lab-6b3344b7-3d9a-4f50-822f-d466606ee4a4
.configure terminal ! router ospf 1 area 10 virtual-link 4.4.4.4 authentication-key PG1X area 10 virtual-link 4.4.4.4 authentication exit ! end
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 authentication-key PG1X area 10 virtual-link 2.2.2.2 authentication exit ! end
ospf ospf.auth.type in { 0 1 2 } ospf.auth.type in { 1 }
Notable output
R2#sh ip ospf virtual-links Virtual Link OSPF_VL0 to router 4.4.4.4 is up Run as demand circuit DoNotAge LSA allowed. Transit area 10, via interface GigabitEthernet0/1 Topology-MTID Cost Disabled Shutdown Topology Name 0 2 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Adjacency State FULL (Hello suppressed) Index 1/1/3, retransmission queue length 0, number of retransmission 2 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 1 Last retransmission scan time is 1 msec, maximum is 1 msec Simple password authentication enabled
R4#sh ip ospf virtual-links Virtual Link OSPF_VL1 to router 2.2.2.2 is up Run as demand circuit DoNotAge LSA allowed. Transit area 10, via interface GigabitEthernet0/2 Topology-MTID Cost Disabled Shutdown Topology Name 0 2 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 Adjacency State FULL (Hello suppressed) Index 1/2/3, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec Simple password authentication enabled
include following output.
Simple password authentication enabled
Wireshark Packet Capture Results
area <area-id> virtual-link <router-id> authentication
statement input first, area <area-id> virtual-link <router-id> authentication-key <password>
statement may ignore and result in empty?????
configure terminal ! router ospf 1 area 10 virtual-link 4.4.4.4 authentication message-digest area 10 virtual-link 4.4.4.4 message-digest-key 1 md5 TopSecretX exit ! end
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 authentication message-digest area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 TopSecretX exit ! end
ospf ospf.auth.type in { 0 1 2 } ospf.auth.type in { 2 }
R2#sh ip ospf virtual-links Virtual Link OSPF_VL3 to router 4.4.4.4 is up Run as demand circuit DoNotAge LSA allowed. Transit area 10, via interface GigabitEthernet0/1 Topology-MTID Cost Disabled Shutdown Topology Name 0 2 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Adjacency State FULL (Hello suppressed) Index 1/1/3, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec Cryptographic authentication enabled Youngest key id is 1
Notable output is
Cryptographic authentication enabled Youngest key id is 1
following command order is not problem may be… I forgot.
area 10 virtual-link 2.2.2.2 authentication message-digest area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 TopSecretX
Tasks Brief
First, configure Virtual Link without authentication.
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 exit ! end
configure terminal ! router ospf 1 area 10 virtual-link 4.4.4.4 exit ! end
Next, enable area 0 authentication. Check virtual link neighbor down.
configure terminal ! interface GigabitEthernet 0/2 ip ospf authentication-key a0pass ! router ospf 1 area 0 authentication exit ! end
configure terminal ! interface GigabitEthernet 0/1 ip ospf authentication-key a0pass ! router ospf 1 area 0 authentication exit ! end
Configure virtual link authentication.
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 authentication-key a10vlps exit ! end
configure terminal ! router ospf 1 area 0 authentication area 10 virtual-link 4.4.4.4 authentication-key a10vlps exit ! end
enable area 0 authentication.
configure terminal ! interface GigabitEthernet 0/2 ip ospf message-digest-key 1 md5 SuperSECRET ! router ospf 1 area 0 authentication message-digest exit ! end
configure terminal ! interface GigabitEthernet 0/1 ip ospf message-digest-key 1 md5 SuperSECRET ! router ospf 1 area 0 authentication message-digest exit ! end
Configure virtual link authentication.
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 SuperSECRET exit ! end
configure terminal ! router ospf 1 area 0 authentication message-digest area 10 virtual-link 4.4.4.4 message-digest-key 1 md5 SuperSECRET exit ! end
enable area 0 authentication.
configure terminal ! interface GigabitEthernet 0/2 ip ospf authentication-key a0pass ! router ospf 1 area 0 authentication exit ! end
configure terminal ! interface GigabitEthernet 0/1 ip ospf authentication-key a0pass ! router ospf 1 area 0 authentication exit ! end
Configure virtual link authentication.
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 authentication-key a10vlps exit ! end
configure terminal ! router ospf 1 area 10 virtual-link 4.4.4.4 authentication area 10 virtual-link 4.4.4.4 authentication-key a10vlps exit ! end
enable area 0 authentication.
configure terminal ! interface GigabitEthernet 0/2 ip ospf message-digest-key 1 md5 a0passE ! router ospf 1 area 0 authentication message-digest exit ! end
configure terminal ! interface GigabitEthernet 0/1 ip ospf message-digest-key 1 md5 a0passE ! router ospf 1 area 0 authentication message-digest exit ! end
Configure virtual link authentication.
configure terminal ! router ospf 1 area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 a10vlpsEnc exit ! end
configure terminal ! router ospf 1 area 10 virtual-link 4.4.4.4 authentication message-digest area 10 virtual-link 4.4.4.4 message-digest-key 1 md5 a10vlpsEnc exit ! end
area <area-id> virtual-link <router-id> authentication
statement input first, area <area-id> virtual-link <router-id> authentication-key <password>
statement may ignore and result in empty.show ip ospf virtual-links show ip ospf neighbor show ip ospf interface GigabitEthernet 0/1 show running-config | section router ospf 1 show ip route ospf show ip ospf database
! Filter OSPF Packet Only ospf ! Null Auth ospf.auth.type == 0 ! Plain Auth ospf.auth.type == 1 ! MD5 Auth ospf.auth.type == 2
Implementation is easily, but hard to understand this feature detailed behavior… I found Virtual Link configured router exchange LSA packet by unicast. Not multicast.