From: Jack Heney (jheneyccie@xxxxxxxxxxx)
Date: Wed Oct 25 2000 - 16:16:15 GMT-3
I just configured my routers as you have described (with slightly different
addresses):
10.12.1.1 10.1.2.253 10.1.2.254 10.1.1.254
----------r1-----------------------r2-----------
R1:
int s0/0
ip address 10.12.1.1 255.255.255.0
encap frame-relay
int f0/0
ip address 10.1.2.253 255.255.255.0
router ospf 1
area 1 virtual-link 10.1.2.254
network 10.12.0.0 0.0.255.255 area 0
network 10.1.0.0 0.0.255.255 area 1
R2:
int e0/0
ip address 10.1.2.254 255.255.255.0
int t0/0
ip address 10.1.1.254 255.255.255.0
router osfp 1
area 0 authentication message-digest
area 1 virtual-link 10.12.1.1 message-digest-key 1 md5 cisco
network 10.1.2.0 0.0.0.255 area 1
network 10.1.1.0 0.0.0.255 area 2
I think this is more or less equivalent to your setup...I am experiencing a
similar outcome to what you've described with one exception....My routers
are establishing an adjacency, and I am seeing the debug output you
mentioned, but I am not learning all routes....Strangely enough, R2 (the
router with authentication still on) learned about the 10.12.1.0 network
from R1, but R1 (the router with authentication turned off) doesn't learn
about the 10.1.1.0 network from R2 (across the virtual-link).
This led me to suspect that the fact that the routers were directly
connected was having an effect, so I added a router between R1 and R2 that
is entirely in area 1 and virtual-linked through it...Now R1 learns about
the 10.1.1.0 network from R2 and R2 learns about the 10.12.1.0 network from
R1.
Unfortuantely, my little test has failed to give me any real insight into
how OSPF authentication works....Why can these routers exchange routes
without authentication configured on BOTH sides of the link? I am now
thoroughly confused. Sorry I couldn't be more helpful...If somebody out
there has a firm grasp on the exact workings of OSPF authentication, an
explanation would be greatly appreciated. Specifically, I understand how it
is supposed to be set up, so why, when it is set up incorrectly, can routes
still be exchanged?
Thanks for any help,
jack
>From: Devinder Singh <devinder@collabria.com>
>Reply-To: Devinder Singh <devinder@collabria.com>
>To: "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
>Subject: OSPF virtual-link authentication prob
>Date: Wed, 25 Oct 2000 09:53:12 -0700
>
>Hello all..
>
>I have two routers running ospf with R2 part of Area 0 & 1 and R1 part of
>Area 1 & 5. So I have a virtual-link running between these two routers. It
>works well that way. Now when I enabled authentication on only one router,
>R1, virtual link still remains up and all there are no missing routes or
>neighbors. I was expecting R1 to tear down neighbor relationship with R2,
>but nothing of that sort happens. But when I give debug ip ospf adj
>command,
>it shows authentication failure. All works well otherwise even if I don't
>enable authentication on R2. Any clues??
>Already tried rebooting routers.
>
>Thanks
>Devin
>
>
>
>
>R2 (Version 12.1(2)T)
>
>
>interface Loopback101
> ip address 101.1.1.1 255.255.255.0
>
>interface Tunnel0
> no ip address
> appletalk cable-range 33-33 33.2
> appletalk zone tunnel
> ipx network 77
> tunnel source FastEthernet0/0
> tunnel destination 2.1.1.150
>
>interface FastEthernet0/0
> ip address 2.1.1.149 255.255.255.252
> duplex auto
> speed auto
> appletalk cable-range 2-2 2.1
> appletalk zone r2
> decnet cost 3
> ipx network 22
>!
>interface Serial0/0.1 point-to-point
> ip address 2.1.1.2 255.255.255.128
> ip ospf authentication-key cisco
> ip ospf message-digest-key 1 md5 cisco
> ip ospf network point-to-multipoint
> appletalk cable-range 1-1 1.2
> appletalk zone wan
> appletalk protocol eigrp
> no appletalk protocol rtmp
> appletalk distribute-list 602 in
> decnet cost 4
> ipx network 1
> frame-relay interface-dlci 300
>!
>
>
>router ospf 1
> area 1 virtual-link 50.1.1.1
> redistribute eigrp 1 metric 888
> network 2.1.1.2 0.0.0.0 area 0
> network 2.1.1.149 0.0.0.0 area 1
> network 6.6.6.6 0.0.0.0 area 0
> network 101.1.1.1 0.0.0.0 area 0
> default-information originate metric 477 route-map devi
> distribute-list 1 out eigrp 1
>
>
>
>
>R1 (Version 12.1(2)T)
>
>interface Loopback10
> ip address 50.1.1.1 255.255.255.0
>
>interface Tunnel0
> no ip address
> appletalk cable-range 33-33 33.1
> appletalk zone tunnel
> ipx network 77
> tunnel source FastEthernet0/0
> tunnel destination 2.1.1.149
>
>
>interface FastEthernet0/0
> ip address 2.1.1.150 255.255.255.252
> no ip redirects
> duplex auto
> speed auto
>
>interface FastEthernet1/0
> ip address 200.1.1.1 255.255.255.0
> no keepalive
> duplex auto
> speed auto
>
>
>router ospf 1
> area 0 authentication message-digest
> area 1 virtual-link 101.1.1.1 message-digest-key 1 md5 cisco
> network 2.0.0.0 0.255.255.255 area 1
> network 200.0.0.0 0.255.255.255 area 2
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:30 GMT-3