From: Jonathan V Hays (jhays@jtan.com)
Date: Fri Jul 25 2003 - 14:20:38 GMT-3
I have no disagreement there - it's best to follow the CCIE Lab
instructions to the letter and to avoid getting too fancy (overthinking
a problem or overconfiguing a solution).
Jonathan
-----Original Message-----
From: William Lijewski [mailto:ccie8642@hotmail.com]
Sent: Friday, July 25, 2003 1:17 PM
To: jhays@jtan.com; ccie2be@nyc.rr.com; ccielab@groupstudy.com
Subject: RE: Unexpected ospf authentication behavior
Yep, you CAN use a different password on every link, or no password at
all
on certain links as long as both sides of the links match. However, for
lab
purposes if I'm told to use area 0 authentication, I would always use
the
same password for ALL of the links in the area, Virtual Links included.
Bill Lijewski
CCIE #8642
>From: "Jonathan V Hays" <jhays@jtan.com>
>Reply-To: "Jonathan V Hays" <jhays@jtan.com>
>To: "'William Lijewski'" <ccie8642@hotmail.com>, <ccie2be@nyc.rr.com>,
><ccielab@groupstudy.com>
>Subject: RE: Unexpected ospf authentication behavior
>Date: Fri, 25 Jul 2003 12:47:23 -0400
>
>Thanks for that clarification, Bill. I'd like to add one of my own,
>here.
>
>Although configuring the same password on all area 0 links may be
>desirable (from the standpoint of fewer passwords to remember) it is
not
>a requirement. It should be emphasized that the passwords are checked
on
>a link by link basis.
>
>You may configure a different password across the virtual link than the
>password used for other area 0 links. I have just verified this in my
>lab, with a different password on every link.
>
>To make this crystal clear, the frame link between R6 and R5 in area 0
>might use password "cisco" on both ends. However, an area 0 BRI link
>between R6 and R5 might use password "nortel" on each end. And a
virtual
>link through area 1 might use password "3com" on each end. In sipte of
>all different passwords you will have full OSPF connectivity.
>
>HTH,
>
>Jonathan
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>William Lijewski
>Sent: Friday, July 25, 2003 12:21 PM
>To: ccie2be@nyc.rr.com; ccielab@groupstudy.com
>Subject: Re: Unexpected ospf authentication behavior
>
>
>The Virtual Link is using a 'NULL' password since there isn't one
>configured. Use the command 'show ip ospf virtual-link' on each router
>and
>take a look at the last line. You should add the authentication-key to
>the
>virtual-link on both sides so it uses the same password as the rest of
>area
>0 since the virtual-link is an extension of area 0.
>
>Bill Lijewski
>CCIE #8642
>
>
> >From: "ccie2be" <ccie2be@nyc.rr.com>
> >Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
> >To: "Group Study" <ccielab@groupstudy.com>
> >Subject: Unexpected ospf authentication behavior
> >Date: Fri, 25 Jul 2003 10:40:44 -0400
> >
> >Hi,
> >
> >I got authentication to work where I expected it wouldn't. Here's
the
> >setup:
> >
> >
> >R3 area0 R1 area1 R5 area 5
> >
> >
> >Area 0 has simple authen enabled and there's a virtual link between
R1
>and
> >R5
> >and R1 & R5 share an Ethernet.
> >
> >Here are portions of the configs of R1 and R5
> >
> >R1
> >
> >router os 1
> >area 0 authen
> >area 1 virtual-link 192.168.5.5
> >
> >(Interfaces in Area0 include the command, " ip os authentication-key
0
> >ccie")
> >
> >R5
> >
> >router os 1
> >area 0 authen
> >area 1 virtual-link 192.168.1.1
> >
> >Except, for area 0 authen, as seen above, no other authentication
>commands
> >were used on R5. Therefore, R5 has no knowledge of the area 0
>password,
> >ccie,
> >but routes in area 5 are still seen on R1. I expected I would have
had
>to
> >add
> >additional commands to R1 and R5 to specify the area 0 password, but
I
> >didn't
> >have to. All routers are running IOS 12.1.
> >
> >Is this suppose to work this way? Or, is this some sort of anomoly?
> >
> >Thanks, Raj
> >
> >
>
>_______________________________________________________________________
> >You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
>_________________________________________________________________
>Tired of spam? Get advanced junk mail protection with MSN 8.
>http://join.msn.com/?page=features/junkmail
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:53 GMT-3