From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Sep 10 2007 - 14:09:28 ART
You need to enable authentication in addition to applying the key.
You can either enable it on all interfaces in area 0 (including any virtual
links) with the "area 0 authentication message-digest" command, or you can
enable it on a per interface basis. For real interfaces this is the "ip
ospf authentication message-digest" interface level command, for the
virtual-link it's the "area x virtual-link a.b.c.d authentication
message-digest" command. Look at the "show ip ospf interface" to see which
links have authentication enabled.
HTH,
Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ISolveSystems
> Sent: Monday, September 10, 2007 11:32 AM
> To: Cisco certification
> Subject: When is "area 23 virtual-link 150.1.2.2 authentication message-
> digest" needed
>
> I have configured virtual-link md5 auth on a few neighbors. One of them
> won't become adjacent without "area 23 virtual-link 150.1.2.2
> authentication
> message-digest". Any idea why?
>
> area 23 virtual-link 150.1.2.2 authentication message-digest
> area 23 virtual-link 150.1.2.2 message-digest-key 1 md5 CISCO
>
> Thanks.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART