From: Benny Chong (c_benny@hotmail.com)
Date: Fri Nov 01 2002 - 18:48:10 GMT-3
I just figured out that I don't need to configure authentication on the
virtual link between R3 and R4, and it will work. As long as I configure
'area 0 authentication message-digest' on R4. This is a little bit strange,
because there is no area 0 interface on R4, and I am not 100% sure why... My
thought is because area 0 is running md5 authentication, and the virtual
link to R4 is an extension to area 0, and so the R4 is actually the ABR of
area 0 and area 2 (am i right?), so I need to configure 'area 0
authentication message-digest' on R4. Does anyone has another explanation
or do you guys think this is correct? And when I configure this command on
R4, the 'authentication type mismatch' message on R3 and R4 disappear. And
the ethernet interface on R4 (area 2) can ping to R1 (which is not pingable
before I configure the area 0 authentication command on R4).
-------R1--------R2--------R3----------R4--------
area1 area 0 area 0 area 1 area 2
>From: aansar@sscomp.com.sg
>To: "Benny Chong" <c_benny@hotmail.com>
>CC: ccielab@groupstudy.com,nobody@groupstudy.com
>Subject: Re: OSPF virtual link authentication
>Date: Fri, 1 Nov 2002 10:53:52 +0800
>
>when you use virtual link . virtual link is considered as link in the area
>0 , so if you have authentication in AREA 0 , virtual link should have
>authentication , and it has to be the same type of authentication (simple
>or MD5) as configured in area 0. and if you configure authentication (any)
> in area 0 all interfaces of area 0 must have same authentication . all
>this is true if you are using older ios , i think WITH IOS 11.0 are
>earlier.
>
>now with 12.X and above you can have authentication as you required
>combinations
>1. area 0 can have authentication and virtual link without any
>authentication
>2.area 0 can have simple authentication , interfaces of area 0 can have
>different authentication say MD5
>3. area 0 with authentication , other areas without any authentication
>4. area 0 with auth , virtual link without any auth
>
>
>you have to add this <area 1 virtual-link 200.0.0.7 authentication
>message-diggest> first before
>keying in the key
>or you can use null authentication for the virtual link.
>
>hope i am correct , if not , pls correct me .
>thanks
>aa
>
>
>
>
>
>"Benny Chong" <c_benny@hotmail.com>
>Sent by: nobody@groupstudy.com
>01-11-02 10:29 AM
>Please respond to "Benny Chong"
>
>
> To: ccielab@groupstudy.com
> cc:
> Subject: OSPF virtual link authentication
>
>
>Hi all experts,
>
>------R1--------R2---------R3---------R4--------
>area1 area0 area0 area1 area2
>
>
>if area 0 is running md5 authentication, when I configure the virutal link
>
>between R3 and R4 to connect area 2 to area 0, I think I need to configure
>
>authentication for the virtual link, because when i 'debug ip ospf adj', i
>
>saw R3 is showing message that it receive authentication packet from R4,
>but
>the authentication type didn't match. I try to configure
>
>area 1 virtual-link 200.0.0.7 message-digest-key 1 md5 cisco
>
>on both R3 and R4, but it didn't work. Anyone has an idea?
>
>Thanks!
>Benny
>
>
>_________________________________________________________________
>Unlimited Internet access -- and 2 months free! Try MSN.
>http://resourcecenter.msn.com/access/plans/2monthsfree.asp
>
>
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:51 GMT-3