From: Petr Lapukhov (petrsoft@gmail.com)
Date: Sun Apr 02 2006 - 05:29:04 GMT-3
There is a little difference here..
One may enable "area 0 authentication" in router ospf mode.
That requires ALL area 0 links to be authenticated, including
Vlinks.
On the other hand, we could just turn on "per-interface" authentication
with "ip ospf authentication" commands. This way we may have
some of the links authenticated, and some of them not (that includes
vlinks - area xxx virtual-link 1.2.3.4 authentication ).
HTH
Petr
2006/4/2, Alexei Monastyrnyi <alexeim@orcsoftware.com>:
>
> Frank,
>
> you do have an adj over VL if you place only "area 0 auth me" on remote
> side
> of the link. But you don't have LSA going back and forth any longer, cause
> there is an auth type mismatch. If you did that in right order, i.e
> configured OSPF across the board and then applied authentication to area
> 0,
> your routes behind the VL will be in OSPF for a while )half an hour of
> so),
> but then disappear. Try to reload your lab at this point to see what
> proctor
> will see.
>
> Here is the output from R1, a remote part of VL.
>
> R1#
> 14:08:00: OSPF: Rcv pkt from 9.9.9.3, OSPF_VL1 : Mismatch Authentication
> type. Input packet specified type 2, we use type 0
>
> R1#sh ip os vi
> Virtual Link OSPF_VL1 to router 3.3.3.3 is up
> Run as demand circuit
> DoNotAge LSA allowed.
> Transit area 11, via interface FastEthernet0/0, Cost of using 2
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:00
>
> Here is the output from corresponding area 0 ABR. Have a note at "No key
> configured, using default key id 0"
>
> R3(config-router)#do show ip os vi
> Virtual Link OSPF_VL2 to router 1.1.1.1 is up
> Run as demand circuit
> DoNotAge LSA allowed.
> Transit area 11, via interface FastEthernet0/0, Cost of using 2
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:09
> Message digest authentication enabled
> No key configured, using default key id 0
>
> R3(config-router)#do deb ip os ev
> OSPF events debugging is on
> R3(config-router)#
> 14:15:51: OSPF: Rcv pkt from 9.9.10.1, OSPF_VL2 : Mismatch Authentication
> type. Input packet specified type 0, we use type 2
>
> A.
>
> ----- Original Message -----
> From: "sheng li" <slilxn@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, April 02, 2006 7:45 AM
> Subject: Virtual-link authentication and AREA 0 authentication
>
>
> > Folks,
> > I've heard statements from several people that when
> > OSPF area0 is configured with authentication, say,
> > md5, the virtual links connecting a remote area must
> > be also configured with the same authentication. I've
> > doubted it and my routers seem to be distributing
> > routes happily as long as the virtual-linked remote
> > ABR has "ar 0 auth mess". Can you help me clarify if
> > this is a real requirement or am I missing anything?
> >
> > Thanks!
> > Frank
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:55 GMT-3