From: Danny.Andaluz@triaton-na.com
Date: Wed Mar 17 2004 - 19:32:18 GMT-3
Here's how I think Virtual-link authentication works. I know this has been
discussed at great length on this board, but I think I have it down now and
want to double check.
Area5-----R1----area20-------R2------Area0-------R3------Area0-----R4------a
rea14
Area 0 is being authenticated using MD5. On R2, R3 and R4 I have
configured:
Area 0 authentication message-digest
Depending on the requirement, I can configure authentication on the link
between R3 and R2 and not configure authentication between R3 and R4. As
long as both sides have the same authentication configured (or not
configured), it will work. Also, even though R4 does not have
authentication configured on its only area 0 link, I still need to have
"area 0 authentication message-digest" configured under router OSPF (I'd
like to get an explanation for this. I think if you don't do it, you get
mismatched authentication type errors, but why?).
As far as the V-link goes, I only need to have "area 0 authentication
message-digest" configured on R1. I see this V-link as I see the two links
on R3 to R2 and R4. It can either have authentication configured or not; as
long as both ends match. As far as the V-link goes, as long as both ends
have the same config, it should work.
I think this is it. If not, please be gentle....
Thanks,
Danny
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:33 GMT-3