From: info@mpauli.de
Date: Fri Oct 03 2003 - 11:52:51 GMT-3
Hi Guys,
it seems, that you have to use the same type of authentication as the area youre going through has.
In my scenario, Area 0 has noch authentication, but area 1 has. I had to use authent. on virt. link to have it established.
Cheers
Marcus
-------- Original Message --------
Subject: RE: OSPF idiot infront of the router ... (03-Okt-2003 16:24)
From: mbyers@gramtel.net
To: asep.ruhimat@asaba.co.id
> Clear text. Just like Bill said below a virtual link is a connection to
> area 0 so the authentication mechanism must match that of area 0.
>
> Micah J. Byers- CCIE #12079
> Senior Network Engineer
> Hypervine
> mbyers@hypervine.net
> P: 574-472-4726
> F: 574-472-0904
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Asep Ruhimat
> Sent: Thursday, October 02, 2003 10:26 PM
> To: Brian Dennis; William Lijewski; info@mpauli.de; ccielab@groupstudy.com
>
> Hi Guys !
> Good for answer.
>
> But if there are area 0 is used cleartext authentication and area 1 is
> used hash authentication.
> then what is authentication for area 1 Virtual link, is it used cleartext
> authentication or hash authentication ?
> ref. for your solution should used cleartext authentication.
> Correct me if wrong!
>
> regards,
>
> Asep
>
>
> -----Original Message-----
> From: Brian Dennis [mailto:bdennis@internetworkexpert.com]
> Sent: Friday, October 03, 2003 12:17 AM
> To: 'William Lijewski'; info@mpauli.de; ccielab@groupstudy.com
> Subject: RE: OSPF idiot infront of the router ...
>
>
> As an alternative we could override area 0 authentication on the virtual
> link by setting it back to the default of null authentication.
>
> R5:
> router ospf 1
> router-id 5.5.5.5
> area 0 authentication message-digest
> area 1 virtual-link 3.3.3.3 authentication null
>
> R3:
> router ospf 1
> router-id 3.3.3.3
> area 1 virtual-link 5.5.5.5
>
>
> Also if we were not permitted to use the "area <area-id> authentication
> message-digest" command on R3 we could just enable it for the virtual
> link itself:
>
> R5:
> router ospf 1
> router-id 5.5.5.5
> area 0 authentication message-digest
> area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
>
> R3:
> router ospf 1
> router-id 3.3.3.3
> area 1 virtual-link 5.5.5.5 authentication message-digest
> area 1 virtual-link 5.5.5.5 message-digest-key 1 md5 cisco
>
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> William Lijewski
> Sent: Thursday, October 02, 2003 9:57 AM
> To: info@mpauli.de; ccielab@groupstudy.com
> Subject: Re: OSPF idiot infront of the router ...
>
> You are correct that you would need a virtual-link to connect Area 3
> with
> Area 0. However you do not need to put the same authentication on the
> virtual-link that the transit area has. The virtual-link is an
> extension of
> Area 0 - your basically dragging Area 0 over to R3. Since the
> virtual-link
> is an extension of Area 0, if you are doing Area authentication on Area
> 0
> you should use the same type of authentication on the virtual-link. The
>
> configuration would look something like this if you were doing MD5
> authentication on Area 0:
>
> R5
>
> router ospf 1
> router-id 5.5.5.5
> area 0 authentication message-digest
> area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
>
> R3
>
> router ospf 1
> router-id 3.3.3.3
> area 0 authentication message-digest
> area 1 virtual-link 5.5.5.5 message-digest-key 1 md5 cisco
>
> On R3 we need the command 'area 0 authentication message-digest' since
> we
> have carried Area 0 over the virtual-link to R3, R3 is now running Area
> 0.
> We have to tell R3 to use the message-digest-key that we have configured
> on
> the virtual-link. Both sides of the virtual-link will then use Key 1
> with
> the password Cisco to authenticate.
