RE: Please Help ASAP: OSPF Authentication

From: sean@xxxxxxxxx
Date: Wed Aug 21 2002 - 21:02:07 GMT-3

• Next message: Ryaboy Vadim: "OT: routers, switches, ISDN sumulator for sale"
• Previous message: Nguyen, Thai: "RE: BGP Challenge"
• Maybe in reply to: Hunt Lee: "Please Help ASAP: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
 Hunt,

Sorry for getting back to you late. Yes, it holds true for the "simple
password" cases.
And you did it right for the 2 sets of configs to achieve the same results.
Good questions!

- Sean Liu
CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I

Think Tank Systems, LLC

                    Hunt Lee

                    <huntl@webcentr To: "'sean@ttank.com'" <sean@tta
nk.com>
                    al.com.au> cc:

                                           Subject: RE: Please Help ASAP: O
SPF Authentication
                    08/19/2002

                    06:46 PM

Sean,

So I would assume that it would be also true for "Simple Password"
Authentication??

Area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bus

has the same function as:-

area 1 virtual-link 3.3.3.3 authentication authentication-key bus

Thanks so much for your help again.

Best Regards,
Hunt Lee

-----Original Message-----
From: sean@ttank.com [mailto:sean@ttank.com]
Sent: Saturday, 17 August 2002 6:02 PM
To: Wu, Catherine
Cc: ccielab@groupstudy.com; ciscoforme3@yahoo.com.au;
nobody@groupstudy.com
Subject: RE: Please Help ASAP: OSPF Authentication

Catherine and Hunt,

You don't need to specify area 0 authentication message-digest on RTC,
since
you already have area 1 virtual-link 2.2.2.2 authentication message-digest
on RTC, it's redundant with the first command. You could, of course,
replace the command area 1 virtual-link 2.2.2.2 authentication
message-digest
with the area 0 authentication message-digest on RTC. That should still
work fine.
Go ahead and try it to test it out.

- Sean Liu

CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I

Think Tank Systems, LLC

                    "Wu,

                    Catherine" To: "'Hunt Lee'"
<ciscoforme3@yahoo.com.au>, ccielab@groupstudy.com
                    <cwu@NaviSite cc:

                    .com> Subject: RE: Please Help ASAP:
OSPF Authentication
                    Sent by:

                    nobody@groups

                    tudy.com

                    08/16/2002

                    09:59 PM

                    Please

                    respond to

                    "Wu,

                    Catherine"

RTC needs
router ospf 3
 area 0 authentication message-digest

Catherine

-----Original Message-----
From: Hunt Lee [mailto:ciscoforme3@yahoo.com.au]
Sent: Friday, August 16, 2002 9:46 PM
To: ccielab@groupstudy.com
Subject: Please Help ASAP: OSPF Authentication

Having a bad day, could someone please help me figure this out?

RTA ----- RTB ----- RTC

RTA's interface to RTB:- 10.1.1.1
RTB's interface back to RTA:- 10.1.1.2
RTB's interface to RTC:- 10.1.1.5
RTC's interface back to RTB:- 10.1.1.6

Each router also has it's own Loopback interface, where RTA has
1.1.1.1/32, RTB has 2.2.2.2/32 & RTC has 3.3.3.3/32

All 3 routers are running OSPF only:-

Area 0 - between RTA & RTB (MD5 Authentication)
Area 1 - between RTB & RTC
Area 2 - just RTC's loopback interface (3.3.3.3/32)

Here is the config. of RTA for Area 0 Authentication

At RTA:-

router ospf 1
 log-adjacency-changes
 area 0 authentication message-digest
 network 1.1.1.1 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0

interface Serial0
 ip address 10.1.1.1 255.255.255.252
 ip ospf message-digest-key 2 md5 ciscoab

Since Area 2 does not have a direct connection to Area 0, I have
created a virtual link between RTB & RTC.

I realised that by default, when authentication is enabled in Area 0,
then this authentication type will be automatically applied to all
interfaces in Area 0, including the virtual link that I have created
between RTB & RTC.

And hence, I will need the virtual link to be running MD5 too (coz
RTB is already using MD5 for the Area 0 authentication). 2 commands
are needed. Apart from the first command "area 1 virtual-link
3.3.3.3 message-digest-key 2 md5 cisco" to specify the MD5 key &
password for the Virtual-Link, the second command is where I am
confused about. I have searched the CCO and books for this, they
only mentioned to use "area 0 authentication message-digest" command
on both RTB & RTC. But I found that it also works if you used
"area 1 virtual-link 3.3.3.3 authentication message-digest" command
on both RTB & RTC. Is this ok to use? Is there any gotcha on this??

At RTB:-

router ospf 2
 log-adjacency-changes
 area 0 authentication message-digest
 area 1 virtual-link 3.3.3.3 authentication message-digest
 area 1 virtual-link 3.3.3.3 message-digest-key 5 md5 haha
 network 2.2.2.2 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.1.4 0.0.0.3 area 1

At RTC:-

router ospf 3
 log-adjacency-changes
 area 1 virtual-link 2.2.2.2 authentication message-digest
 area 1 virtual-link 2.2.2.2 message-digest-key 5 md5 haha
 network 3.3.3.3 0.0.0.0 area 2
 network 10.1.1.4 0.0.0.3 area 1

I also found it similar for the "Simple Password" Authentication.
While CCO and many Cisco books suggest to use the following 2
commands on both RTB & RTC:-

Area 0 authentication
area 1 virtual-link 3.3.3.3 authentication-key bus

I found that I could also get the virtual-link to work by just one
command (on both RTB & RTC as well):-

area 1 virtual-link 3.3.3.3 authentication authentication-key bus

Any ideas will be greatly appreciated.

Thanks!!!

Hunt

http://digital.yahoo.com.au - Yahoo! Digital How To
- Get the best out of your PC!

• Next message: Ryaboy Vadim: "OT: routers, switches, ISDN sumulator for sale"
• Previous message: Nguyen, Thai: "RE: BGP Challenge"
• Maybe in reply to: Hunt Lee: "Please Help ASAP: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:32 GMT-3