From: ISolveSystems (support@isolvesystems.com)
Date: Mon Sep 10 2007 - 14:30:13 ART
On R3 and R4, I don't have "area 0 authentication message-digest" command
and "area x virtual-link a.b.c.d authentication message-digest", and the
virtual-link neighbor up. Check it out below.
Rack1R4#sh run | sec osp
router ospf 1
router-id 150.1.4.4
log-adjacency-changes
area 34 authentication
area 34 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
area 45 authentication
area 45 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
area 48 authentication
area 90 authentication
redistribute connected subnets route-map CONN>OSPF
network 191.1.34.4 0.0.0.0 area 34
network 191.1.40.4 0.0.0.0 area 90
network 191.1.45.4 0.0.0.0 area 45
network 191.1.48.4 0.0.0.0 area 48
network 191.1.49.4 0.0.0.0 area 90
Rack1R4#sh ip osp nei
Neighbor ID Pri State Dead Time Address Interface
150.1.5.5 0 FULL/ - 00:00:36 191.1.45.5 OSPF_VL2
150.1.3.3 0 FULL/ - - 191.1.34.3 OSPF_VL1
150.1.3.3 0 FULL/ - 00:00:37 191.1.34.3
Serial0/0/0
150.1.5.5 1 FULL/DR 00:00:38 191.1.45.5
FastEthernet0/0.45
150.1.8.8 1 FULL/DR 00:00:31 191.1.48.8
FastEthernet0/1
150.1.9.9 1 FULL/DR 00:00:30 191.1.49.9
FastEthernet0/0.49
150.1.10.10 1 FULL/DR 00:00:36 191.1.40.10
FastEthernet0/0.40
Rack1R3(config-router)#do sh run | sec osp
router ospf 1
router-id 150.1.3.3
log-adjacency-changes
area 13 authentication
area 23 authentication
area 23 virtual-link 150.1.2.2 authentication message-digest
area 23 virtual-link 150.1.2.2 message-digest-key 1 md5 CISCO
area 34 authentication
area 34 virtual-link 150.1.4.4 message-digest-key 1 md5 CISCO
redistribute connected subnets route-map CONN>OSPF
redistribute rip subnets route-map RIP>OSPF
network 191.1.13.3 0.0.0.0 area 13
network 191.1.23.3 0.0.0.0 area 23
network 191.1.34.3 0.0.0.0 area 34
default-information originate route-map CONN_TO_BB2orBB3
redistribute ospf 1 metric 1
Rack1R3(config-router)#do sh ip osp nei
Neighbor ID Pri State Dead Time Address Interface
150.1.2.2 0 FULL/ - - 191.1.23.2 OSPF_VL2
150.1.4.4 0 FULL/ - - 191.1.34.4 OSPF_VL1
150.1.1.1 0 FULL/ - 00:00:39 191.1.13.1
Serial0/2/0
150.1.2.2 0 FULL/ - 00:00:30 191.1.23.2
Serial0/3/0
150.1.4.4 0 FULL/ - 00:00:37 191.1.34.4
Serial0/0/0
On 9/10/07, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
>
> You need to enable authentication in addition to applying the key.
> You can either enable it on all interfaces in area 0 (including any
> virtual
> links) with the "area 0 authentication message-digest" command, or you can
> enable it on a per interface basis. For real interfaces this is the "ip
> ospf authentication message-digest" interface level command, for the
> virtual-link it's the "area x virtual-link a.b.c.d authentication
> message-digest" command. Look at the "show ip ospf interface" to see
> which
> links have authentication enabled.
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > ISolveSystems
> > Sent: Monday, September 10, 2007 11:32 AM
> > To: Cisco certification
> > Subject: When is "area 23 virtual-link 150.1.2.2 authentication message-
> > digest" needed
> >
> > I have configured virtual-link md5 auth on a few neighbors. One of them
> > won't become adjacent without "area 23 virtual-link 150.1.2.2
> > authentication
> > message-digest". Any idea why?
> >
> > area 23 virtual-link 150.1.2.2 authentication message-digest
> > area 23 virtual-link 150.1.2.2 message-digest-key 1 md5 CISCO
> >
> > Thanks.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART