From: gladston@br.ibm.com
Date: Tue May 24 2005 - 10:01:30 GMT-3
router ospf 1
router-id 142.20.5.1
area 0 authentication
area 113 authentication message-digest
area 113 virtual-link 142.20.4.1 message-digest-key 11 md5 cisco2 <--A113-md5
area 113 virtual-link 142.20.4.1 message-digest-key 13 md5 cisco3 <--rollover
Rack2R5#sh ip os virtual-links
Virtual Link OSPF_VL0 to router 142.20.4.1 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 113, via interface Dialer100, Cost of using 100
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 3/4, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Simple password authentication enabled <-- simple?
Parkhurst's OSPF book says:
"...prior to 12.0, if authentication was enabled in Area 0, then all virtual links had to be configured with the same authentication type."
On this example, if I configure simple authentication on virtual link, ospf complains.
If I configure md5, all is good.
Reading Parkhurst I had the idea that after 12.0 we have the flexibility to choose the same authentication used on area 0 or not.
But practice (ios 12.2T) shows the router only works using the authentication used on the transit area.
Do you have the same results?
If I try to test rollover on the Virtual link, I can not see the result using show ip ospf interface or sh ip ospf, because it says virtual link is using simple authentication, even though md5 is configured.
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:01 GMT-3