Re: OSPF Area 0 and Virtual Links Authentication in a transit

From: Jason Madsen (madsen.jason@gmail.com)
Date: Fri Dec 12 2008 - 22:27:06 ARST

• Next message: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Previous message: Dale Shaw: "Re: FAILED R&S - 2 days Back"
• Maybe in reply to: Jason Morris: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Next in thread: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Virtual links are an extension of Area 0. I recommend doing a "show ip ospf
inter bri" any time you do ospf authentication. It neatly lists what
interfaces / links are in what areas. Virtual links always show up as Area
0.

It looks as though you have duplicated commands in your example. If you use
"area 0 authent messag", then you don't need "area x virtual x.x.x.x authen
mess". You would only have to use "area x virtual x.x.x.x message-digest x
md5 password". Basically here are your options for Virtual link
authentication:

1.)

router ospf 1
area 0 authen mess
area x virtual-link x.x.x.x messsage-digest-key x md5 password

OR

2.)

router ospf 1
area x virtual-link x.x.x.x authen mess
area x virtual-link x.x.x.x message-digest-key x md5 password

Either way, do a "show ip ospf interface xxx" to confirm that you are in
fact using authentication and with md5 ensure that you're NOT using key 0
(null key) unless you meant to use it.

Jason

On Fri, Dec 12, 2008 at 11:59 AM, antonygrooves <antonygrooves@gmail.com>wrote:

> Hi Guys.
> I would like to know which is the best way to configure authentication in
> OSPF if i have to configure it on area 0 and for virtual links in a transit
> area.
>
> R1 in area 0 and area 1
> R2 in area 1 and area 2
>
>
> Is this correct.
> R1
> Under Ospf
> Area 0 authentication message-digest.
>
> Interface
> ip ospf message-digest 1 md5 cisco
>
>
> area 1 virtual link 1.1.1.1 authentication message-digest
> area 1 virtual link 1.1.1.1 message-digest 1 md5 cisco
>
>
> R2
> Area 1 virtual-link 1.1.2.2 authentication message-digest
> area 1 virtual-link 1.1.2.2 message-digest 1 md5 cisco
>
>
> I'm not sure if its correct to repeat in R1 for the virtual link
> authentication message-digest again or just by doing it for the backbone
> area its enough.
>
> I appreciate any help on this.
>
> Tony.
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Previous message: Dale Shaw: "Re: FAILED R&S - 2 days Back"
• Maybe in reply to: Jason Morris: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Next in thread: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST