Re: OSPF Virtual-link Authentication

From: Bill Eyer (beyer@optonline.net)
Date: Tue Jul 29 2008 - 20:31:05 ART

• Next message: Hong Chan: "Re: Layer 2 practice equipment"
• Previous message: Bill Eyer: "Re: IE lab 7 task 4.7 help"
• Maybe in reply to: Ed Man: "OSPF Virtual-link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ed,

Virtual link authentication is not automatic like interface
authentication when you configure it under the router process. In other
words if you enter:

router opsf 1
 area 0 authentication

All of your physical interface adjacencies will immediately break until
you enter the authentication-key at interface level. Not so
virtual-links, they will be very happy and don't care at all about the
authentication command. However, the accepted rule of thumb is that if
the scenario calls for authenticating everything in area 0, you have to
authentication your virtual links as well or you will loose your points
for security or routing.

Bill

Scott Strobeck wrote:
> Ed,
>
> It depends on what the question is asking for. If it says to enable
> authentication for area 0, then this would include the virtual links.
> Virtual link md5 authentication is enabled with the "area x
> virtual-link x.x.x.x authentication message-digest message-digest-key
> 1 md5 <mdkey>" command.
>
> Scott
>
> Ed Man wrote:
>> Hi Group,
>>
>> - the question ask to configure area 0 with md5 authentication
>> - the virtual link transits another area 100, which not asked for
>> authentication
>>
>> I does not configure virtual-link authentication, it is still up, and
>> full
>> adjacent.
>>
>> core#sh ip ospf virtual-links
>> Virtual Link OSPF_VL0 to router 10.1.1.1 is up
>> Run as demand circuit
>> DoNotAge LSA allowed.
>> Transit area 100, via interface Serial1/1, Cost of using 10
>> Transmit Delay is 1 sec, State POINT_TO_POINT,
>> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>> Hello due in 00:00:06
>> Adjacency State FULL (Hello suppressed)
>> Index 1/2, retransmission queue length 0, number of retransmission 0
>> First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
>> Last retransmission scan length is 0, maximum is 0
>> Last retransmission scan time is 0 msec, maximum is 0 msec
>> Message digest authentication enabled
>> No key configured, using default key id 0
>> R4#
>>
>>
>> My question is that how to know whether we should configure
>> authentication
>> for virtual link?
>>
>>
>> Adv. Thanks,
>> Ed.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Hong Chan: "Re: Layer 2 practice equipment"
• Previous message: Bill Eyer: "Re: IE lab 7 task 4.7 help"
• Maybe in reply to: Ed Man: "OSPF Virtual-link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART