Re: OSPF authentication

From: Jaeheon Yoo (kghost@xxxxxxxxxxxx)
Date: Tue Apr 17 2001 - 19:24:17 GMT-3

• Next message: daneyon hansen: "RE: External LSAs keeping ISDN line up!!!"
• Previous message: David A. Mack: "RE: ATM PVC Discovery"
• Maybe in reply to: Darek Kuzma: "OSPF authentication"
• Next in thread: Darek Kuzma: "Re: OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi, Jeff.
Thanks, I was wrong in specifying ip ospf message-digest-key.
It should be like this: "ip ospf message-digest-key 1 md5 cisco" ,as you
pointed out.

Regards,
Jaeheon

----- Original Message -----
From: <Jeff.Kline@ci.austin.tx.us>
To: <kghost@chollian.net>; <ccielab@groupstudy.com>
Cc: <darekk@optonline.net>
Sent: Wednesday, April 18, 2001 7:09 AM
Subject: RE: OSPF authentication

>
> To configure MD5 authentication you have the ospf process command "area x
> authentication message-digest." If you leave off the 'message-digest'
part,
> it sets up that area for simple authentication. In interface mode, you
> would do the following command to complete the MD5 setup: "ip ospf
> message-digest-key 1 md5 password' or for simple authentication: "ip ospf
> authentication-key password." You may need to add the 0 for unencrypted
> password in some IOS versions... In the MD5 interface command, the 1 in
the
> above line denotes key 1. OSPF allows for smooth key transitions -- it
will
> use an older key until the last router uses the higher key ID. I think
the
> OSPF design guide online has a pretty good description of this -- not much
> to it:
>
> http://www.cisco.com/warp/public/104/2.html#6.0
>
> The interface command listed below on E0 ("ip ospf authentication
> message-digest") was introduced in version 12.0:
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r
> /1rprt1/1rospf.htm#xtocid677212
>
> I haven't worked with the interface ip ospf authentication message-digest
> command, but will see if it works the same as I described in the
beginning.
>
> -Jeff
>
>
> -----Original Message-----
> From: Jaeheon Yoo [mailto:kghost@chollian.net]
> Sent: Tuesday, April 17, 2001 4:38 PM
> To: ccielab@groupstudy.com
> Cc: Darek Kuzma
> Subject: Re: OSPF authentication
>
>
> Hi, Darek
>
> I think Michel is right.
> "ip ospf authentication-key xxxx" interface command is for specifying a
> simple password(cleartext) authentication key.
> "ip ospf message-digest-key xxx" interface command is for specifying a
> message digest key.
> And "ip ospf authentication [message-digest | null ]" is introduced in
12.0
> for overriding any authentication type configured for the area.
> "ip ospf authentication" is for a simple password authentication type.
> "ip ospf authentication message-digest" is for a message-digest
> authentication type.
> "ip ospf authentication null" is for a null authentication.
>
> So the right configuration is as follows:
>
> !
> !
> interface Ethernet0
> ip address 1.1.1.1 255.255.255.0
> no ip directed-broadcast
> ip ospf authentication message-digest
> ip ospf message-digest-key cisco
> !
> router ospf 1
> area 0 authentication
> network 1.1.1.0 0.0.0.255 area 0
>
> ip ospf authentication interface command is needed when an area-wide
> authentication type is unspecified or different from the interface-wide
> authentication type.
> And I believe the key chain authentication supported in RIPv2 and EIGRP is
> NOT supported in OSPF. Please correct me if I'm wrong.
>
> Hope this helps.
>
> Regards,
> Jaeheon
>
>
> ----- Original Message -----
> From: "Darek Kuzma" <darekk@optonline.net>
> Cc: <ccielab@groupstudy.com>
> Sent: Wednesday, April 18, 2001 2:44 AM
> Subject: Re: OSPF authentication
>
>
> >
> > Thanks!
> > I was missing this command:
> > ip ospf authentication-key
> >
> > Darek
> >
> > adiment@uswest.com wrote:
> >
> > > key chain mykeychain
> > > key 1
> > > key-string cisco
> > > !
> > > !
> > > interface Ethernet0
> > > ip address 1.1.1.1 255.255.255.0
> > > no ip directed-broadcast
> > > ip ospf authentication message-digest
> > > ip ospf authentication-key mykeychain
> > > !
> > > router ospf 1
> > > area 0 authentication message-digest
> > > network 1.1.1.0 0.0.0.255 area 0
> > >
> > > -----Original Message-----
> > > From: Darek Kuzma [mailto:darekk@optonline.net]
> > > Sent: Tuesday, April 17, 2001 10:52 AM
> > > To: ccielab@groupstudy.com
> > > Subject: OSPF authentication
> > >
> > > Hi,
> > > Does anybody know how to use key-chain with OSPF? Is that possible at
> > > all?
> > > Thanks,
> > > Darek Kuzma
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: daneyon hansen: "RE: External LSAs keeping ISDN line up!!!"
• Previous message: David A. Mack: "RE: ATM PVC Discovery"
• Maybe in reply to: Darek Kuzma: "OSPF authentication"
• Next in thread: Darek Kuzma: "Re: OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:48 GMT-3