Re: Area 0 - OSPF vlink auth.

From: wing_lam@jossynergy.com
Date: Mon Aug 11 2003 - 12:51:16 GMT-3

Hi,

If you "clear ip ospf pro", will the Adjacency State still got "Full"? I
have tested in my scenario that even I cannot see this row after OSPF
reload.

Thx,
BBD (Big Black Dog)

                                                                                                                                       
                      "Jason Cash"
                      <cash2001@swbell. To: <ccielab@groupstudy.com>
                      net> cc:
                      Sent by: Subject: Area 0 - OSPF vlink auth.
                      nobody@groupstudy
                      .com
                                                                                                                                       
                                                                                                                                       
                      08/11/2003 10:58
                      PM
                      Please respond to
                      "Jason Cash"
                                                                                                                                       
                                                                                                                                       

I was under the impression that if A0 was using authentication, that the
virtual link themselves would need to use that same key. It is even
explained in the following link:

http://www.cisco.com/warp/public/104/27.html

The scenario that I have is such:

(area50)R5(area10)R6(area0)R8

The config for R6:!

interface Serial0.2 point-to-point (to R5)
 ip address 150.4.10.9 255.255.255.248
 frame-relay interface-dlci 605
interface Serial1 (to R8)
 ip address 150.4.68.1 255.255.255.252
 encapsulation ppp
 ip ospf message-digest-key 1 md5 cisco
 clockrate 250000
 ppp quality 80
router ospf 1
 router-id 150.4.6.6
 log-adjacency-changes
 area 0 authentication message-digest
 area 10 virtual-link 150.4.5.5
 network 150.4.6.0 0.0.0.255 area 0
 network 150.4.10.0 0.0.0.7 area 20
 network 150.4.10.8 0.0.0.7 area 10
 network 150.4.68.0 0.0.0.3 area 0

R5 config:
interface Serial0.1 point-to-point
 ip address 150.4.10.10 255.255.255.248
 frame-relay interface-dlci 506
router ospf 1
 router-id 150.4.5.5
 log-adjacency-changes
 area 0 authentication message-digest
 area 10 virtual-link 150.4.6.6
 network 150.4.10.8 0.0.0.7 area 10
 network 150.4.50.0 0.0.0.255 area 50

R5#sh ip ospf vir
Virtual Link OSPF_VL0 to router 150.4.6.6 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 10, via interface Serial0.1, Cost of using 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:06
    Adjacency State FULL (Hello suppressed)
    Index 1/2, retransmission queue length 0, number of retransmission 2
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec
  Message digest authentication enabled
      No key configured, using default key id 0

R5#si os
     150.4.0.0/16 is variably subnetted, 10 subnets, 3 masks
O 150.4.6.0/24 [110/65] via 150.4.10.9, 00:07:41, Serial0.1
O IA 150.4.10.0/29 [110/192] via 150.4.10.9, 00:07:41, Serial0.1
O 150.4.8.0/24 [110/129] via 150.4.10.9, 00:07:41, Serial0.1
O IA 150.4.14.0/24 [110/129] via 150.4.10.9, 00:07:41, Serial0.1
O 150.4.68.0/30 [110/128] via 150.4.10.9, 00:07:41, Serial0.1

As you can see, R5 is getting the routes in the OSPF domain without the
auth-key defined. Does this contradict the link provided above from cisco?

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3