04-14-2004 09:39 PM - edited 03-02-2019 03:00 PM
two questions
First,
What is the diffirence between them?
one is in global configuration mode, another is in interface configuration mode.
second,
OSPF authentication
R1---1544K area 0 MD5---R2
R1---ISDN area 0 MD5---R2
ISDN is for backup.
Do I need to configuration MD5 on the ISDN? like
int bri 0
ip ospf message-digest-key 1 md5 cisco
Thanks
04-15-2004 03:31 AM
The "ip local policy route-map" command is used to policy-route traffic generated locally on the router. For example, if you are logged into the router itself executing a ping, the local policy would apply. The same would apply for GRE / IPSec / Telnet traffic etc. coming from the router itself.
The "ip policy route-map" looks at traffic entering an interface and policy-routes accordingly. This traffic would be external, transiting the router. Hope that clears your first question.
Second:
If you are using area authentication i.e.:
router ospf 100
area 0 authentication message-digest
Then you must also configure your MD5 key on the ISDN link as you specified. All interfaces in Area 0 (including virtual links!) must have the MD5 key configured.
However, if you are configuring link authentication:
(interface serial1
ip ospf authentication message-digest)
you only need to configure the message-digest key on the interfaces where you also configure authentication.
HTH
-Colin
04-15-2004 06:18 AM
Thanks for your reply.
for the first question.
the topology like
R2----R1---LAN----R3
R4----R1
if the packet is from LAN between R1 and R3, which statement I should use? "ip local policy" or "ip policy" ? because part of packets generated from R1, and part of packets generated from LAN or R3
second question.
two topology
1st topology.
R1---area 0 serial0--R2---area 1-----R3
R1---area 0 ISDN-----R2
router ospf 100
area 0 authentication message-digest
int se 0
ip ospf message-digest 1 md5 cisco
for this topology, I guess on the ISDN link, we don't need to use "ip ospf message-digest 1 md5 cisco
", because when the main link down, ISDN will up and no necessary to use MD5 on the ISDN link
second topology
R2---area0 serial0---R1---area 0----R3---area1---R4
R2---area0 ISDN-----R1
if run MD5 in area 0(between R2,R1 and R3), if the main link between R2 and R1 down, I guess ISDN must use MD5, if not, then R2 can not connect to R3.
right?
but for the first topology, that is ok if we use MD5 on the ISDN link. so for both topology, use MD5 is OK. but I found in many of study materials, they don't use MD5 on the ISDN link.
so I am confused.
Thanks again.
04-15-2004 10:26 AM
For the policy-routing question, if some of your traffic is generated by R1 itself, and some is from the LAN/R3, then you can configure both the local policy and the interface policy.
(config)# ip local-policy route-map MAPNAME
Then under the interface connected to the LAN/R3
(config-if)# ip policy route-map MAPNAME.
As for your ISDN config, if you are running MD5 in area 0 you must configure the message-digest key on the ISDN link. All interfaces that are included in Area 0 must have the key in order to function properly.
HTH
-Colin
04-15-2004 03:39 AM
packets generated by the router do not normally abide by the policy routing, if you use "ip local policy route-map", it will.
The ospf/isdn issue, sorry don't know
04-15-2004 07:47 AM
Regarding PBR, the "ip local policy route-map" is used to Policy-Based Route traffic that is generated by the router itself (for example, if you issue a ping on the router, the ICMP packets will be Policy-Based Routed according to the route-map specified with the "ip local policy route-map". The "ip policy route-map" is used to Policy-Based Route traffic that is received on the interface on which the command is configured.
Regarding OSPF authentication, the answer is: it depends on the rest of the configuration. If you configured "area 0 authentication message-digest" under the OSPF process, then you need to configure "ip ospf message-digest-key ... md5 ..." command on the ISDN interface (since the ISDN interface belongs to Area0).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: