Re: Virtual-link authentication and AREA 0 authentication

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sun Apr 02 2006 - 04:41:07 GMT-3

• Next message: Reinhold Fischer: "Re: Inter-AS Question"
• Previous message: Victor Cappuccio: "Re: static route stupid question"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Next in thread: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Frank,

you do have an adj over VL if you place only "area 0 auth me" on remote side
of the link. But you don't have LSA going back and forth any longer, cause
there is an auth type mismatch. If you did that in right order, i.e
configured OSPF across the board and then applied authentication to area 0,
your routes behind the VL will be in OSPF for a while )half an hour of so),
but then disappear. Try to reload your lab at this point to see what proctor
will see.

Here is the output from R1, a remote part of VL.

R1#
14:08:00: OSPF: Rcv pkt from 9.9.9.3, OSPF_VL1 : Mismatch Authentication
type. Input packet specified type 2, we use type 0

R1#sh ip os vi
Virtual Link OSPF_VL1 to router 3.3.3.3 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 11, via interface FastEthernet0/0, Cost of using 2
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:00

Here is the output from corresponding area 0 ABR. Have a note at "No key
configured, using default key id 0"

R3(config-router)#do show ip os vi
Virtual Link OSPF_VL2 to router 1.1.1.1 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 11, via interface FastEthernet0/0, Cost of using 2
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:09
  Message digest authentication enabled
      No key configured, using default key id 0

R3(config-router)#do deb ip os ev
OSPF events debugging is on
R3(config-router)#
14:15:51: OSPF: Rcv pkt from 9.9.10.1, OSPF_VL2 : Mismatch Authentication
type. Input packet specified type 0, we use type 2

A.

----- Original Message -----
From: "sheng li" <slilxn@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, April 02, 2006 7:45 AM
Subject: Virtual-link authentication and AREA 0 authentication

> Folks,
> I've heard statements from several people that when
> OSPF area0 is configured with authentication, say,
> md5, the virtual links connecting a remote area must
> be also configured with the same authentication. I've
> doubted it and my routers seem to be distributing
> routes happily as long as the virtual-linked remote
> ABR has "ar 0 auth mess". Can you help me clarify if
> this is a real requirement or am I missing anything?
>
> Thanks!
> Frank
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Reinhold Fischer: "Re: Inter-AS Question"
• Previous message: Victor Cappuccio: "Re: static route stupid question"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Next in thread: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:55 GMT-3