is there a problem because I'm using 2 parallel
> > VLinks
> > >or
> > > >this is the way it is supposed to work?
> > > >
> > > >Thanks
> > > >Tarek
> > >

• Next message: kris.keen@xxxxxxxxxx: "Re: How much did your employer pay?"
• Previous message: Lupi, Guy: "Dialer watch questions"
• Maybe in reply to: Tarek Sabry: "Virtual Links"
• Next in thread: yakout esmat: "RE: Virtual Links"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:12 GMT-3