RE: OSPF virtual link authentication

From: Scott Livingston (scottl@sprinthosting.net)
Date: Fri Nov 01 2002 - 13:01:51 GMT-3

• Next message: Leo Song: "PIX Capture"
• Previous message: Chuck Church: "OT: Ping Data patterns for circuit testing"
• Maybe in reply to: Janto Cin: "RE: OSPF virtual link authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What I have noticed is that if you configure authentication directly on
the AREA 0 interfaces and not under the PID then you do NOT need to
configure authentication for the VL.

If you configure the AREA 0 authentication under the PID and
corresponding command under the interface you will need to slap 'are 0
authentication' under the PID for the non AREA 0 VL router.... Unless
you 'null' out the auth on the VL non AREA 0 router.

Please correct me if memory is not serving me right.

Thank You,
Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
aansar@sscomp.com.sg
Sent: Thursday, October 31, 2002 8:54 PM
To: Benny Chong
Cc: ccielab@groupstudy.com; nobody@groupstudy.com
Subject: Re: OSPF virtual link authentication

when you use virtual link . virtual link is considered as link in the
area
0 , so if you have authentication in AREA 0 , virtual link should have
authentication , and it has to be the same type of authentication
(simple
or MD5) as configured in area 0. and if you configure authentication
(any)
 in area 0 all interfaces of area 0 must have same authentication . all
this is true if you are using older ios , i think WITH IOS 11.0 are
earlier.

now with 12.X and above you can have authentication as you required
combinations
1. area 0 can have authentication and virtual link without any
authentication
2.area 0 can have simple authentication , interfaces of area 0 can have
different authentication say MD5
3. area 0 with authentication , other areas without any authentication
4. area 0 with auth , virtual link without any auth

you have to add this <area 1 virtual-link 200.0.0.7 authentication
message-diggest> first before
keying in the key
or you can use null authentication for the virtual link.

hope i am correct , if not , pls correct me .
thanks
aa

"Benny Chong" <c_benny@hotmail.com>
Sent by: nobody@groupstudy.com
01-11-02 10:29 AM
Please respond to "Benny Chong"

 
        To: ccielab@groupstudy.com
        cc:
        Subject: OSPF virtual link authentication

Hi all experts,

------R1--------R2---------R3---------R4--------
area1 area0 area0 area1 area2

if area 0 is running md5 authentication, when I configure the virutal
link

between R3 and R4 to connect area 2 to area 0, I think I need to
configure

authentication for the virtual link, because when i 'debug ip ospf adj',
i

saw R3 is showing message that it receive authentication packet from R4,

but
the authentication type didn't match. I try to configure

area 1 virtual-link 200.0.0.7 message-digest-key 1 md5 cisco

on both R3 and R4, but it didn't work. Anyone has an idea?

Thanks!
Benny

• Next message: Leo Song: "PIX Capture"
• Previous message: Chuck Church: "OT: Ping Data patterns for circuit testing"
• Maybe in reply to: Janto Cin: "RE: OSPF virtual link authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:50 GMT-3