From: Albert Lu (albert_ccie@xxxxxxxxx)
Date: Fri Nov 02 2001 - 05:39:37 GMT-3
Hello Group,
I just wanted to share some findings on OSPF Authentication and to confirm
them.
Lets say you have this topology:
R1----R2----R3
They are all in Area 0 and you only wanted to do authentication between R1
and R2, and not R2 and R3. Since you have to enable authentication for the
whole area, you can't leave R2 and R3 without an 'ip ospf
authentication-key' command. From what I found leaving this command out will
not allow R2 and R3 to form adjacencies with each other, so what you need to
do is use 'ip ospf authentication null' command on both R2 and R3. This will
allow adjacency to form, and not have authentication running.
This holds true for virtual links as well. If you didn't want the virtual
link to be using authentication, but your Area 0 is using authentication
then you would use 'area 1 virtual-link 5.5.5.5 authentication null'
command.
So if I had an area with 50+ routers and they all were doing authentication,
I could have a segment with no authentication running at all!!
Albert
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:01 GMT-3