< Free Open Study > |
2-17 area transit-area-id virtual-link router-id authentication-key passwordSyntax Description:
Purpose: If simple password authentication is enabled in Area 0, then all virtual links need to be configured with the same authentication type. This command is used to configure simple password authentication over a virtual link. In Cisco IOS Software Release 12.0 and later, virtual link authentication can be configured independently of Area 0 (see Section 2-14). Initial Cisco IOS Software Release: 10.0 Configuration Example 1: Simple Password Authentication Over a Virtual LinkIn Figure 2-17, simple password authentication has been enabled for Area 0. Initially, authentication is not enabled over the virtual link so you can see the effect of enabling authentication in Area 0 but not over the virtual link. Figure 2-17. Prior to Cisco IOS Software Release 12.0, if Authentication Is Enabled in Area 0 Then the Same Authentication Must Be Enabled Over the Virtual Link
Router A interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Serial0/1 ip address 10.1.1.1 255.255.255.252 ip ospf authentication-key cisco clockrate 64000 ! router ospf 1 area 0 authentication network 10.1.1.0 0.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 _______________________________________________________________________ Router B interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Serial0 ip address 10.1.1.2 255.255.255.252 ip ospf authentication-key cisco ! interface Serial1 ip address 10.1.1.5 255.255.255.252 clockrate 64000 ! router ospf 1 area 0 authentication area 1 virtual-link 3.3.3.3 network 10.1.1.0 0.0.0.3 area 0 network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.4 0.0.0.3 area 1 _______________________________________________________________________ Router C interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface Serial0 ip address 10.1.1.6 255.255.255.252 ! router ospf 1 area 1 virtual-link 2.2.2.2 network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 Verify that authentication has been enabled for Area 0. rtrA# show ip ospf Routing Process "ospf 1" with ID 1.1.1.1 Supports only single TOS(TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge external LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 2 Area has simple password authentication SPF algorithm executed 2 times Area ranges are Number of LSA 6. Checksum Sum 0x3B837 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 3 _______________________________________________________________________ rtrB# show ip ospf Routing Process "ospf 1" with ID 2.2.2.2 Supports only single TOS(TOS0) routes It is an area border router SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge external LSA 0 Number of areas in this router is 2. 2 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 3 Area has simple password authentication SPF algorithm executed 8 times Area ranges are Number of LSA 6. Checksum Sum 0x3B837 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 3 Area 1 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 4 times Area ranges are Number of LSA 6. Checksum Sum 0x364E1 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 When authentication is enabled in Area 0, then this authentication type will be applied to all interfaces in Area 0, including virtual links. Any routing updates from neighbors in Area 0 will be rejected if the authentication type and password do not match. Because a virtual link is considered to be in Area 0, routing updates passing over the virtual link will be rejected. This can be verified by examining the IP routing table on Router B. rtrB# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 [110/65] via 10.1.1.1, 00:06:34, Serial0 2.0.0.0/32 is subnetted, 1 subnets C 2.2.2.2 is directly connected, Loopback0 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0 C 10.1.1.4 is directly connected, Serial1 Router B has learned the routes being advertised by Router A but not the routes advertised by Router C. Simple password authentication needs to be enabled on the virtual link so that routing updates can be exchanged between routers B and C. You can also use a different authentication type on the virtual link using command 2-14, 2-15, or 2-16. In this case, configure the same authentication type that is being used in Area 0. Change the password over the virtual link to demonstrate that the passwords for different interfaces do not need to be the same. Remember that the password for a common link must be the same at both ends of the link. Modify the configurations on Routers B and C to enable simple password authentication over the virtual link using the password bosco. Router B router ospf 1 area 0 authentication area 1 virtual-link 3.3.3.3 authentication-key bosco network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.0 0.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 _______________________________________________________________________ Router C router ospf 1 area 0 authentication area 1 virtual-link 2.2.2.2 authentication-key bosco network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 Notice that the command area 0 authentication was used on Router C because the virtual link is in Area 0. VerificationVerify that authentication has been enabled over the virtual link. rtrC# show ip ospf Routing Process "ospf 1" with ID 3.3.3.3 Supports only single TOS(TOS0) routes It is an area border router SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA 0. Checksum Sum 0x0 Number of DCbitless external LSA 0 Number of DoNotAge external LSA 0 Number of areas in this router is 3. 3 normal 0 stub 0 nssa Area BACKBONE(0) Number of interfaces in this area is 1 Area has simple password authentication SPF algorithm executed 4 times Area ranges are Number of LSA 6. Checksum Sum 0x3CFAD Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 3 Area 1 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 22 times Area ranges are Number of LSA 10. Checksum Sum 0x4ACBB Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Area 2 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 18 times Area ranges are Number of LSA 5. Checksum Sum 0x238E3 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Verify that all OSPF routes are now being exchanged. rtrA# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/65] via 10.1.1.2, 00:09:04, Serial0/1 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/129] via 10.1.1.2, 00:09:04, Serial0/1 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0/1 O IA 10.1.1.4 [110/128] via 10.1.1.2, 00:09:04, Serial0/1 _______________________________________________________________________ rtrB# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 [110/65] via 10.1.1.1, 00:10:19, Serial0 2.0.0.0/32 is subnetted, 1 subnets C 2.2.2.2 is directly connected, Loopback0 3.0.0.0/32 is subnetted, 1 subnets O IA 3.3.3.3 [110/65] via 10.1.1.6, 00:10:20, Serial1 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0 C 10.1.1.4 is directly connected, Serial1 _______________________________________________________________________ rtrC# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 [110/129] via 10.1.1.5, 00:11:10, Serial0 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/65] via 10.1.1.5, 00:11:11, Serial0 3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Loopback0 10.0.0.0/30 is subnetted, 2 subnets O 10.1.1.0 [110/128] via 10.1.1.5, 00:11:11, Serial0 C 10.1.1.4 is directly connected, Serial0 Troubleshooting
|
< Free Open Study > |