2-16 area transit-area-id virtual-link router-id authentication null

 <  Free Open Study  >  

2-16 area transit-area-id virtual-link router-id authentication null

NOTE

Command 2-15 requires the use of the area transit-area-id virtual-link router-id message-digest-key key-id md5 password command (see Section 2-20).


Syntax Description:

  • transit-area-id ” The OSPF area ID of the area connecting the two ABRs that the virtual link will cross. This value can be entered as a decimal number in the range of 0 to 4,294,967,295 or in IP address form in the range 0.0.0.0 to 255.255.255.255. The transit area cannot be a stub area.

  • router-id ” OSPF router ID of the router at the remote end of the virtual link.

  • key-id ” Key to use to encrypt a password. The range of values is 1 to 255. Both ends of a virtual link must use the same key and password.

  • password ” Password to be used for authentication in the selected area on the selected interface or virtual link. The password is an alphanumeric string from 1 to 8 characters .

Purpose: In Cisco IOS Software Releases prior to 12.0, if authentication was enabled in Area 0, then all virtual links had to be configured with the same authentication type. This command allows the configuration of authentication over a virtual link that is different from the authentication type being used in Area 0. If authentication is used, then both ends of the virtual link must be configured with the same authentication method. Also, the same password or key and password must be configured on both ends of the virtual link.

Initial Cisco IOS Software Release: 12.0

Configuration Example 1: Simple Password Authentication Over a Virtual Link

In Figure 2-16, Area 2 does not have a direct connection to Area 0. A virtual link is needed to repair this situation. Start by configuring the routers in Figure 2-16 without using authentication over the virtual link.

Figure 2-16. The Authentication Type Used on an OSPF Virtual Link Can Be Different from the Type Used in Area 0

graphics/02fig16.gif

 Router A  interface Loopback0   ip address 1.1.1.1 255.255.255.255   !   interface Serial0/1   ip address 10.1.1.1 255.255.255.252   clockrate 64000   !   router ospf 1   network 10.1.1.0 0.0.0.3 area 0   network 1.1.1.1 0.0.0.0 area 0  _______________________________________________________________________ Router B  interface Loopback0   ip address 2.2.2.2 255.255.255.255   !   interface Serial0   ip address 10.1.1.2 255.255.255.252   !   interface Serial1   ip address 10.1.1.5 255.255.255.252   clockrate 64000   !   router ospf 1   area 1 virtual-link 3.3.3.3   network 10.1.1.0 0.0.0.3 area 0   network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.4 0.0.0.3 area 1  ________________________________________________________________________ Router C  interface Loopback0   ip address 3.3.3.3 255.255.255.255   !   interface Serial0   ip address 10.1.1.6 255.255.255.252   !   router ospf 1   area 1 virtual-link 2.2.2.2   network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  

Area 2 on Router C does not have a direct connection to Area 0. A virtual link needs to be configured to correct this situation. The transit area in this case is Area 1. You also need the router IDs of the two ABRs to be able to construct the virtual link. The first method to determine the router ID is to use the show ip ospf neighbor command. This will display the router ID of the remote end of the virtual link.

 rtrB#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 1.1.1.1           1   FULL/  -        00:00:32    10.1.1.1        Serial0  3.3.3.3           1   FULL/  -        00:00:36    10.1.1.6        Serial1  _______________________________________________________________________ rtrC#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface  2.2.2.2           1   FULL/  -        00:00:35    10.1.1.5        Serial0  

Router B has an ID of 2.2.2.2 and Router C has an ID of 3.3.3.3. The local router ID can be found by using the show ip ospf command.

 rtrB#  show ip ospf   Routing Process "ospf 1" with ID 2.2.2.2  Supports only single TOS(TOS0) routes  It is an area border router  SPF schedule delay 5 secs, Hold time between two SPFs 10 secs  Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs  Number of external LSA 0. Checksum Sum 0x0  Number of DCbitless external LSA 0  Number of DoNotAge external LSA 0  Number of areas in this router is 2. 2 normal 0 stub 0 nssa     Area BACKBONE(0)         Number of interfaces in this area is 2         Area has no authentication         SPF algorithm executed 3 times         Area ranges are         Number of LSA 3. Checksum Sum 0x1FD00         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0     Area 1         Number of interfaces in this area is 1         Area has no authentication         SPF algorithm executed 2 times         Area ranges are         Number of LSA 5. Checksum Sum 0x2B171         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0 _______________________________________________________________________ rtrC#  show ip ospf   Routing Process "ospf 1" with ID 3.3.3.3  Supports only single TOS(TOS0) routes  SPF schedule delay 5 secs, Hold time between two SPFs 10 secs  Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs  Number of external LSA 0. Checksum Sum 0x0  Number of DCbitless external LSA 0  Number of DoNotAge external LSA 0  Number of areas in this router is 2. 2 normal 0 stub 0 nssa     Area 1         Number of interfaces in this area is 1         Area has no authentication         SPF algorithm executed 12 times         Area ranges are         Number of LSA 5. Checksum Sum 0x2B171         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0     Area 2         Number of interfaces in this area is 1         Area has no authentication         SPF algorithm executed 1 times         Area ranges are         Number of LSA 1. Checksum Sum 0xDDE0         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0 

You want to add simple password authentication to the virtual link but you do not want to configure authentication over any other link in Area 0. Modify the configurations on Routers B and C to enable simple password authentication over the virtual link using the password cisco.

 Router B  router ospf 1    area 1 virtual-link 3.3.3.3 authentication authentication-key cisco    network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 1  _______________________________________________________________________ Router C  router ospf 1    area 1 virtual-link 2.2.2.2 authentication authentication-key cisco    network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  
Verification

Router C now has an interface in Area 0 and this interface is the virtual link. Verify that the virtual link is active on Routers B and C.

 rtrB#  show ip ospf virtual-links  Virtual Link OSPF_VL0 to router 3.3.3.3 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial1, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:09     Adjacency State FULL (Hello suppressed) _______________________________________________________________________ rtrC#  show ip ospf virtual-links  Virtual Link OSPF_VL1 to router 2.2.2.2 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial0, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:06     Adjacency State FULL (Hello suppressed) 

Also, verify that the loopback interfaces for Routers A, B, and C are being advertised to all OSPF neighbors.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  C       1.1.1.1 is directly connected, Loopback0  2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.2, 00:09:04, Serial0/1  3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/129] via 10.1.1.2, 00:09:04, Serial0/1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0/1 O IA    10.1.1.4 [110/128] via 10.1.1.2, 00:09:04, Serial0/1 _______________________________________________________________________ rtrB#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/65] via 10.1.1.1, 00:10:19, Serial0  2.0.0.0/32 is subnetted, 1 subnets  C       2.2.2.2 is directly connected, Loopback0  3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/65] via 10.1.1.6, 00:10:20, Serial1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0 C       10.1.1.4 is directly connected, Serial1 _______________________________________________________________________ rtrC#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/129] via 10.1.1.5, 00:11:10, Serial0  2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.5, 00:11:11, Serial0  3.0.0.0/24 is subnetted, 1 subnets  C       3.3.3.0 is directly connected, Loopback0  10.0.0.0/30 is subnetted, 2 subnets O       10.1.1.0 [110/128] via 10.1.1.5, 00:11:11, Serial0 C       10.1.1.4 is directly connected, Serial0 

Configuration Example 2: MD5 Authentication Over a Virtual Link

Modify the configurations on Routers B and C by adding MD5 password authentication to the virtual link. For this example, use the password cisco.

 Router B  router ospf 1    area 1 virtual-link 3.3.3.3 authentication message-digest     area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco    network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 1  _______________________________________________________________________ Router C  router ospf 1    area 1 virtual-link 2.2.2.2 authentication message-digest     area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco    network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  
Verification

Verify that the virtual link is still active and that MD5 authentication is enabled.

 rtrB#  show ip ospf virtual-links   Virtual Link OSPF_VL3 to router 3.3.3.3 is up  Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial1, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:01     Adjacency State FULL (Hello suppressed)  Message digest authentication enabled   Youngest key id is 1  rtrC#  show ip ospf virtual-links   Virtual Link OSPF_VL4 to router 2.2.2.2 is up  Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial0, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:02     Adjacency State FULL (Hello suppressed)  Message digest authentication enabled   Youngest key id is 1  

