Re: OSPF Area 0 and Virtual Links Authentication in a transit

From: Jason Madsen (madsen.jason@gmail.com)
Date: Fri Dec 12 2008 - 22:29:05 ARST

• Next message: antonygrooves: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Previous message: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Maybe in reply to: Jason Morris: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Next in thread: antonygrooves: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

whoops, I forgot to answer part of your question. yes, you have to do the
authentication on BOTH ends of your virtual link(s) for it to work properly.

Jason

On Fri, Dec 12, 2008 at 5:27 PM, Jason Madsen <madsen.jason@gmail.com>wrote:

> Virtual links are an extension of Area 0. I recommend doing a "show ip
> ospf inter bri" any time you do ospf authentication. It neatly lists what
> interfaces / links are in what areas. Virtual links always show up as Area
> 0.
>
> It looks as though you have duplicated commands in your example. If you
> use "area 0 authent messag", then you don't need "area x virtual x.x.x.x
> authen mess". You would only have to use "area x virtual x.x.x.x
> message-digest x md5 password". Basically here are your options for Virtual
> link authentication:
>
> 1.)
>
> router ospf 1
> area 0 authen mess
> area x virtual-link x.x.x.x messsage-digest-key x md5 password
>
> OR
>
> 2.)
>
> router ospf 1
> area x virtual-link x.x.x.x authen mess
> area x virtual-link x.x.x.x message-digest-key x md5 password
>
> Either way, do a "show ip ospf interface xxx" to confirm that you are in
> fact using authentication and with md5 ensure that you're NOT using key 0
> (null key) unless you meant to use it.
>
> Jason
>
>
> On Fri, Dec 12, 2008 at 11:59 AM, antonygrooves <antonygrooves@gmail.com>wrote:
>
>> Hi Guys.
>> I would like to know which is the best way to configure authentication in
>> OSPF if i have to configure it on area 0 and for virtual links in a transit
>> area.
>>
>> R1 in area 0 and area 1
>> R2 in area 1 and area 2
>>
>>
>> Is this correct.
>> R1
>> Under Ospf
>> Area 0 authentication message-digest.
>>
>> Interface
>> ip ospf message-digest 1 md5 cisco
>>
>>
>> area 1 virtual link 1.1.1.1 authentication message-digest
>> area 1 virtual link 1.1.1.1 message-digest 1 md5 cisco
>>
>>
>> R2
>> Area 1 virtual-link 1.1.2.2 authentication message-digest
>> area 1 virtual-link 1.1.2.2 message-digest 1 md5 cisco
>>
>>
>> I'm not sure if its correct to repeat in R1 for the virtual link
>> authentication message-digest again or just by doing it for the backbone
>> area its enough.
>>
>> I appreciate any help on this.
>>
>> Tony.
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: antonygrooves: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Previous message: Jason Madsen: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Maybe in reply to: Jason Morris: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Next in thread: antonygrooves: "Re: OSPF Area 0 and Virtual Links Authentication in a transit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST