Hi Bauke, Virtual links can be authenticated separately, the interfaces don't need to be. As far as "should have routes"...a route is a path so if BB1 can reach the loopbacks then I would say it is satisfied. We can probably argue semantics a lot but I would ask the proctor for clarification. Such as "Does BB1 need /32 routes in it's route table for R1 and R2?" or something to that effect.
Not sure about Q1 right now. I will have to look at that scenario specifically... On Mon, Jan 11, 2010 at 1:51 PM, Bauke Dzavhale < [email protected]> wrote: > Several questions here Team: > > Q1- what is the need for the DL on R1?. In the DSG solution, this DL allows > 0/0 into R1, and denies everything else. The 0/0 is the one advertised by R2 > (ABR) once area 15 becomes totally stub. So why do we still need the DL? > > Q2- It is also said, BB1 "*should have routes"* to R1 and R2 loopback > addresses. Well, if that is literally what they mean, then there is no point > on making area 15 a totally stub. Area 15 being totally stub can not have a > route to R2 Loopback. Do they mean *access to R1 and R2 loopbacks*? If > that is the case, then we are OK because once 0/0 is advertised by R1 to > BB1, and BB1 can use this route to go out of area 15 and access R2 Loopback. > > Q3- Can we authenticate the virtual-links connecting R2, R5 and R6 without > authenticating the [physical] serial links through which the real packets > travel? > > I* would probably do the following in a scenario like this task:* > > *R2* > interface s0/1/0 > ip ospf authentication-key cisco *<==== physical Interface > authentication* > ip ospf authentication > > router ospf 1 > area 1 virtual-link 150.50.5.5 authentication > area 1 virtual-link 150.50.5.5 authentication-key cisco > area 1 virtual-link 150.50.6.6 authentication *<==== Virtual-Link > authentication* > area 1 virtual-link 150.50.6.6 authentication-key cisco > > *R4* > interface s0/0/0 > ip ospf authentication-key cisco *<==== physical Interface > authentication. Witout this,* > ip ospf authentication *R4 would lose > neighborship with R2* > > *R5 and R6* > interface s0/1/0 > ip ospf authentication-key cisco *<==== physical Interface > authentication* > ip ospf authentication > > router ospf 1 > area 1 virtual-link 150.50.2.2 authentication * <==== Virtual-Link > authentication* > area 1 virtual-link 150.50.2.2 authentication-key cisco > > Any clarifications are highly apreciated. > > Regards > > Bauke > > > > > > > > ------------------------------ > Looking for the perfect gift?* Give the gift of > Flickr!*<http://www.flickr.com/gift/> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bryan Bartik CCIE #23707 (R&S, SP), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
