Re: [sc] OSPF - Area 0 Authentication (MD5) and Vitual Link

From: Peter Van Oene (vantech@xxxxxxxxxxxx)
Date: Mon Oct 04 1999 - 23:23:45 GMT-3

• Next message: Peter Van Oene: "CCIE Lab tips: Longish :)"
• Previous message: William.Darkwah: "Re: OSPF Virtual link and area authentication (md5)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Mike. I'm getting to this late and may have missed things, but here's my
thoughts on OSPF authentication. The key is to turn on authentication for
every router within the area in question. Its advisable to use the same key
throughout for simplicity sake though I believe you can do key pairs/groups
on a per interface basis.

Essentially, you can get by with the authentication authentication
message-digest command in your ospf process and the key id's on your
interfaces.

If you have a virtual link and authentication running in area 0 for
example, the virtual link router must also have the key so as to communicate
with area 0. However the transit area does not require authentication.

I am assuming you have MD5 turned on in your routing process? Off the top
of my head, I believe the syntax looks like this

int e0
ip ospf key cisco

int s0
ip ospf key cisco

router ospf 1
ospf auth message-digest

Peter Van Oene
Senior Systems Engineer
UNIS LUMIN Inc.
www.unislumin.com

----- Original Message -----
From: Ganich, Mike (M.J.) <mganich@ford.com>
To: <cisco-cert@cciecert.com>
Sent: Monday, October 04, 1999 11:17 AM
Subject: [sc] OSPF - Area 0 Authentication (MD5) and Vitual Link

> I've spent hours on this and can't figure out what's wrong.
>
> From what I've read, in addition to Area 0 - authentication (MD5) needs
to
> be turned on the transit area and virtual link. My assumptions:
> Area 0 - MD5 turned "ON'. Also, associated WAN links use
> "authentication md5 key xxx keyid XXX.
> Transit - MD5 turned "ON". Also, associated WAN links
> use ""authentication md5 key yyy keyid YYY."
> Virtual Link - uses auth MD5 key zzz keyid ZZZ.
>
> I've tried (what I think) is every possible combination of key's and
keyid's
> to get this to work. My only success came with using different key's and
> keyid's on Area 0, Transit Area, and VL. However, the success was short
> lived when one of the transit area routers was reloaded. After the reload,
> the virtual link would stop carrying routes.
>
> Can someone tell me what I'm missing?
>
> --
> To unsubscribe: echo unsubscribe cisco-cert | mail majordomo@cciecert.com
>

• Next message: Peter Van Oene: "CCIE Lab tips: Longish :)"
• Previous message: William.Darkwah: "Re: OSPF Virtual link and area authentication (md5)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:52 GMT-3