From: Hobbs (deadheadblues@gmail.com)
Date: Tue Oct 21 2008 - 22:42:21 ARST
You can enable authentication without the area authentication command. I
just tried it. I am not using IE, just my own lab:
R2#show run | sec router ospf
router ospf 1
log-adjacency-changes
area 1 virtual-link 3.3.3.3 authentication message-digest
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
network 172.12.25.0 0.0.0.255 area 0
network 172.12.123.0 0.0.0.255 area 1
R2#show ip ospf virtual-links | inc au
Message digest authentication enabled
R2#
Notice there is 2 commands, one where you enable authentication type, and
the other with the key. Just like when you do it for interfaces. The type is
message-digest verified with the show command.
On Tue, Oct 21, 2008 at 3:38 PM, Jonny English <redkidneybeans@gmail.com>wrote:
> yes you do need the area 0 authentication message-digest. Have a look at a
> diagram of say IE lab 6. Look at how the OSPF is set up. Where do you use
> your virtual-links? what are they used for? Think about these questions and
> you will see you need them.
>
> Things break otherwise. Do it without the area 0 authentication
> message-digest and do a show ip ospf nei, and you will see....
>
>
>
> On Wed, Oct 22, 2008 at 6:55 AM, Hobbs <deadheadblues@gmail.com> wrote:
>
>> Do you really need "area 0 authentication message-digest" ? I thought this
>> just makes it easier to enable authentication on all your are 0 links. You
>> can just manually do it in the VL...
>>
>>
>> On Tue, Oct 21, 2008 at 4:09 AM, Jonny English <redkidneybeans@gmail.com>wrote:
>>
>>> you need the "area 0 authentication message-digest" on routers that have
>>> a
>>> virtual-link as well, because they are "virtually" connected to area 0.
>>>
>>> On Tue, Oct 21, 2008 at 10:00 PM, stephen skinner <stephenski@gmail.com
>>> >wrote:
>>>
>>> > hello Omkar
>>> >
>>> > thanks for your answer ,
>>> >
>>> > what do think about adding the "area 0 authentication message-digest"
>>> > command on R1 ,
>>> >
>>> > i suppose because i have put the above command on the Area 0 routers i
>>> > should put it on R1 as well, even though it didnt seem to need it??
>>> >
>>> > any thoughts
>>> >
>>> > cheers
>>> > On Tue, Oct 21, 2008 at 1:56 PM, Omkar Tambalkar <
>>> > omkar.groupstudy@gmail.com
>>> > > wrote:
>>> >
>>> > > You would configure the authentication on virtual link between R1 and
>>> R2
>>> > > beause area 0 is being extended to R1 via that virtual link. So it
>>> will
>>> > be
>>> > > On R1: area 5 virtual-link [router-id of R2] authentication
>>> > message-digest
>>> > > message-digest-key md5 xxxx
>>> > > On R2: area 5 virtual-link [router-id of R1] authentication
>>> > message-digest
>>> > > message-digest-key md5 xxxx
>>> > >
>>> > > I think its tricky because the authentication task was asked before
>>> > > creating the virtual link. So you are extending area 0 after
>>> configuring
>>> > the
>>> > > authentication. If you dont configure authentication on the virtual
>>> link
>>> > > then the routes from the area 2 will not propogate to area 0.
>>> > >
>>> > > HTH,
>>> > > -Later
>>> > > Omkar
>>> > >
>>> > > On Mon, Oct 20, 2008 at 10:24 PM, stephen skinner <
>>> stephenski@gmail.com
>>> > >wrote:
>>> > >
>>> > >> hello,
>>> > >>
>>> > >> i have the following questions i am not to sure about ,
>>> > >>
>>> > >> could someone please help
>>> > >>
>>> > >> Area 2 ----Area 5 ------Area 0
>>> > >> R1 R1-R2 R2-R3
>>> > >> 0/0 0/1 0/0 0/1 0/0 (all ethernets)
>>> > >>
>>> > >> Senario
>>> > >> configure OSPF strongest authentication for area 0 by using the
>>> "area 0
>>> > >> authentication message-digest" command
>>> > >>
>>> > >> Connect area 2 to the main ospf network , Do not use tunnels ( use
>>> the
>>> > >> "area
>>> > >> x virtual link" command)
>>> > >>
>>> > >> my question is ,
>>> > >>
>>> > >> If i am in the Lab and i have added the "area 0 authentication
>>> > >> message-digest" to R2 and R3 ..
>>> > >>
>>> > >> do i need to add the command "area 0 authentication message-digest"
>>> to
>>> > my
>>> > >> router R1 , thats in Area 2 ??
>>> > >>
>>> > >> i have configed it up , without the above command in R1 , and it
>>> works
>>> > >> fine.
>>> > >>
>>> > >> i am just wondering what people think is " best practise"
>>> > >>
>>> > >>
>>> > >>
>>> > >> Another question
>>> > >>
>>> > >> when trying this out , i found i had to type all the information on
>>> one
>>> > >> line
>>> > >> , even thought the IOS puts these commands on two lines.
>>> > >>
>>> > >> i am not going mad am i ???? ,
>>> > >> not much sleep this week ..
>>> > >>
>>> > >> TIA
>>> > >>
>>> > >> MD5
>>> > >> (i typed )
>>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
>>> > >> message-digest-key
>>> > >> 1 md5 CISCO
>>> > >> (IOS Showed)
>>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
>>> > >> area 2 virtual-link 2.2.2.2 message-digest-key 1 md5 CISCO
>>> > >>
>>> > >> --
>>> > >> Only two things are infinite, the universe and human stupidity, and
>>> I'm
>>> > >> not
>>> > >> sure about the former.
>>> > >>
>>> > >>
>>> > >> Blogs and organic groups at http://www.ccie.net
>>> > >>
>>> > >>
>>> _______________________________________________________________________
>>> > >> Subscription information may be found at:
>>> > >> http://www.groupstudy.com/list/CCIELab.html
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >>
>>> > >
>>> >
>>> >
>>> > --
>>> > Only two things are infinite, the universe and human stupidity, and I'm
>>> not
>>> > sure about the former.
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>> --
>>> Thank You,
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> Thank You,
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:21 ARST