RE: [IEWBv4 lab3 - Question 4.5]: Virtual-Link Authentication

From: Scott Morris (swm@emanon.com)
Date: Thu Feb 22 2007 - 02:54:35 ART

Key 0 is a null key. This is the default key for MD5 authentication...

So you may be fooled by the fact that all your routing still works, however
you would lose points because your password is not 'cisco' (or whatever the
lab asks for).

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
nhatphuc
Sent: Thursday, February 22, 2007 12:15 AM
To: Cisco certification
Subject: [IEWBv4 lab3 - Question 4.5]: Virtual-Link Authentication

Hi Brians/group,

IEWBv4 Lab3, Question 4.5 require OSPF authentication in area 0.

In solutions, virtual-link authentication is required. But I don't configure
authentication on virtual-link and it still works.

It says using default key id 0. What is this key? and where is it from?

Thanks

This is my output:

Rack1R4#sh ip osp neighbor

Neighbor ID Pri State Dead Time Address Interface
150.1.5.5 0 FULL/ - - 136.1.45.5 OSPF_VL0
150.1.5.5 0 INIT/ - 00:01:57 136.1.245.5 Serial0/0
150.1.5.5 0 FULL/ - 00:00:35 136.1.45.5 Serial0/1
Rack1R4#sh ip osp neighbor

Neighbor ID Pri State Dead Time Address Interface
150.1.5.5 0 FULL/ - - 136.1.45.5 OSPF_VL0
150.1.5.5 0 INIT/ - 00:01:53 136.1.245.5 Serial0/0
150.1.5.5 0 FULL/ - 00:00:31 136.1.45.5 Serial0/1
Rack1R4#

Rack1R4#sh ip osp neighbor

Neighbor ID Pri State Dead Time Address Interface
150.1.5.5 0 FULL/ - - 136.1.45.5 OSPF_VL0
150.1.5.5 0 FULL/ - 00:01:57 136.1.245.5 Serial0/0
150.1.5.5 0 FULL/ - 00:00:35 136.1.45.5 Serial0/1
Rack1R4#sh ip ospf
 Routing Process "ospf 1" with ID 150.1.4.4 <ouput omitted>

    Area BACKBONE(0)
     Number of interfaces in this area is 3
    Area has message digest authentication
    SPF algorithm last executed 00:00:12.552 ago
    SPF algorithm executed 40 times
    Area ranges are

    Area 45
    Number of interfaces in this area is 1
    This area has transit capability: Virtual Link Endpoint
    Area has no authentication
    SPF algorithm last executed 00:16:48.668 ago
    SPF algorithm executed 8 times

Rack1R4#sh ip os vir
Virtual Link OSPF_VL0 to router 150.1.5.5 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 45, via interface Serial0/1, Cost of using 65534
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:02
    Adjacency State FULL (Hello suppressed)
    Index 2/3, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
  Message digest authentication enabled
      No key configured, using default key id 0

Rack1R5#sh ip os neighbor

Neighbor ID Pri State Dead Time Address Interface
150.1.4.4 0 FULL/ - - 136.1.45.4 OSPF_VL0
150.1.1.1 0 FULL/ - 00:00:35 136.1.15.1
Serial0/0.15
150.1.4.4 0 FULL/ - 00:01:52 136.1.245.4
Serial0/0.245
150.1.2.2 0 FULL/ - 00:01:55 136.1.245.2
Serial0/0.245
150.1.4.4 0 FULL/ - 00:00:37 136.1.45.4 Serial0/1

Rack1R5#sh ip os virtual-links
Virtual Link OSPF_VL0 to router 150.1.4.4 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 45, via interface Serial0/1, Cost of using 65534
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:06
    Adjacency State FULL (Hello suppressed)
    Index 4/5, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
  Message digest authentication enabled
      No key configured, using default key id 0

Rack1R5#sh ip os
 Routing Process "ospf 1" with ID 150.1.5.5 < output omitted>
    Area BACKBONE(0)
    Number of interfaces in this area is 4
    Area has message digest authentication
    SPF algorithm last executed 00:01:12.920 ago
    SPF algorithm executed 32 times
    Area ranges are
    Number of LSA 8. Checksum Sum 0x05733D
    Number of opaque link LSA 0. Checksum Sum 0x000000
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 1
    Flood list length 0
    Area 45
    Number of interfaces in this area is 1
    This area has transit capability: Virtual Link Endpoint
    Area has no authentication
    SPF algorithm last executed 00:17:46.100 ago
    SPF algorithm executed 8 times
    Area ranges are
    Number of LSA 22. Checksum Sum 0x0AC6C8
    Number of opaque link LSA 0. Checksum Sum 0x000000
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 0

I shut down the frame relay link and it still has connection via PPP link

Rack1R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R4(config)#int s0/0/0
Rack1R4(config-if)#shut
Rack1R4(config-if)#
*Feb 22 05:29:10.375: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.5.5 on Serial0/0
from FULL to DOWN, Neighbor Down: Interface down or detached
Rack1R4(config-if)#sh ip *Feb 22 05:29:12.375: %LINK-5-CHANGED: Interface
Serial0/0, changed state to administratively down *Feb 22 05:29:13.375:
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to
down

Rack1R4#sh ip os nei

Neighbor ID Pri State Dead Time Address Interface
150.1.5.5 0 FULL/ - - 136.1.45.5 OSPF_VL0
150.1.5.5 0 FULL/ - 00:00:39 136.1.45.5 Serial0/1
Rack1R4#

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART