From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Jul 25 2003 - 14:20:11 GMT-3
Thanks all for your responses.
I'd just to be clear on this - the reason routing is working ie. R1 is
learning routes from R5's area 5 over the virtual link is because the
virtual link is using the 'Null" password. Or, to say it another way, area
0 authentication is working but I've found a way to circumvent it over the
virtual link. Would you agree? Raj
----- Original Message -----
From: "Jonathan V Hays" <jhays@jtan.com>
To: "'William Lijewski'" <ccie8642@hotmail.com>; <ccie2be@nyc.rr.com>;
<ccielab@groupstudy.com>
Sent: Friday, July 25, 2003 12:47 PM
Subject: RE: Unexpected ospf authentication behavior
Thanks for that clarification, Bill. I'd like to add one of my own,
here.
Although configuring the same password on all area 0 links may be
desirable (from the standpoint of fewer passwords to remember) it is not
a requirement. It should be emphasized that the passwords are checked on
a link by link basis.
You may configure a different password across the virtual link than the
password used for other area 0 links. I have just verified this in my
lab, with a different password on every link.
To make this crystal clear, the frame link between R6 and R5 in area 0
might use password "cisco" on both ends. However, an area 0 BRI link
between R6 and R5 might use password "nortel" on each end. And a virtual
link through area 1 might use password "3com" on each end. In sipte of
all different passwords you will have full OSPF connectivity.
HTH,
Jonathan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
William Lijewski
Sent: Friday, July 25, 2003 12:21 PM
To: ccie2be@nyc.rr.com; ccielab@groupstudy.com
Subject: Re: Unexpected ospf authentication behavior
The Virtual Link is using a 'NULL' password since there isn't one
configured. Use the command 'show ip ospf virtual-link' on each router
and
take a look at the last line. You should add the authentication-key to
the
virtual-link on both sides so it uses the same password as the rest of
area
0 since the virtual-link is an extension of area 0.
Bill Lijewski
CCIE #8642
>From: "ccie2be" <ccie2be@nyc.rr.com>
>Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
>To: "Group Study" <ccielab@groupstudy.com>
>Subject: Unexpected ospf authentication behavior
>Date: Fri, 25 Jul 2003 10:40:44 -0400
>
>Hi,
>
>I got authentication to work where I expected it wouldn't. Here's the
>setup:
>
>
>R3 area0 R1 area1 R5 area 5
>
>
>Area 0 has simple authen enabled and there's a virtual link between R1
and
>R5
>and R1 & R5 share an Ethernet.
>
>Here are portions of the configs of R1 and R5
>
>R1
>
>router os 1
>area 0 authen
>area 1 virtual-link 192.168.5.5
>
>(Interfaces in Area0 include the command, " ip os authentication-key 0
>ccie")
>
>R5
>
>router os 1
>area 0 authen
>area 1 virtual-link 192.168.1.1
>
>Except, for area 0 authen, as seen above, no other authentication
commands
>were used on R5. Therefore, R5 has no knowledge of the area 0
password,
>ccie,
>but routes in area 5 are still seen on R1. I expected I would have had
to
>add
>additional commands to R1 and R5 to specify the area 0 password, but I
>didn't
>have to. All routers are running IOS 12.1.
>
>Is this suppose to work this way? Or, is this some sort of anomoly?
>
>Thanks, Raj
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:53 GMT-3