From: Chris Home (clarson52@comcast.net)
Date: Thu Apr 24 2003 - 17:27:36 GMT-3
Agreed. If a lab scenario says to do MD5 in area 0 and you have a virtual
link and it comes up but you do not include MD5 authentication on the
virtual-link then you will probably lose the points for that section, as a
virtual link has an interface in area0.
----- Original Message -----
From: <Danny.Andaluz@triaton-na.com>
To: <danrose111@earthlink.net>; <phreakinphunk@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Thursday, April 24, 2003 2:28 PM
Subject: RE: ospf question
> I was discussing that before with a colleague. The best thing would
definitely be to add the authentication to both ends.
>
> Thanks
>
> -----Original Message-----
> From: Daniel Free [mailto:danrose111@earthlink.net]
> Sent: Thursday, April 24, 2003 2:26 PM
> To: Andaluz, Danilo, Triaton/NA; phreakinphunk@hotmail.com;
ccielab@groupstudy.com
> Subject: Re: ospf question
>
>
> Hi Dan,
> I just tested this scenario in my home lab and yet again
> discovered why this CCIE trek of ours is maddening!!!!!!!
> You can have AREA 0 authentication defined and not add
> the password to the virtual-link. As long as you do not add it
> on both sides of the virtual-link. My initial response was for
> if you had one side configured with a password and the other
> not. I took off the passwords on both sides of the link and it
> came up fine. I strongly suggest however you should practice using the
password on the virtual-link commands.
> That would be the so called Cisco way I beleive :)
> Danny
>
> ----- Original Message -----
> From: Danny.Andaluz@triaton-na.com <mailto:Danny.Andaluz@triaton-na.com>
> To: danrose111@earthlink.net <mailto:danrose111@earthlink.net> ;
phreakinphunk@hotmail.com <mailto:phreakinphunk@hotmail.com> ;
ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> Sent: Thursday, April 24, 2003 9:32 AM
> Subject: RE: ospf question
>
>
> Here's my config. Another person posted here that it worked for him the
same.
>
> sh run
> Building configuration...
>
> Current configuration : 925 bytes
> !
> version 12.1
> no service single-slot-reload-enable
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
>
> hostname r567
>
> interface Loopback0
> ip address 1.1.1.1 255.255.255.0
> !
> interface Serial0
> no ip address
> shutdown
>
> !
> interface Serial1
> ip address 2.2.2.2 255.255.255.0
> !
> interface FastEthernet0
> ip address 3.3.3.3 255.255.255.0
> speed auto
> !
> router ospf 1
> log-adjacency-changes
> area 0 authentication message-digest
> area 89 virtual-link 99.99.99.99
> network 2.2.2.0 0.0.0.255 area 89
> network 3.3.3.0 0.0.0.255 area 45
> !
> ip classless
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
> -----Original Message-----
> From: Daniel Free [mailto:danrose111@earthlink.net
<mailto:danrose111@earthlink.net> ]
> Sent: Thursday, April 24, 2003 3:38 AM
> To: Teck PhrEAk!!; Andaluz, Danilo, Triaton/NA; ccielab@groupstudy.com
> Subject: Re: ospf question
>
>
> Hi,
> Sorry to have to disagree but you need to configure the password on the
virtual link in your sample scenario. Check ip ospf virtual and see if the
adjacency is full. Probably not. Check the below link. Thanks. Best of luck.
>
> Danny
> http://www.cisco.com/warp/public/104/27.html
<http://www.cisco.com/warp/public/104/27.html>
>
> ----- Original Message -----
> From: "Teck PhrEAk!!" <phreakinphunk@hotmail.com>
> To: <Danny.Andaluz@triaton-na.com>; <ccielab@groupstudy.com>
> Sent: Thursday, April 24, 2003 2:24 AM
> Subject: Re: ospf question
>
>
> > Hi Danny,
> >
> > Yes, creating a virtual-link is like extending the boundary of area
> > 0.....the implementation of a virtual-link requires area 0
> > authentication
> on
> > the other side of the virtual-link , the one which does not have any
> > interfaces in area 0.
> >
> > also b'coz you are creating a virtual-link......and no actual
> > interfaces
> are
> > involved in creating a virtual-link you dont require interface
> > authentication.
> >
> > cheers,
> >
> > sumit.
> >
> >
> >
> >
> > >From: Danny.Andaluz@triaton-na.com
> > >Reply-To: Danny.Andaluz@triaton-na.com
> > >To: ccielab@groupstudy.com
> > >Subject: ospf question
> > >Date: Thu, 24 Apr 2003 00:44:13 -0400
> > >
> > >router ospf 1000
> > > log-adjacency-changes
> > > area 0 authentication message-digest
> > > area 6 virtual-link x.x.x.x
> > > network x.x.x.x 0.0.0.255 area 6
> > > network x.x.x.x 0.0.0.255 area 10
> > >
> > >Hello,
> > >
> > >This router has a virtual link to area 0 through area 6. Area 0 is
> > >doing authentication. I could not get the routes on the this router
> > >into the rest of the ospf network unless I added the "area 0
> > >authentication message-digest" on this router. This is very strange
> > >since this router does
> > >not have any interfaces in area 0. Unless the virtual link is like an
> > >interface in Area 0. Also, I did not have to add the password anywhere
> on
> > >the router. Strange. It's almost like half authentication. Can
> > >someone explain this?
> > >
> > >TIA,
> > >Danny
> >
> >
> > _________________________________________________________________
> > STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
<http://join.msn.com/?page=features/junkmail>
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:05 GMT-3