From: Andy Alves (mota_anderson@hotmail.com)
Date: Sun Mar 02 2008 - 14:17:16 ARST
Hi Tandou,
From your config below the line "area 41 authentication message-digest" is not
need unless you want to enable authentication on area 41, bear in mind that if
you are authenticating area 0 with "area 0 authentication message-digest" the
virtual link need to be authenticated as well.
Verification is simple as from this topology as follow:
--- R1 ---
|---R3 --- ---- R4
|--- R2---|
R5 --|
R1 is a hub in the F/R with R3 and R4 (all in area 0 using authentication
message-digest)
R3 <--> R2 in area 20
R2 <--> R5 in area 30 (connected to area 0 with virtual-link)
R1:
router ospf 1 router-id 150.1.1.1 log-adjacency-changes area 0 authentication
message-digest network 150.1.1.1 0.0.0.0 area 0 network 150.1.100.1 0.0.0.0
area 0 network 150.1.200.1 0.0.0.0 area 0
R1#sh ip os neighbor
Neighbor ID Pri State Dead Time Address
Interface150.1.4.4 0 FULL/ - 00:00:30 150.1.100.4
Serial3/3.400150.1.3.3 0 FULL/ - 00:00:30 150.1.200.3
Serial3/3.300
R3:
router ospf 1 router-id 150.1.3.3 log-adjacency-changes area 0 authentication
message-digest area 20 virtual-link 150.1.2.2 message-digest-key 1 md5 CCIE
network 136.1.100.3 0.0.0.0 area 20 network 150.1.3.3 0.0.0.0 area 0 network
150.1.200.3 0.0.0.0 area 0
R3#sh ip os neighbor
Neighbor ID Pri State Dead Time Address
Interface150.1.1.1 0 FULL/ - 00:00:32 150.1.200.1
Serial0/0.100150.1.2.2 1 FULL/DR 00:00:30 136.1.100.2
Ethernet0/0
Rack01R3#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 150.1.2.2 is
up Run as demand circuit DoNotAge LSA allowed. Transit area 20, via
interface Ethernet0/0, Cost of using 10 Transmit Delay is 1 sec, State
POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5 Hello due in 00:00:09 Message digest authentication enabled
Youngest key id is 1
R2:
router ospf 1 router-id 150.1.2.2 log-adjacency-changes area 20 virtual-link
150.1.3.3 message-digest-key 1 md5 CCIE network 136.1.100.2 0.0.0.0 area 20
network 136.2.200.2 0.0.0.0 area 30 network 150.1.2.2 0.0.0.0 area 20
Rack01R2#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 150.1.3.3 is
up Run as demand circuit DoNotAge LSA allowed. Transit area 20, via
interface Ethernet0/0, Cost of using 10 Transmit Delay is 1 sec, State
POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5 Hello due in 00:00:02
R2#sh ip route ospf 150.1.0.0/16 is variably subnetted, 7 subnets, 2
masksO IA 150.1.200.0/24 [110/74] via 136.1.100.3, 00:11:01, Ethernet0/0O
150.1.5.5/32 [110/11] via 136.2.200.5, 00:11:01, Ethernet0/1O IA
150.1.4.4/32 [110/856] via 136.1.100.3, 00:11:01, Ethernet0/0O IA
150.1.3.3/32 [110/11] via 136.1.100.3, 00:11:01, Ethernet0/0O IA
150.1.1.1/32 [110/75] via 136.1.100.3, 00:11:01, Ethernet0/0O IA
150.1.100.0/24 [110/855] via 136.1.100.3, 00:11:01, Ethernet0/0R2#
R2#ping 150.1.1.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 150.1.1.1,
timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip
min/avg/max = 60/60/60 ms
As you can see virtual link is up and I can ping R1's loopback with no
problems.
Cheers,
Anderson Alves
CCIE3# 16778 (R/S, SP and Security)
> Date: Sun, 2 Mar 2008 07:18:14 -0800> From: dtandou@yahoo.com> Subject: OSPF
AUTHENTICATION> To: ccielab@groupstudy.com> > Hello GS,> is this config below
is ok? or don't need to configure area 41 authentication message-digest > >
Thanks> > router ospf 1> router-id 150.150.6.6> log-adjacency-changes> area 0
authentication message-digest> area 41 authentication message-digest > area 41
virtual-link 9.9.2.2 message-digest-key 1 md5 cisco> > Mohamed> > > >
---------------------------------> Never miss a thing. Make Yahoo your
homepage.> >
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART