From: sean@xxxxxxxxx
Date: Sat Aug 17 2002 - 05:02:04 GMT-3
Catherine and Hunt,
You don't need to specify area 0 authentication message-digest on RTC,
since
you already have area 1 virtual-link 2.2.2.2 authentication message-digest
on RTC, it's redundant with the first command. You could, of course,
replace the command area 1 virtual-link 2.2.2.2 authentication
message-digest
with the area 0 authentication message-digest on RTC. That should still
work fine.
Go ahead and try it to test it out.
- Sean Liu
CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I
Think Tank Systems, LLC
"Wu,
Catherine" To: "'Hunt Lee'" <ciscoforme3@yaho
o.com.au>, ccielab@groupstudy.com
<cwu@NaviSite cc:
.com> Subject: RE: Please Help ASAP: OSP
F Authentication
Sent by:
nobody@groups
tudy.com
08/16/2002
09:59 PM
Please
respond to
"Wu,
Catherine"
RTC needs
router ospf 3
area 0 authentication message-digest
Catherine
-----Original Message-----
From: Hunt Lee [mailto:ciscoforme3@yahoo.com.au]
Sent: Friday, August 16, 2002 9:46 PM
To: ccielab@groupstudy.com
Subject: Please Help ASAP: OSPF Authentication
Having a bad day, could someone please help me figure this out?
RTA ----- RTB ----- RTC
RTA's interface to RTB:- 10.1.1.1
RTB's interface back to RTA:- 10.1.1.2
RTB's interface to RTC:- 10.1.1.5
RTC's interface back to RTB:- 10.1.1.6
Each router also has it's own Loopback interface, where RTA has
1.1.1.1/32, RTB has 2.2.2.2/32 & RTC has 3.3.3.3/32
All 3 routers are running OSPF only:-
Area 0 - between RTA & RTB (MD5 Authentication)
Area 1 - between RTB & RTC
Area 2 - just RTC's loopback interface (3.3.3.3/32)
Here is the config. of RTA for Area 0 Authentication
At RTA:-
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
interface Serial0
ip address 10.1.1.1 255.255.255.252
ip ospf message-digest-key 2 md5 ciscoab
Since Area 2 does not have a direct connection to Area 0, I have
created a virtual link between RTB & RTC.
I realised that by default, when authentication is enabled in Area 0,
then this authentication type will be automatically applied to all
interfaces in Area 0, including the virtual link that I have created
between RTB & RTC.
And hence, I will need the virtual link to be running MD5 too (coz
RTB is already using MD5 for the Area 0 authentication). 2 commands
are needed. Apart from the first command "area 1 virtual-link
3.3.3.3 message-digest-key 2 md5 cisco" to specify the MD5 key &
password for the Virtual-Link, the second command is where I am
confused about. I have searched the CCO and books for this, they
only mentioned to use "area 0 authentication message-digest" command
on both RTB & RTC. But I found that it also works if you used
"area 1 virtual-link 3.3.3.3 authentication message-digest" command
on both RTB & RTC. Is this ok to use? Is there any gotcha on this??
At RTB:-
router ospf 2
log-adjacency-changes
area 0 authentication message-digest
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 5 md5 haha
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 1
At RTC:-
router ospf 3
log-adjacency-changes
area 1 virtual-link 2.2.2.2 authentication message-digest
area 1 virtual-link 2.2.2.2 message-digest-key 5 md5 haha
network 3.3.3.3 0.0.0.0 area 2
network 10.1.1.4 0.0.0.3 area 1
I also found it similar for the "Simple Password" Authentication.
While CCO and many Cisco books suggest to use the following 2
commands on both RTB & RTC:-
Area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bus
I found that I could also get the virtual-link to work by just one
command (on both RTB & RTC as well):-
area 1 virtual-link 3.3.3.3 authentication authentication-key bus
Any ideas will be greatly appreciated.
Thanks!!!
Hunt
http://digital.yahoo.com.au - Yahoo! Digital How To
- Get the best out of your PC!
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:27 GMT-3