From: David Ham (ccieau@xxxxxxxxxxx)
Date: Sat Aug 17 2002 - 05:35:15 GMT-3
Hunt,
Look like you are asking two different issues.
I don't relate the virtual-link authentication with area authentication.
you only need area 0 authentication message-digest.
Regards,
David Ham
>From: Hunt Lee <ciscoforme3@yahoo.com.au>
>Reply-To: Hunt Lee <ciscoforme3@yahoo.com.au>
>To: ccielab@groupstudy.com
>Subject: Please Help ASAP: OSPF Authentication
>Date: Sat, 17 Aug 2002 14:46:23 +1000 (EST)
>
>Having a bad day, could someone please help me figure this out?
>
>RTA ----- RTB ----- RTC
>
>
>RTA's interface to RTB:- 10.1.1.1
>RTB's interface back to RTA:- 10.1.1.2
>RTB's interface to RTC:- 10.1.1.5
>RTC's interface back to RTB:- 10.1.1.6
>
>Each router also has it's own Loopback interface, where RTA has
>1.1.1.1/32, RTB has 2.2.2.2/32 & RTC has 3.3.3.3/32
>
>All 3 routers are running OSPF only:-
>
>Area 0 - between RTA & RTB (MD5 Authentication)
>Area 1 - between RTB & RTC
>Area 2 - just RTC's loopback interface (3.3.3.3/32)
>
>Here is the config. of RTA for Area 0 Authentication
>
>At RTA:-
>
>router ospf 1
> log-adjacency-changes
> area 0 authentication message-digest
> network 1.1.1.1 0.0.0.0 area 0
> network 10.1.1.0 0.0.0.3 area 0
>
>interface Serial0
> ip address 10.1.1.1 255.255.255.252
> ip ospf message-digest-key 2 md5 ciscoab
>
>
>Since Area 2 does not have a direct connection to Area 0, I have
>created a virtual link between RTB & RTC.
>
>I realised that by default, when authentication is enabled in Area 0,
>then this authentication type will be automatically applied to all
>interfaces in Area 0, including the virtual link that I have created
>between RTB & RTC.
>
>And hence, I will need the virtual link to be running MD5 too (coz
>RTB is already using MD5 for the Area 0 authentication). 2 commands
>are needed. Apart from the first command "area 1 virtual-link
>3.3.3.3 message-digest-key 2 md5 cisco" to specify the MD5 key &
>password for the Virtual-Link, the second command is where I am
>confused about. I have searched the CCO and books for this, they
>only mentioned to use "area 0 authentication message-digest" command
>on both RTB & RTC. But I found that it also works if you used
>"area 1 virtual-link 3.3.3.3 authentication message-digest" command
>on both RTB & RTC. Is this ok to use? Is there any gotcha on this??
>
>At RTB:-
>
>router ospf 2
> log-adjacency-changes
> area 0 authentication message-digest
> area 1 virtual-link 3.3.3.3 authentication message-digest
> area 1 virtual-link 3.3.3.3 message-digest-key 5 md5 haha
> network 2.2.2.2 0.0.0.0 area 0
> network 10.1.1.0 0.0.0.3 area 0
> network 10.1.1.4 0.0.0.3 area 1
>
>
>At RTC:-
>
>router ospf 3
> log-adjacency-changes
> area 1 virtual-link 2.2.2.2 authentication message-digest
> area 1 virtual-link 2.2.2.2 message-digest-key 5 md5 haha
> network 3.3.3.3 0.0.0.0 area 2
> network 10.1.1.4 0.0.0.3 area 1
>
>
>I also found it similar for the "Simple Password" Authentication.
>While CCO and many Cisco books suggest to use the following 2
>commands on both RTB & RTC:-
>
>Area 0 authentication
>area 1 virtual-link 3.3.3.3 authentication-key bus
>
>I found that I could also get the virtual-link to work by just one
>command (on both RTB & RTC as well):-
>
>area 1 virtual-link 3.3.3.3 authentication authentication-key bus
>
>
>Any ideas will be greatly appreciated.
>
>Thanks!!!
>
>Hunt
>
>http://digital.yahoo.com.au - Yahoo! Digital How To
>- Get the best out of your PC!
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:27 GMT-3