Also, verify that the loopback interfaces for Routers A, B, and C are being advertised to all OSPF neighbors.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  C       1.1.1.1 is directly connected, Loopback0  2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.2, 00:09:04, Serial0/1  3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/129] via 10.1.1.2, 00:09:04, Serial0/1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0/1 O IA    10.1.1.4 [110/128] via 10.1.1.2, 00:09:04, Serial0/1 _______________________________________________________________________ rtrB#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/65] via 10.1.1.1, 00:10:19, Serial0  2.0.0.0/32 is subnetted, 1 subnets  C       2.2.2.2 is directly connected, Loopback0  3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/65] via 10.1.1.6, 00:10:20, Serial1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0 C       10.1.1.4 is directly connected, Serial1 _______________________________________________________________________ rtrC#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/129] via 10.1.1.5, 00:11:10, Serial0  2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.5, 00:11:11, Serial0  3.0.0.0/24 is subnetted, 1 subnets  C       3.3.3.0 is directly connected, Loopback0  10.0.0.0/30 is subnetted, 2 subnets O       10.1.1.0 [110/128] via 10.1.1.5, 00:11:11, Serial0 C       10.1.1.4 is directly connected, Serial0 

Configuration Example 3: Changing Keys and Passwords

For additional security you may choose to periodically change the key and password. With clear-text authentication, when you change passwords there will be a loss of OSPF connectivity from the time you change the password on one end of the virtual link until you change the password at the other end of the virtual link. With MD5 authentication, you can configure a new key and password on a virtual link while leaving the old key and password in place. The old key and password will continue to be used until the new key and password are configured on the other end of the virtual link. Modify the key and password on the virtual link between Routers B and C. First add a new key and password to Router B in order to observe the behavior when the new key and password have been configured on only one end of the virtual link.

 Router B  router ospf 1   area 1 virtual-link 3.3.3.3 authentication message-digest   area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco    area 1 virtual-link 3.3.3.3 message-digest-key 2 md5 bosco    network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 1  

Examine the effect of adding a new key and password on only one end of the virtual link.

 rtrB#  show ip ospf virtual-links  Virtual Link OSPF_VL3 to router 3.3.3.3 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial1, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:08     Adjacency State FULL (Hello suppressed)  Message digest authentication enabled   Youngest key id is 2   Rollover in progress, 1 neighbor(s) using the old key(s):   key id 1  

Notice that both keys are being used for authentication. Configure the new key and password on Router C while leaving the old key and password in place.

 Router C  router ospf 1   area 1 virtual-link 2.2.2.2 authentication message-digest   area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco    area 1 virtual-link 2.2.2.2 message-digest-key 2 md5 bosco    network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  

Verify that Router C is now using the new key and password.

 rtrC#  show ip ospf virtual-links  Virtual Link OSPF_VL4 to router 2.2.2.2 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial0, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:09     Adjacency State FULL (Hello suppressed)  Message digest authentication enabled   Youngest key id is 2   Rollover in progress, 1 neighbor(s) using the old key(s):   key id 1  

You can now remove the old key and password from Routers B and C.

 Router B  router ospf 1    no area 1 virtual-link 3.3.3.3 message-digest-key 1   _______________________________________________________________________ Router C  router ospf 1    no area 1 virtual-link 2.2.2.2 message-digest-key 1   
Verification

Verify that Routers B and C are using the new key and password.

 rtrB#  show ip ospf virtual-links  Virtual Link OSPF_VL3 to router 3.3.3.3 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial1, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:04     Adjacency State INIT (Hello suppressed)  Message digest authentication enabled   Youngest key id is 2  _______________________________________________________________________ rtrC#  show ip ospf virtual-links  Virtual Link OSPF_VL4 to router 2.2.2.2 is up   Run as demand circuit   DoNotAge LSA allowed.   Transit area 1, via interface Serial0, Cost of using 64   Transmit Delay is 1 sec, State POINT_TO_POINT,   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:08     Adjacency State FULL (Hello suppressed)  Message digest authentication enabled   Youngest key id is 2  

Configuration Example 4: Null Authentication

If authentication, either clear text or md5, is configured for Area 0, then authentication must be enabled on all virtual links. If authentication is not required on a virtual link, then NULL authentication can be employed to override the authentication that has been configured for Area 0. Configure the routers in Figure 2-16 with simple password authentication on Area 0.

