Well...sort of resolved. After upgrading more of my routers to 12.1(10) I rebuilt my lab and attempted the ospf lab again. This time it still would not work, but instead of getting a Mismatched Authentication Key error during debugging I was getting a Mismatched Authentication Type. It claimed that one end was using Type 0 and the other was Type 1. I don't really know what that means so I tinkered for a while.
I tried many different combinations to no avail and eventually put everything back the way I honestly thought it should be. Still nothing. So, I rebooted...and guess what...it came up just fine. This really irritates me. Why would I need to reboot? It seems like I do a lot of rebooting when playing with ospf! :-) Maybe that's just me, though. Anyway, here is what the final working config looks like (and it's exactly what I *thought* should have worked in the first place): R4 is in Area 0 and Area 1. R5 connects to R4 and has interfaces in area 5. R4 ospf config: router ospf 1 log-adjacency-changes area 0 authentication area 1 virtual-link 212.1.22.1 authentication-key cisco network 200.100.100.17 0.0.0.0 area 4 network 212.1.22.33 0.0.0.0 area 1 network 212.1.22.84 0.0.0.0 area 0 R5 ospf config: router ospf 1 network 212.1.22.34 0.0.0.0 area 1 network 20.1.1.1 0.0.0.0 area 5 network 20.1.2.1 0.0.0.0 area 5 network 20.1.3.1 0.0.0.0 area 5 area 0 authentication area 1 virtual-link 200.100.100.17 authentication-key cisco area 5 range 20.1.0.0 255.255.0.0 Very simple, very straightforward, and dang it, it should have worked two days ago! Oh well. Perhaps I was overlooking something and tonight's configs are *exactly* the same as I had them two days ago. Thanks to everyone for their help and suggestions! John On Tue, 23 Oct 2001 21:40:50 -0400, Ryan Ngai Hon Kong wrote: | Don't you think fixing up the router-id in this scenario is | better to ensure consistent virtual link and since | you keep rebooting the router? | | Just an opinion. :) | Regards, | Ryan | | -----Original Message----- | From: John Neiberger [mailto:[EMAIL PROTECTED]] | Sent: Tuesday, October 23, 2001 10:06 PM | To: [EMAIL PROTECTED] | Subject: RE: OSPF Virtual Link Authentication [7:23867] | | | Thanks. I was configuring it as you suggest. I played around with this | more last night and I never got it to work. It's frustrating because it | seems so simple, yet I must be missing something that's right under my | nose. | | I had some problems with lab equipment last night that I finally | resolved. So, tonight I'll rebuild everything from scratch and see if I | can make it work. | | John | | >>> "Frank B" 10/23/01 1:10:15 AM >>> | Not sure if you received any possible issues other than the whitespace. | But | another common error...there are NO interface commands required for | the | interfaces into the transit area. The authentication commands are | placed at | the end of the area x virtual-link command under the ospf process. | For | instance: | | | Ra-----area0-----Rb-----area1-----Rc-----area2------Rd | | If area0 requires authentication, the only commands required to | authenticate | on the virtual-link transiting area1 are: | | Rc# | router ospf 1 | area 1 virtual-link [Rb rtr id] authenticatio-key cisco | area 0 authentication | | AND of course the same commands on the ospf process of Rb also. This | example was plain text but the "question mark" will help get you the | md5 | commands. The way I remember it...this virtual link IS my interface | into | the backbone so I ONLY need to configure there. | | Hope this helps, aloha, Frank | | -----Original Message----- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of | John Neiberger | Sent: Sunday, October 21, 2001 6:54 PM | To: [EMAIL PROTECTED] | Subject: OSPF Virtual Link Authentication | | | I was working on Fatkid 401 OSPF lab tonight and I could never get the | virtual link authentication to work correctly. No matter what I did, | I | would get errors stating I had a mismatched authentication key. Well, | the | key was "cisco" so that's not too hard to type in correctly. Still, I | played with the configs on the two relevant routers and I rebooted | them | several times, all to no avail. | | I even changed the authentication type to md5 and got the same | message. | Very weird. I thought at one point this was an IOS issue because one | router | was running 11.2(7) and the other 11.2(25a). I upgraded the first one | to | 11.2(25a) and I still see the same error. | | I peeked at the solution and saw that I had it configured exactly how | they | suggested. Then I checked CCO and saw that they suggest the same | configuration. | | Do any of you have any tips for configuring virtual link | authentication? | This seems to be a pretty simple config and I don't see what I'm | missing. | | Thanks, | John | | | | | | _______________________________________________________ | http://inbox.excite.com | | | | _______________________________________________________ http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23986&t=23867 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]