Several questions here Team:
Q1- what is the need for the DL on R1?. In the DSG solution, this DL allows 0/0
into R1, and denies everything else. The 0/0 is the one advertised by R2 (ABR)
once area 15 becomes totally stub. So why do we still need the DL?
Q2- It is also said, BB1 "should have routes" to R1 and R2 loopback addresses.
Well, if that is literally what they mean, then there is no point on making
area 15 a totally stub. Area 15 being totally stub can not have a route to R2
Loopback. Do they mean access to R1 and R2 loopbacks? If that is the case, then
we are OK because once 0/0 is advertised by R1 to BB1, and BB1 can use this
route to go out of area 15 and access R2 Loopback.
Q3- Can we authenticate the virtual-links connecting R2, R5 and R6 without
authenticating the [physical] serial links through which the real packets
travel?
I would probably do the following in a scenario like this task:
R2
interface s0/1/0
ip ospf authentication-key cisco <==== physical Interface authentication
ip ospf authentication
router ospf 1
area 1 virtual-link 150.50.5.5 authentication
area 1 virtual-link 150.50.5.5 authentication-key cisco
area 1 virtual-link 150.50.6.6 authentication <==== Virtual-Link
authentication
area 1 virtual-link 150.50.6.6 authentication-key cisco
R4
interface s0/0/0
ip ospf authentication-key cisco <==== physical Interface authentication.
Witout this,
ip ospf authentication R4 would lose neighborship
with R2
R5 and R6
interface s0/1/0
ip ospf authentication-key cisco <==== physical Interface authentication
ip ospf authentication
router ospf 1
area 1 virtual-link 150.50.2.2 authentication <==== Virtual-Link
authentication
area 1 virtual-link 150.50.2.2 authentication-key cisco
Any clarifications are highly apreciated.
Regards
Bauke
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
