From: Danny Cox (dandermanuk@gmail.com)
Date: Sun Nov 13 2005 - 15:31:17 GMT-3
On 11/11/05, Schulz, Dave <DSchulz@dpsciences.com> wrote:
> I was thinking about all the ways that the lab could possibly ask for
> authentication in OSPF, and a thought came to mind....what if, they ask to
> perform area 0 authentication, and, you happen do have a virtual link. Would
> you also put authentication on the virtual link, like you would on a tunnel
> that is part of area 0. Technically, you could call the virtual link an
> "extension of area 0".
I was doing some work on this earlier today. Others have talked about
having to authenticate the virtual links as well. What's also
interesting is to look at how md5 is used. It's easy to think you've
configured it but find you haven't, which I thought was quite
interesting. Known to many I'm sure, but anyway - for the record:
router ospf 1
area 0 authentication message-digest
area 30 virtual-link 150.10.7.7 authentication message-digest
area 30 virtual-link 150.10.7.7 message-digest-key 1 md5 cisco
Without the second of these lines, a 'show ip ospf virtual-link' gives
a null key although it's md5 authenticated. If you don't remember the
message-digest in the first of the area30 lines, then you get plain
authentication - and lose your points no doubt :-(
Danny
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3