Adding something to the magnitude of 'area 1 virtual-link 2.2.2.2
authentication message-digest-key 1 md5 cisco' into the parser will
configure the two lines:
area 1 virtual-link 2.2.2.2 authentication
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco
That seems to be enough in my lab environment to establish a virtual link
r1(config)#do sh ip ospf int brie
Interface PID Area IP Address/Mask Cost State Nbrs F/C
VL0 1 0 10.0.0.1/24 10 P2P 1/1
So after this confguration was autogenerated, I went back in and
removed it. The virtual-link went down. So apparently both lines are
needed. My confsuion resulted in not observing what the parser was
doing in the back end to pin the link up.
In my first post, the take away is that if authentication is in area
0, it must be set on virtual-link as well.
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
area 1 virtual-link 2.2.2.2 authentication
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco
I took this one step further and removed authentication in area 0 but
kept on virtual link. The virtaul link will not come up
Interface PID Area IP Address/Mask Cost State Nbrs F/C
VL0 1 0 0.0.0.0/0 65535 DOWN 0/0
So, to conclude. The authentication (or lack of) on a virtual link has
to be the same as area 0. Both lines are needed but the one command
that specifies the key will auto generate the two.
HTH
Marc
On Fri, Jan 11, 2013 at 8:59 AM, Tauseef Khan <tasneemjan_at_googlemail.com> wrote:
> Thanks all for the explanation, So that I correctly understand, On the
> router connected to Area 0 I will need both commands unless under area0 I
> already have <area 0 authentication message-digest> in which case i will
> require only <area 10 virtual-link 192.168.1.12 message-digest-key 1 md5
> cisco>
> On the router which is connecting the extended area and transit area should
> have both the commands.
>
> Regards
>
>
> On 11 January 2013 16:46, Lessaid ABDERRAHMAN <lessaid_at_gmail.com> wrote:
>
>>
>> Adding
>>
>> area 10 virtual-link 192.168.1.12 message-digest-key 1 md5 cisco
>>
>> Will work if you add this under the ospf proces:
>> area 0 authentication message-digest
>>
>> --
>> Lessaid, since '80
>> Send from mobile.
>> Le 11 janv. 2013 17:32, "Tauseef Khan" <tasneemjan_at_googlemail.com> a
>> icrit :
>>
>>> Do i need both of the following commands for virtual link authentication
>>> or
>>> only the later one should be enough
>>>
>>> area 10 virtual-link 192.168.1.12 authentication message-digest
>>> area 10 virtual-link 192.168.1.12 message-digest-key 1 md5 cisco
>>>
>>> regards
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 11 2013 - 13:45:21 ART
This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:17 ART