DGS-6604
m
area virtual-link
CLI Reference Guide
49
The password created by the
area virtual-link authentication-key
command is
used as a "key" that is inserted directly into the OSPF header when the switch
system software originates routing protocol packets over this virtual link.
Usually, one key per interface (or virtual link) is used to generate authentication
information when sending packets and to authenticate incoming packets. The
same key identifier on the neighbor router must have the same
KEY
value.
The process of changing keys is as follows. Suppose the current configuration is
as follows:
area 1 virtual-link 192.168.255.1 message-digest-key 100 md5
OLD
The configuration can be changed to the following:
area 1 virtual-link 192.168.255.1 message-digest-key 101 md5
NEW
The system assumes its neighbors do not have the new key yet, so it begins a
rollover process. It sends multiple copies of the same packet, each authenticated
by different keys. In this example, the system sends out two copies of the same
packet; the first one authenticated by key 100 and the second one authenticated
by key 101
Rollover allows neighboring routers to continue communication while the network
administrator is updating them with the new key. Rollover stops once the local
system finds that all its neighbors know the new key. The system detects that a
neighbor has the new key when it receives packets from the neighbor
authenticated by the new key.
After all neighbors have been updated with the new key, the old key should be
removed. In this example, the following entry is used:
no area 1 virtual-link 192.168.255.1 message-digest-key 100
Examples
This following example shows how to establish a virtual link with
hello-interval
and
dead-interval
to 5 and 10 seconds respectively.
Verify the settings by entering the
show ip ospf virtual-links
command.
This following example (on the next page) shows how to configure the following
parameters for a virtual link at area 1 with the remote id as 192.168.255.1.
1. Specify "yourpass" as the key for simple password authentication.
2. Set authentication type to simple password.
Switch# configure terminal
Switch(config)# router ospf
Switch(config-router)# area 1 virtual-link 10.10.11.50 hello-interval 5
dead-interval 10