RE: OSPF Authentication

From: Negri, Francois (Francois.Negri@xxxxxxxxxx)
Date: Wed May 17 2000 - 12:04:32 GMT-3

• Next message: Vijay Venkatesh: "Re: Back to back cables"
• Previous message: David Goldsmith: "Re: OSPF Authentication"
• Maybe in reply to: Li Chaoyong (Company): "OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
They both do basically the same thing except one uses an encrypted key and
the other does not. The command "ip ospf authentication-key" does not use
an encryted key so therefrore it not as secure as the other, it can be
sniffed (lear text acrross the wire). If a remote router uses the command
"area x authentication message-digest-key" in its global config for a
specific area it expects any neighbor trying to connect to that specific
area to exchange LSAs to use the same encryted key that is why you must use
the command "ip ospf message-digest-key" which encrypts the key. The remote
router in this case expects to decrypt so if you pass it a key that is not
encrypted by using the command "ip ospf authentication-key" it will still
try decrypt because based on its config it is beign to to expect an
encrypted because of this command " area x authentication
message-digest-key" therefore it wont work.

 -----Original Message-----
From: Li Chaoyong (Company) [mailto:hughcyli@holybridge.com.cn]
Sent: Wednesday, May 17, 2000 9:55 AM
To: GroupStudy CCIE
Subject: OSPF Authentication

Could any one tell me how to use ospf authentication?

There is a command "ip ospf authentication-key" and "ip ospf
message-digest-key" in interface configuration mode. There is another
command "area x authentication [message-digest]". I want to know what is the
relationship between these two commands.

Document CD said that "ip ospf authentication-key" is used with "area x
authentication" and "ip ospf message-digest-key" is used with "area x
authentication message-digest-key". But I found that "ip ospf
authentication-key" can be used with "area x authentication
message-digest-key" and "ip ospf message-digest-key" can be used with "area
x authentication".

So could anyone tell me what is the relationship with these two commands on
earth.

------------------

I find that the authentication type is identified by "area x authen"
command. ???

• Next message: Vijay Venkatesh: "Re: Back to back cables"
• Previous message: David Goldsmith: "Re: OSPF Authentication"
• Maybe in reply to: Li Chaoyong (Company): "OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3