 Router A  interface Loopback0   ip address 1.1.1.1 255.255.255.255   !   interface Serial0/1   ip address 10.1.1.1 255.255.255.252    ip ospf authentication-key cisco    clockrate 64000   !   router ospf 1    area 0 authentication    network 1.1.1.1 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0  _______________________________________________________________________ Router B  interface Loopback0   ip address 2.2.2.2 255.255.255.255   !   interface Serial0   ip address 10.1.1.2 255.255.255.252    ip ospf authentication-key cisco    !   interface Serial1   ip address 10.1.1.5 255.255.255.252   clockrate 64000   !   router ospf 1    area 0 authentication     area 1 virtual-link 3.3.3.3    network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 1  _______________________________________________________________________ Router C  interface Loopback0   ip address 3.3.3.3 255.255.255.255   !   interface Serial0   ip address 10.1.1.6 255.255.255.252   !   router ospf 1    area 1 virtual-link 2.2.2.2    network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  

When authentication is enabled for Area 0, then the same authentication type is automatically enabled for the virtual link. Because the virtual link is not using authentication, routing updates will not be accepted over the virtual link. This can be seen by enabling OSPF debugging on either Router B or C.

 rtrB#  debug ip ospf adj  OSPF adjacency events debugging is on rtrB# 23:13:13: OSPF: Rcv pkt from 10.1.1.6, Serial1 : Mismatch Authentication type. I nput packet specified type 0, we use type 1 

This situation can be fixed by either configuring the same authentication type on the virtual link (see Sections 2-17 and 2-20) or by explicitly configuring the virtual link to use NULL authentication. Modify the configurations on routers B and C to use NULL authentication on the virtual link.

 Router B  router ospf 1   area 0 authentication    area 1 virtual-link 3.3.3.3 authentication null    network 2.2.2.2 0.0.0.0 area 0   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 1  _______________________________________________________________________ Router C  router ospf 1    area 1 virtual-link 2.2.2.2 authentication null    network 3.3.3.3 0.0.0.0 area 2   network 10.1.1.4 0.0.0.3 area 1  
Verification

Verify that all OSPF routes are being advertised.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets C       1.1.1.1 is directly connected, Loopback0      2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.2, 00:03:46, Serial0/1  3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/129] via 10.1.1.2, 00:03:46, Serial0/1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0/1  O IA    10.1.1.4 [110/128] via 10.1.1.2, 00:03:46, Serial0/1  _______________________________________________________________________ rtrB#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/65] via 10.1.1.1, 00:04:48, Serial0  2.0.0.0/32 is subnetted, 1 subnets C       2.2.2.2 is directly connected, Loopback0      3.0.0.0/32 is subnetted, 1 subnets  O IA    3.3.3.3 [110/65] via 10.1.1.6, 00:04:49, Serial1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0 C       10.1.1.4 is directly connected, Serial1 _______________________________________________________________________ rtrC#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets  O       1.1.1.1 [110/129] via 10.1.1.5, 00:05:33, Serial0  2.0.0.0/32 is subnetted, 1 subnets  O       2.2.2.2 [110/65] via 10.1.1.5, 00:05:33, Serial0  3.0.0.0/24 is subnetted, 1 subnets  C       3.3.3.0 is directly connected, Loopback0  10.0.0.0/30 is subnetted, 2 subnets O       10.1.1.0 [110/128] via 10.1.1.5, 00:05:34, Serial0 C       10.1.1.4 is directly connected, Serial0 
Troubleshooting
Step 1. Verify that there is a neighbor relationship between the OSPF routers by using the show ip ospf neighbor command.

Step 2. Verify that the transit area ID used in the area virtual-link command is proper.

Step 3. Verify that the router IDs used in the area virtual-link are correct.

Step 4. If using simple password authentication, verify that the same password is being used on each side of the virtual link.

Step 5. If using MD5 authentication, verify that the same key and password are being used on each side of the virtual link.

 <  Free Open Study  >  


Cisco[r] OSPF Command and Configuration Handbook
Cisco OSPF Command and Configuration Handbook (paperback)
ISBN: 1587055406
EAN: 2147483647
Year: 2002
Pages: 236

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net