Re: virtual link authentication

On Wed, Jun 29, 2011 at 12:27, -Hammer- <bhmccie_at_gmail.com> wrote:
> Thanks for clarifying Marko.

Don't take my word for it though. Here's the quick verification:

R2---R5---R4

R2:
Lo0: Area 0
Se0/2/0: Area 254 to R5

R5:
Lo0: Area 254
Se0/2/0: Area 254 to R2
Se0/0/0: Area 254 to R4

R4:
Lo0: Area 0
Se0/1/0: Area 254 to R5

Configurations:

R2:

interface Loopback0
 ip address 192.168.0.2 255.255.255.255
!
interface Serial0/2/0
 ip address 192.168.25.2 255.255.255.0
 ip ospf message-digest-key 1 md5 ipexpert
!
router ospf 1
 router-id 2.2.2.2
 area 254 authentication message-digest
 area 254 virtual-link 4.4.4.4
 network 192.168.0.2 0.0.0.0 area 0
 network 192.168.25.0 0.0.0.255 area 254
!

R5:

interface Loopback0
 ip address 192.168.0.5 255.255.255.255
!
interface Serial0/0/0
 ip address 192.168.45.5 255.255.255.0
 ip ospf message-digest-key 1 md5 ipexpert
!
interface Serial0/2/0
 ip address 192.168.25.5 255.255.255.0
 ip ospf message-digest-key 1 md5 ipexpert
!
router ospf 1
 router-id 5.5.5.5
 area 254 authentication message-digest
 network 192.168.0.5 0.0.0.0 area 254
 network 192.168.25.0 0.0.0.255 area 254
 network 192.168.45.0 0.0.0.255 area 254
!

R4:

interface Loopback0
 ip address 192.168.0.4 255.255.255.255
!
interface Serial0/1/0
 ip address 192.168.45.4 255.255.255.0
 ip ospf message-digest-key 1 md5 ipexpert
!
router ospf 1
 router-id 4.4.4.4
 area 254 authentication message-digest
 area 254 virtual-link 2.2.2.2
 network 192.168.0.4 0.0.0.0 area 0
 network 192.168.45.0 0.0.0.255 area 254
!

Verification:

R2#sh ip ospf int s0/2/0
Serial0/2/0 is up, line protocol is up
  Internet Address 192.168.25.2/24, Area 254
  Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 5.5.5.5
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

We can see authentication enabled on Serial 0/2/0

R2#show ip ospf int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
VL0 1 0 192.168.25.2/24 128 P2P 1/1
Lo0 1 0 192.168.0.2/32 1 LOOP 0/0
Se0/2/0 1 254 192.168.25.2/24 64 P2P 1/1

We see a neighbor on Virutal-link0. Let's check the neioghbors:

R2#show ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
4.4.4.4 0 FULL/ - - 192.168.45.4 OSPF_VL0
5.5.5.5 0 FULL/ - 00:00:39 192.168.25.5 Serial0/2/0

Looks like R4 is our neighbor. How about the routes in the table?

R2#show ip route ospf
O 192.168.45.0/24 [110/128] via 192.168.25.5, 00:06:31, Serial0/2/0
     192.168.0.0/32 is subnetted, 3 subnets
O 192.168.0.4 [110/129] via 192.168.25.5, 00:04:41, Serial0/2/0
O 192.168.0.5 [110/65] via 192.168.25.5, 00:06:31, Serial0/2/0

Finally, reachability:

R2#ping 192.168.0.4 so lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert
FREE CCIE training: http://bit.ly/vLecture
Mailto: markom_at_ipexpert.com
Telephone: +1.810.326.1444
Web: http://www.ipexpert.com/
Blogs and organic groups at http://www.ccie.net