RE: Simple Authentication on Area 0 and MD5 on Virtual link

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue May 24 2005 - 11:47:28 GMT-3

• Next message: ccie2be: "RE: rip default route vs summary 0.0.0.0 0.0.0.0"
• Previous message: Richard Dumoulin: "RE: Public address forVPN Tunnel"
• Maybe in reply to: gladston@br.ibm.com: "Simple Authentication on Area 0 and MD5 on Virtual link"
• Next in thread: gladston@br.ibm.com: "RE: Simple Authentication on Area 0 and MD5 on Virtual link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You have the MD5 key applied to the virtual-link but not the MD5
authentication. The virtual-link is an area 0 interface so it's
inheriting the "area 0 authentication" that you have configured. Use
the "area 113 virtual-link 142.20.4.1 authentication message-digest"
command to enable MD5 on the virtual-link.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> gladston@br.ibm.com
> Sent: Tuesday, May 24, 2005 8:02 AM
> To: ccielab@groupstudy.com
> Subject: Simple Authentication on Area 0 and MD5 on Virtual link
>
> router ospf 1
> router-id 142.20.5.1
> area 0 authentication
> area 113 authentication message-digest
> area 113 virtual-link 142.20.4.1 message-digest-key 11 md5 cisco2 <--
> A113-md5
> area 113 virtual-link 142.20.4.1 message-digest-key 13 md5 cisco3 <--
> rollover
>
>
> Rack2R5#sh ip os virtual-links
> Virtual Link OSPF_VL0 to router 142.20.4.1 is up
> Run as demand circuit
> DoNotAge LSA allowed.
> Transit area 113, via interface Dialer100, Cost of using 100
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:05
> Adjacency State FULL (Hello suppressed)
> Index 3/4, retransmission queue length 0, number of retransmission
1
> First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
> Last retransmission scan length is 1, maximum is 1
> Last retransmission scan time is 0 msec, maximum is 0 msec
> Simple password authentication enabled <--
> simple?
>
> Parkhurst's OSPF book says:
> "...prior to 12.0, if authentication was enabled in Area 0, then all
> virtual links had to be configured with the same authentication type."
>
> On this example, if I configure simple authentication on virtual link,
> ospf complains.
> If I configure md5, all is good.
>
> Reading Parkhurst I had the idea that after 12.0 we have the
flexibility
> to choose the same authentication used on area 0 or not.
> But practice (ios 12.2T) shows the router only works using the
> authentication used on the transit area.
>
> Do you have the same results?
>
> If I try to test rollover on the Virtual link, I can not see the
result
> using show ip ospf interface or sh ip ospf, because it says virtual
link
> is using simple authentication, even though md5 is configured.
>
>

• Next message: ccie2be: "RE: rip default route vs summary 0.0.0.0 0.0.0.0"
• Previous message: Richard Dumoulin: "RE: Public address forVPN Tunnel"
• Maybe in reply to: gladston@br.ibm.com: "Simple Authentication on Area 0 and MD5 on Virtual link"
• Next in thread: gladston@br.ibm.com: "RE: Simple Authentication on Area 0 and MD5 on Virtual link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:01 GMT-3