From: Jason Cash (cash2001@swbell.net)
Date: Mon Aug 11 2003 - 12:44:08 GMT-3
Then when would you want to use the md5 key on the virtual link? When a
different password than the a0 password is needed?
-----Original Message-----
From: Joe Martin [mailto:jmartin@capitalpremium.net]
Sent: Monday, August 11, 2003 10:11 AM
To: Jason Cash; ccielab@groupstudy.com
Jason,
The area 0 authentication [message-digest] command does enable
authentication for that area, but the key and key values are still
configured on an interface-byinterface basis. So if you have interfaces e0
and s0 in area 0 you will still need to configure the "ip ospf
message-digest-key 1 md5 cisco" command on those interfaces. In fact you
could use different keys on each interface.
HTH,
Joe Martin
CCIE #12035
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Jason
Cash
Sent: August 11, 2003 8:59 AM
To: ccielab@groupstudy.com
Subject: Area 0 - OSPF vlink auth.
I was under the impression that if A0 was using authentication, that the
virtual link themselves would need to use that same key. It is even
explained in the following link:
http://www.cisco.com/warp/public/104/27.html
The scenario that I have is such:
(area50)R5(area10)R6(area0)R8
The config for R6:!
interface Serial0.2 point-to-point (to R5) ip address 150.4.10.9
255.255.255.248 frame-relay interface-dlci 605 interface Serial1 (to R8)
ip address 150.4.68.1 255.255.255.252 encapsulation ppp ip ospf
message-digest-key 1 md5 cisco clockrate 250000 ppp quality 80 router ospf
1 router-id 150.4.6.6 log-adjacency-changes area 0 authentication
message-digest area 10 virtual-link 150.4.5.5 network 150.4.6.0 0.0.0.255
area 0 network 150.4.10.0 0.0.0.7 area 20 network 150.4.10.8 0.0.0.7 area
10 network 150.4.68.0 0.0.0.3 area 0
R5 config:
interface Serial0.1 point-to-point
ip address 150.4.10.10 255.255.255.248
frame-relay interface-dlci 506
router ospf 1
router-id 150.4.5.5
log-adjacency-changes
area 0 authentication message-digest
area 10 virtual-link 150.4.6.6
network 150.4.10.8 0.0.0.7 area 10
network 150.4.50.0 0.0.0.255 area 50
R5#sh ip ospf vir
Virtual Link OSPF_VL0 to router 150.4.6.6 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 10, via interface Serial0.1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 2
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Message digest authentication enabled
No key configured, using default key id 0
R5#si os
150.4.0.0/16 is variably subnetted, 10 subnets, 3 masks
O 150.4.6.0/24 [110/65] via 150.4.10.9, 00:07:41, Serial0.1
O IA 150.4.10.0/29 [110/192] via 150.4.10.9, 00:07:41, Serial0.1
O 150.4.8.0/24 [110/129] via 150.4.10.9, 00:07:41, Serial0.1
O IA 150.4.14.0/24 [110/129] via 150.4.10.9, 00:07:41, Serial0.1
O 150.4.68.0/30 [110/128] via 150.4.10.9, 00:07:41, Serial0.1
As you can see, R5 is getting the routes in the OSPF domain without the
auth-key defined. Does this contradict the link provided above from cisco?
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3