Re: ospf virtual link Area authentication

From: Omkar Tambalkar (omkar.groupstudy@gmail.com)
Date: Tue Oct 21 2008 - 03:56:42 ARST

• Next message: Fahad Khan: "Re: ospf virtual link Area authentication"
• Previous message: Anthony J Sequeira: "Re: What is Logging sync ?"
• Maybe in reply to: stephen skinner: "ospf virtual link Area authentication"
• Next in thread: Fahad Khan: "Re: ospf virtual link Area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You would configure the authentication on virtual link between R1 and R2
beause area 0 is being extended to R1 via that virtual link. So it will be
On R1: area 5 virtual-link [router-id of R2] authentication message-digest
message-digest-key md5 xxxx
On R2: area 5 virtual-link [router-id of R1] authentication message-digest
message-digest-key md5 xxxx

I think its tricky because the authentication task was asked before creating
the virtual link. So you are extending area 0 after configuring the
authentication. If you dont configure authentication on the virtual link
then the routes from the area 2 will not propogate to area 0.

HTH,
-Later
Omkar

On Mon, Oct 20, 2008 at 10:24 PM, stephen skinner <stephenski@gmail.com>wrote:

> hello,
>
> i have the following questions i am not to sure about ,
>
> could someone please help
>
> Area 2 ----Area 5 ------Area 0
> R1 R1-R2 R2-R3
> 0/0 0/1 0/0 0/1 0/0 (all ethernets)
>
> Senario
> configure OSPF strongest authentication for area 0 by using the "area 0
> authentication message-digest" command
>
> Connect area 2 to the main ospf network , Do not use tunnels ( use the
> "area
> x virtual link" command)
>
> my question is ,
>
> If i am in the Lab and i have added the "area 0 authentication
> message-digest" to R2 and R3 ..
>
> do i need to add the command "area 0 authentication message-digest" to my
> router R1 , thats in Area 2 ??
>
> i have configed it up , without the above command in R1 , and it works
> fine.
>
> i am just wondering what people think is " best practise"
>
>
>
> Another question
>
> when trying this out , i found i had to type all the information on one
> line
> , even thought the IOS puts these commands on two lines.
>
> i am not going mad am i ???? ,
> not much sleep this week ..
>
> TIA
>
> MD5
> (i typed )
> area 2 virtual-link 2.2.2.2 authentication message-digest
> message-digest-key
> 1 md5 CISCO
> (IOS Showed)
> area 2 virtual-link 2.2.2.2 authentication message-digest
> area 2 virtual-link 2.2.2.2 message-digest-key 1 md5 CISCO
>
> --
> Only two things are infinite, the universe and human stupidity, and I'm not
> sure about the former.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Fahad Khan: "Re: ospf virtual link Area authentication"
• Previous message: Anthony J Sequeira: "Re: What is Logging sync ?"
• Maybe in reply to: stephen skinner: "ospf virtual link Area authentication"
• Next in thread: Fahad Khan: "Re: ospf virtual link Area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:21 ARST