>
> Bill Lijewski
> CCIE #8642
> Network Learning Inc
> 5 Day R&S CCIE Bootcamp Instructor
>
>
>
> >From: info@mpauli.de
> >Reply-To: info@mpauli.de
> >To: ccielab@groupstudy.com
> >Subject: OSPF idiot infront of the router ...
> >Date: 02 Oct 2003 16:27:08 UT
> >
> >Hello guys,
> >
> >I've spend the whole day to troubleshoot my OSPF-lab and I would like
> to
> >share my gathered knowledge with you.
> >
> >Imagen the following situation:
> >
> >R4-----------------------R3----------------R5--------------R2
> >OSPF-Demand, Area 3 Area 3/1 Area 1/0 Area 0
> >
> >My OSPF-Database was not euqal on all routers, because:
> >
> >Each ABR (R3 in my case) needs to be attached to area0 !!! (Now that I
> know
> >that, I read it everywhere....) :-)
> >Thus I installed a virtual link to R5 and everything was fine.
> >
> >By the way, if the transit area is authenticated, the virt. link must
> be
> >authenticated as well.
> >
> >Cheers
> >Marcus
> >
> >
> >-------- Original Message --------
> >Subject: RE: Cisco memory allocation problem--need advice (02-Okt-2003
> >18:12)
> >From: eteisbe@qwest.com
> >To: alee@cccis.com
> >
> > > Arthur,
> > >
> > > Here's a quick way to check to see if the issue is virus ICMP
> traffic
> > > (likely).
> > >
> > > Create a two line access-list:
> > >
> > > access-list 101 deny icmp any any
> > > access-list 101 permit ip any any
> > >
> > > Apply the list in-bound on the LAN interface:
> > >
> > > ip access-group 101 in
> > >
> > > You will likely see thousands of hits on the "deny icmp any any"
> line of
> > > the access-list in a short period of time when you do a "show
> > > access-list".
> > >
> > > I have seen the exact same thing happen on several routers. It can
> take
> > > down a router with or without NAT running. It is likely a couple of
> > > machines (or more) infected with Welshe or Nachi virus. It's amazing
> how
> > > much traffic one or two machines can generate when infected with
> these
> > > viruses.
> > >
> > > HTH
> > > -Evan.
> > >
> > >
> > > -----Original Message-----
> > > From: alee@cccis.com [mailto:alee@cccis.com]
> > > Sent: Thursday, October 02, 2003 10:40 AM
> > > To: ccielab@groupstudy.com
> > > Subject: Cisco memory allocation problem--need advice
> > >
> > >
> > > Has anyone seen the following message in your router log? On Sep.
> 29, a
> > > couple of our remote routers, plus ISP router had the memory problem
> > > suddenly. I saw someone posted router rebooted due to virus. Not
> sure
> > > if
> > > it's related. I think it's very likely since we never have the
> problem
> > > before. Any advice? BTW, here the IOS we are running. IOS (tm)
> > > C2600
> > > Software (C2600-JS-M), Version 12.1(20). Thanks.
> > >
> > >
> > > Sep 29 08:40:42 EST: %SYS-2-MALLOCFAIL: Memory allocation of 20000
> bytes
> > > failed
> > > from 0x802AFFE0, alignment 0
> > > Pool: Processor Free: 8471376 Cause: Memory fragmentation
> > > Alternate Pool: None Free: 0 Cause: No Alternate pool
> > >
> > >
> > >
> > > Arthur Lee
> > > Senior Network Engineer
> > >
> > > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> > >
> _______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study materials
> from:
> > > shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> > >
> _______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study materials
> from:
> > > shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >shop.groupstudy.com
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Get McAfee virus scanning and cleaning of incoming attachments. Get
> Hotmail
> Extra Storage! http://join.msn.com/?PAGE=features/es
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
To: mbyers@gramtel.net
Cc: ccielab@groupstudy.com
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:56 GMT-3