From: Jay Scott (jasscott@xxxxxxxxx)
Date: Wed Oct 25 2000 - 19:42:44 GMT-3
FYI - This is what Devinder and I came up with. Sorry for not including the
list:)
JS
-----Original Message-----
From: Devinder Singh [mailto:devinder@collabria.com]
Sent: Wednesday, October 25, 2000 11:38 AM
To: 'Jay Scott'
Subject: RE: OSPF virtual-link authentication prob
Thanks so much for clarifying. I am clear now and have understood it
properly after you explained.
Thanks
Devinder
-----Original Message-----
From: Jay Scott [mailto:jasscott@cisco.com]
Sent: Wednesday, October 25, 2000 1:42 PM
To: Devinder Singh
Subject: RE: OSPF virtual-link authentication prob
Devin,
What you have specified the router to do, is perform
authentication on
the Virtual Link - only on R1, so your debugs are correct in saying the
virtual link authentication will fail.
The reason why R1 still has a neighbor relationship with R2 is
because R1
is in Area1, which is directly connected to an Area0 ABR(R2). If you
configure a new router in area 5, he will not be directly connected to an
Area0 ABR, this is why you need the virtual link to extend Area0 to R1.
With the configuration you have, the authentication will fail on the
virtual link, not allowing area 0 to be extended to R1. So the new router in
Area5 will not receive any LSA's associated with Area0, and vise-versa. Once
you configure authentication across the virtual link on R2, all LSA's
between Area0 and Area5 should be propagated.
Let me know if this helps.
-Jay
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Devinder Singh
Sent: Wednesday, October 25, 2000 9:53 AM
To: 'ccielab@groupstudy.com'
Subject: OSPF virtual-link authentication prob
Hello all..
I have two routers running ospf with R2 part of Area 0 & 1 and R1 part of
Area 1 & 5. So I have a virtual-link running between these two routers. It
works well that way. Now when I enabled authentication on only one router,
R1, virtual link still remains up and all there are no missing routes or
neighbors. I was expecting R1 to tear down neighbor relationship with R2,
but nothing of that sort happens. But when I give debug ip ospf adj command,
it shows authentication failure. All works well otherwise even if I don't
enable authentication on R2. Any clues??
Already tried rebooting routers.
Thanks
Devin
R2 (Version 12.1(2)T)
interface Loopback101
ip address 101.1.1.1 255.255.255.0
interface Tunnel0
no ip address
appletalk cable-range 33-33 33.2
appletalk zone tunnel
ipx network 77
tunnel source FastEthernet0/0
tunnel destination 2.1.1.150
interface FastEthernet0/0
ip address 2.1.1.149 255.255.255.252
duplex auto
speed auto
appletalk cable-range 2-2 2.1
appletalk zone r2
decnet cost 3
ipx network 22
!
interface Serial0/0.1 point-to-point
ip address 2.1.1.2 255.255.255.128
ip ospf authentication-key cisco
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-multipoint
appletalk cable-range 1-1 1.2
appletalk zone wan
appletalk protocol eigrp
no appletalk protocol rtmp
appletalk distribute-list 602 in
decnet cost 4
ipx network 1
frame-relay interface-dlci 300
!
router ospf 1
area 1 virtual-link 50.1.1.1
redistribute eigrp 1 metric 888
network 2.1.1.2 0.0.0.0 area 0
network 2.1.1.149 0.0.0.0 area 1
network 6.6.6.6 0.0.0.0 area 0
network 101.1.1.1 0.0.0.0 area 0
default-information originate metric 477 route-map devi
distribute-list 1 out eigrp 1
R1 (Version 12.1(2)T)
interface Loopback10
ip address 50.1.1.1 255.255.255.0
interface Tunnel0
no ip address
appletalk cable-range 33-33 33.1
appletalk zone tunnel
ipx network 77
tunnel source FastEthernet0/0
tunnel destination 2.1.1.149
interface FastEthernet0/0
ip address 2.1.1.150 255.255.255.252
no ip redirects
duplex auto
speed auto
interface FastEthernet1/0
ip address 200.1.1.1 255.255.255.0
no keepalive
duplex auto
speed auto
router ospf 1
area 0 authentication message-digest
area 1 virtual-link 101.1.1.1 message-digest-key 1 md5 cisco
network 2.0.0.0 0.255.255.255 area 1
network 200.0.0.0 0.255.255.255 area 2
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:30 GMT-3