Configure the KEYip OSPF authentication-key ciscosetp2 ospf interface to enable authentication under the ospf process of ospf virtual link authentication area 1 area 0 authenticationsetp3 enable authentication area 1 virtual-link 3.3.3.3 authentication- key boscosetp4 check whether show ip ospfEX1 is successful use simple verification Router A interface Loopback0 ip address 1.1.1.1 255.255.255! Interface Serial0/1 ip address 10.1.1.1 255.255.255.252 ip ospf authentication-key cisco clockrate 64000! Router ospf 1 area 0 authentication network 10.1.1.0 0.0.0.3 area 0 network 1.1.1.1 0.0.0.0 area 0 Router B router ospf 1 area 0 authentication area 1 virtual-link 3.3.3.3 authentication-key bosco // This KEY and the previous the KEY under the interface does not matter ********************************** **************************************** * ******************* Router (config-router) # area 1 virtual-link 3.3.3.3 authentication-key? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE Authentication key (8 chars) // This KEY has no relationship with the KEY in the previous interface **************************** **************************************** * *********************** network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.0 0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 _______________________________________________________________________ Router C roospf ospf 1 area 0 authentication ****************************** **************************************** * ****** note: notice that the command area 0 authentication was used on Router C because the virtual link is in Area 0. if verification is enabled on area0 RA, the area 0 authentication command must be used on RC, this is because RC connects to area 0 through virtual-link ****************************** * ********************************** EX2 configure MD5 verification Message Digest authentication Over a Virtual LinkRouter B router ospf 1 area 1 virtual-link 3.3.3.3 authentication message-digest area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.0 0.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 routing Router C router ospf 1 area 1 virtual-link 2.2.2.2 authentication message-digest // enable MD5 authentication area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco // set the MD5KEY-1 to cisco network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1 for verification: rtrB # show ip ospf virtual-links Virtual Link OSPF_VL3 to router 3.3.3.3 is up // VIR status Run as demand circuit DoNotAge LSA allowed. transit area 1, via interface Serial1, Cost of using 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, retransmit 5 Hello due in 00:00:01 Adjacency State FULL (Hello suppressed) Message digest authentication enabled // This statement indicates that MD5 verification has enabled Youngest key id is 1 // description of the KEY-1Configuration Example: null Authentication does not enable VIR verification Router B router ospf 1 area 0 authentication area 1 virtual-link 3.3.3.3 authentication null network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.0 0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 1 route Router C router ospf 1 area 1 virtual-link 2.2.2.2 authentication null network 3.3.3.3 0.0.0.0 area 2 network 10.1.1.4 0.0.0.3 area 1