Re: ospf virtual link Area authentication

From: stephen skinner (stephenski@gmail.com)
Date: Tue Oct 21 2008 - 07:00:22 ARST

• Next message: stephen skinner: "QOS with access-list pattern matching"
• Previous message: shiran guez: "Re: EEK down, protocol UP?"
• Maybe in reply to: stephen skinner: "ospf virtual link Area authentication"
• Next in thread: Jonny English: "Re: ospf virtual link Area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hello Omkar

thanks for your answer ,

what do think about adding the "area 0 authentication message-digest"
command on R1 ,

i suppose because i have put the above command on the Area 0 routers i
should put it on R1 as well, even though it didnt seem to need it??

any thoughts

cheers
On Tue, Oct 21, 2008 at 1:56 PM, Omkar Tambalkar <omkar.groupstudy@gmail.com
> wrote:

> You would configure the authentication on virtual link between R1 and R2
> beause area 0 is being extended to R1 via that virtual link. So it will be
> On R1: area 5 virtual-link [router-id of R2] authentication message-digest
> message-digest-key md5 xxxx
> On R2: area 5 virtual-link [router-id of R1] authentication message-digest
> message-digest-key md5 xxxx
>
> I think its tricky because the authentication task was asked before
> creating the virtual link. So you are extending area 0 after configuring the
> authentication. If you dont configure authentication on the virtual link
> then the routes from the area 2 will not propogate to area 0.
>
> HTH,
> -Later
> Omkar
>
> On Mon, Oct 20, 2008 at 10:24 PM, stephen skinner <stephenski@gmail.com>wrote:
>
>> hello,
>>
>> i have the following questions i am not to sure about ,
>>
>> could someone please help
>>
>> Area 2 ----Area 5 ------Area 0
>> R1 R1-R2 R2-R3
>> 0/0 0/1 0/0 0/1 0/0 (all ethernets)
>>
>> Senario
>> configure OSPF strongest authentication for area 0 by using the "area 0
>> authentication message-digest" command
>>
>> Connect area 2 to the main ospf network , Do not use tunnels ( use the
>> "area
>> x virtual link" command)
>>
>> my question is ,
>>
>> If i am in the Lab and i have added the "area 0 authentication
>> message-digest" to R2 and R3 ..
>>
>> do i need to add the command "area 0 authentication message-digest" to my
>> router R1 , thats in Area 2 ??
>>
>> i have configed it up , without the above command in R1 , and it works
>> fine.
>>
>> i am just wondering what people think is " best practise"
>>
>>
>>
>> Another question
>>
>> when trying this out , i found i had to type all the information on one
>> line
>> , even thought the IOS puts these commands on two lines.
>>
>> i am not going mad am i ???? ,
>> not much sleep this week ..
>>
>> TIA
>>
>> MD5
>> (i typed )
>> area 2 virtual-link 2.2.2.2 authentication message-digest
>> message-digest-key
>> 1 md5 CISCO
>> (IOS Showed)
>> area 2 virtual-link 2.2.2.2 authentication message-digest
>> area 2 virtual-link 2.2.2.2 message-digest-key 1 md5 CISCO
>>
>> --
>> Only two things are infinite, the universe and human stupidity, and I'm
>> not
>> sure about the former.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>

-- 
Only two things are infinite, the universe and human stupidity, and I'm not
sure about the former.
Blogs and organic groups at http://www.ccie.net

• Next message: stephen skinner: "QOS with access-list pattern matching"
• Previous message: shiran guez: "Re: EEK down, protocol UP?"
• Maybe in reply to: stephen skinner: "ospf virtual link Area authentication"
• Next in thread: Jonny English: "Re: ospf virtual link Area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:21 ARST