Configuring an OSPF area virtual interface

Use manual virtual interfaces to provide a backup link for vital OSPF traffic with a minimum of resource use.

Before you begin

  • Enable OSPF globally.

  • You configure an OSPF area virtual interface on a VRF instance the same way you configure the GlobalRouter, except that you must use VRF Router Configuration mode and the prefix ip ospf. The VRF must have an RP Trigger of OSPF. Not all parameters are configurable on non0 VRFs.

About this task

Both sides of the OSPF connection must use the same authentication type and key.

You cannot configure a virtual link using a stub area or an NSSA.

Procedure

  1. Enter OSPF Router Configuration mode:

    enable

    configure terminal

    router ospf

  2. Create an OSPF area virtual interface:

    area virtual-link {A.B.C.D} {A.B.C.D}

  3. Choose the OSPF update authentication method:

    area virtual-link {A.B.C.D} {A.B.C.D} authentication-type <message-digest|none|sha-1|sha-2|simple>

    Both sides of an OSPF connection must use the same authentication type and key.

  4. If required, configure an MD5 key for the virtual interface:

    area virtual-link message-digest-key {A.B.C.D} {A.B.C.D} <1-255> md5-key WORD<1–16>

  5. Configure optional parameters, as required.
  6. Ensure that the configuration is correct:

    show ip ospf virtual-link {A.B.C.D} {A.B.C.D} [vrf WORD<1-16>] [vrfids WORD<0-512>]

Example

Create an OSPF area virtual interface with an area ID of 192.0.2.12 and the virtual interface ID of 198.51.100.2, choose the OSPF update authentication method to simple, and the hello-interval to 100.

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#router ospf
Switch:1(config-ospf)#area virtual-link 192.0.2.12 198.51.100.2 198.51.100.2
Switch:1(config-ospf)#area virtual-link 192.0.2.12 198.51.100.2 198.51.100.2 authentication-type simple
Switch:1(config-ospf)#area virtual-link 192.0.2.12 198.51.100.2 198.51.100.2 hello-interval 100

Variable Definitions

The following table defines parameters for the area virtual-link command.

Variable

Value

{A.B.C.D} {A.B.C.D}

Specifies the area ID and the virtual interface ID.

authentication-key WORD<0-8>

Configures the authentication key of up to eight characters.

authentication-type <message-digest|none|sha-1|sha-2|simple>

Specifies the type of authentication required for the interface.

  • none—Specifies that no authentication required.

  • simple password—Specifies that all OSPF updates received by the interface must contain the authentication key specified in the interface AuthKey parameter.

  • MD5 authentication—Specifies that all OSPF updates received by the interface must contain the MD5 key.

  • sha-1—Specifies secure hash algorithm 1 (SHA-1), which is a cryptographic hash function that produces a 160-bit hash value, usually given in a hexadecimal number, 40 digits long.

  • sha-2—Specifies SHA-2, which offers the hash function SHA-256.

    Note:

    sha-2, an update of SHA-1, can offer six hash functions that include SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA 512/256, with hash values that are 224, 256, 384, or 512 bits. However, the current release supports only SHA-256.

dead-interval <0-2147483647>

Configures the number of seconds between router hello packets before neighbors declare the router down. This value must be at least four times the hello interval value. The default is 60.

hello-interval <1-65535>

Configures the hello interval, in seconds, on the virtual interface for the length of time (in seconds) between the hello packets that the router sends on the interface. The default is 10.

primary-digest-key <1-255>

Use this parameter to transition to a new MD5 key; It changes the primary key used to encrypt outgoing packets.

<1-255> is the ID for the MD5 key.

retransmit-interval <0-3600>

Configures the retransmit interval for the virtual interface, the number of seconds between LSA retransmissions.

The range is from 1–3600.

transit-delay <0-3600>

Configures the transit delay for the virtual interface, the estimated number of seconds required to transmit a link-state update over the interface.

The range is from 1–3600.

The following table defines parameters for the area virtual-link message-digest-key command.

Variable

Value

{A.B.C.D} {A.B.C.D}

Specifies the area ID and the virtual interface ID.

<1-255>

Specifies the ID for the message digest key

md5-key WORD<1–16>

Configures the MD5 key, you can configure a maximum of two MD5 keys for an interface.

If you configure two keys, the interface uses only the first key. To transition to the second key, configure a primary-md5-key to use the ID of the second configured key, and then delete the first key.

Important:

Use the correct key id when two keys are configured.

The key id and md5 password must match with the other OSPF routers, to form the OSPF adjacencies.

WORD<1–16> is an alphanumeric password of up to 16 characters.

The following table defines parameters for the show ip ospf virtual-link command.

Variable

Value

<A.B.C.D> <A.B.C.D>

Specifies the area ID and the virtual interface ID.

vrf WORD<1-16>

Specifies a VRF.

vrfids WORD<0-512>

Specifies a range of VRF IDs.