From: Jerry Haverkos (jhaverkos@columbus.rr.com)
Date: Thu Dec 26 2002 - 17:42:11 GMT-3
Lysuk
I am on IOS 12.1.13 and my configs show no correlation between
authentication of area 0 and authentication on the virtual link. The
following are excerpts from my configs on the router that houses area 0 and
participates as part of the virtual link in my network. They show that there
is no correlation in my network.
3640-1_R1#sho ip ospf virtual-links
Virtual Link OSPF_VL0 to router 0.0.0.4 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 4, via interface Serial1/0.4, Cost of using 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 1/4, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
Youngest key id is 1
Note -- on the router there is only one interface in area 0 and it does not
specify authentication
3640-1_R1#
router ospf 100
router-id 0.0.0.1
log-adjacency-changes
no discard-route internal
area 0 range 149.1.254.0 255.255.255.0
area 0 range 149.1.0.0 255.255.0.0
area 1 range 149.1.1.0 255.255.255.0
area 2 authentication message-digest
area 2 stub no-summary
area 2 range 149.1.2.0 255.255.255.0
area 4 range 149.1.4.0 255.255.255.0
area 4 virtual-link 0.0.0.4 authentication message-digest
area 4 virtual-link 0.0.0.4 message-digest-key 1 md5 cubbies
area 5 authentication message-digest
area 5 nssa no-summary
area 5 range 149.1.5.0 255.255.255.0
summary-address 17.0.0.0 255.0.0.0 not-advertise
network 149.1.1.0 0.0.0.255 area 1
network 149.1.2.0 0.0.0.255 area 2
network 149.1.4.0 0.0.0.255 area 4
network 149.1.5.0 0.0.0.255 area 5
network 149.1.254.254 0.0.0.0 area 0
neighbor 149.1.2.254
neighbor 149.1.4.254
neighbor 149.1.5.254
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Justin Menga
Sent: Thursday, December 26, 2002 1:11 AM
To: Jude Servi; 'Robert Slaski'; 'Manish Gupta'
Cc: 'Lysyuk Andrew'; ccielab@groupstudy.com
Subject: RE: Help me pls with OSPF authentication.
Also, if you enable authentication for a virtual link, you must also ensure
area 0 has authentication enabled:
router ospf 1
area 0 authentication
area 1 virtual-link .....
Regards,
Justin
-----Original Message-----
From: Jude Servi [mailto:jservi@cisco.com]
Sent: Wednesday, December 25, 2002 12:36 PM
To: 'Robert Slaski'; 'Manish Gupta'
Cc: 'Lysyuk Andrew'; ccielab@groupstudy.com
Subject: RE: Help me pls with OSPF authentication.
Don't forget to add authentication to a virtual link if needed. Example for
md5 auth:
router ospf 1
area # virtual-link <neighbor ip addr> authentication message-digest
message-digest-key # <key>
Jude
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Robert Slaski
Sent: Saturday, December 21, 2002 11:16 AM
To: Manish Gupta
Cc: Lysyuk Andrew; ccielab@groupstudy.com
Subject: Re: Help me pls with OSPF authentication.
Manish Gupta wrote:
> I always prefer
>
> Under router ospf x
> area x authentication (plain or MD5)
>
> Under interface:
> ip opsf authetication <password> if plain
You meant 'ip ospf authentication-key' I think, but this does not answer
the Andrew's question.
There are two authentication types available in OSPF: per area and per
interface, if both are configured then per interface authentication
takes precedence. Both have plain-text and MD5 checksum variants.
Per area:
1. enable area authentication
(config-router)# area <area> authentication [message-digest]
2. setup keys (this should be done on each area interface)
(config-if)# ip ospf authentication-key <text> # for plain text
or
(config-if)# ip ospf message-digest-key <key_id> md5 0 <text> # for MD5
Per interface:
1. enable interface authentication
(config-if)# ip ospf authentication [message-digest | null]
2. setup keys (same as above)
mikrobi,
-- . .
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:53 GMT-3