RE: OSPF authentication question

From: Tu Nguyen (tunguyen@xxxxxxxxxxx)
Date: Fri Dec 07 2001 - 18:52:56 GMT-3

• Next message: Robert DuBell: "Re: OSPF authentication question"
• Previous message: Wade Edwards: "RE: Filtering & Wildcard"
• Maybe in reply to: xujing@xxxxxxxxx: "OSPF authentication question"
• Next in thread: Robert DuBell: "Re: OSPF authentication question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I have a quick question, hopefully someone can shine some light.

If an interface have ip ospf authentication activate.
Does this mean any router directly connected to this interface running
ospf must need to enable ip ospf authentication in order for ospf to
establish adjacency, right? Here is the example:

R1-----------------R2 & R3 (Point-Multipoint)
R1 is connected to R2 and R3 via a frame-relay, sharing the same sub
interface (point-multipoint)
If R1 and R2 is enable for ip ospf authentication, does this mean R1 and
R3 must have the same requirement?

In my opinion, I believe in this case all routers will need to configure
with ip ospf authentication and no other option. Unless, Cisco allow ip
ospf authentication per neighbor; which I don't think there is.

Thanks, Tu

-----Original Message-----
From: Asbjorn Hojmark [mailto:Asbjorn@Hojmark.ORG]
Sent: Friday, December 07, 2001 6:24 AM
To: xujing@31942.org
Cc: 'ccielab'
Subject: RE: OSPF authentication question

> inter f0/0
> ip add 1.1.1.1 255.255.255.0
> ip ospf mess 1 md5 cisco

That sets the MD5 key for the authentication. It doesn't actually
turn on authentication...

> but I also find the "ip ospf authentication mess" from the
> IOS command list.

That can be used to turn on authentication for the interface.

Back in the Old Days(TM), you could only turn on authentication
for an entire area, which of course is done in OSPF router config
mode (with 'area x authen').

If you turn on authentication for the complete area, you don't
need 'ip ospf authen' on the interfaces in that particular area.

> who can tell me whether I need add the "ip ospf authentication
> mess" to my config?

You only need to do that if you want to use a different type of
authentication (plain, md5, null) for an interface than what you
use for the rest of the area.

HTH,
-A

--
Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
Links : http://www.hojmark.org/networking/

• Next message: Robert DuBell: "Re: OSPF authentication question"
• Previous message: Wade Edwards: "RE: Filtering & Wildcard"
• Maybe in reply to: xujing@xxxxxxxxx: "OSPF authentication question"
• Next in thread: Robert DuBell: "Re: OSPF authentication question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:40 GMT-3