Rene, in networklessons.com you state “Enable authentication for area 0: the virtual link belongs to area 0, so you need authentication for the backbone area, not the area that the virtual link goes through.” But in the OSPF Authentication GNS3vault lab on the Gorilla router you don’t enable authentication on area 0, you use the “area 1 virtual-link 2.2.2.2 authentication message-digest” command. I’m a bit confused by this. Since router gorilla is not attached to area 0 this makes sense, but networklessons.com explicitly states to enable authentication for area 0, not the transit area. Does this rule apply to all cases or just the discontiguous area 0 scenario? Thank you.
Hello Mike
When you enable authentication over a virtual link in OSPF, there are two parts to the configuration. The first is the enabling of the authentication and the method of authentication. This is always done for the backbone area. What this means configuration-wise is the following command:
area 0 authentication
This command is necessary for enabling the authentication. In the case of using MD5 authentication, the command would be
area 0 authentication message-digest
Now this enabling is not enough. You are also required to indicate the virtual link, the transit area over which it is connecting, whether or not authentication is used, and the actual authentication key. This is where the following command comes in:
area 1 virtual-link 2.2.2.2 authentication-key NWL
In the case where MD5 is being used, the command would be something like this:
area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 NWL
So the enabling of the authentication is implemented on area 0 with the first command, and the configuration of the additional parameters are configured using the second command where the transit area is referenced.
I hope this has been helpful!
Laz
So in the following lab; https://gns3vault.com/ospf/ospf-authentication/; we would only run the area 0 authentication message-digest on router “giraffe” since that’s the only router that has an interface in area 0?
Hello Mike
Actually, you would put that command in both the Giraffe and Gorilla routers, even though the Gorilla router doesn’t touch area 0. Take a look at this Cisco documentation that explains the virtual link authentication in an almost identical topology as that in the GNS3Vault example you sent:
I hope this has been helpful!
Laz
Yes, it is. Thank you very much!
I keep getting this error on the GNS3 vault lab for this topic of OSPF
*Mar 1 00:41:43.503: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 192.168.23.3, FastEthernet1/0
Giraffe#
what Am I missing
Hello Regis
An excellent reference to such issues can be found here:
It has several troubleshooting paths that you can take to see where the issue lies. I suggest you go through them to find the error. Some of these sometimes are just glitches in GNS3, but you can determine this by going through this document first.
I hope this has been helpful!
Laz