From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Fri Mar 22 2002 - 06:24:24 GMT-3
I just conduct some test again using IOS 12.1(9) and this what I get :
1. Per-interface autheniifcation
--------------------------------
All links in the subnet must enable and set up the same else no neigh will form
.
Two ip ospf command per interface
2. Per-area authenification
----------------------------
You can override or disable the interfaces authenification by using the keyword
null.
One command in ospf process and one in interface.
(R2)-(DR)-Hub---(R1)[spoke], (R5)[spoke]
1. Per-interface authentification
- all interface in the same subnet's must enable and setup
to the same kind of authentification.
- verify method, clear ip ospf process and ensure neigh is up.
r5#s ip ospf
Area 1
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 31 times
r5#
r5#s ip ospf int s1/0.1
Serial1/0.1 is up, line protocol is up
Internet Address 135.1.125.5/28, Area 1
Process ID 1, Router ID 135.1.5.5, Network Type NON_BROADCAST, Cost: 64
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 135.1.2.2 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
====================================================
2.0 Per area authification
2.1 enable area authification
2.2 To disable authentification on link in that area
2.2.1 - In interface config, ip ospf auth null
R2:
!
router ospf 1
area 1 authentication message-digest
!
interface Serial0/0.1 multipoint
ip address 135.1.125.2 255.255.255.240
no ip directed-broadcast
ip pim sparse-dense-mode
ip ospf authentication null
-------------------------------
r2#s ip ospf
Area 1
Number of interfaces in this area is 2
Area has message digest authentication
SPF algorithm executed 21 times
R2#s ip ospf int s0/0.1
Serial0/0.1 is up, line protocol is up
Internet Address 135.1.125.2/28, Area 1
Process ID 1, Router ID 135.1.2.2, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 255
Designated Router (ID) 135.1.2.2, Interface address 135.1.125.2
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:00
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 135.1.5.5
Adjacent with neighbor 135.1.1.1
Suppress hello for 0 neighbor(s)
r1#s ip ospf
Routing Process "ospf 1" with ID 135.1.1.1
Area 1
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 13 times
r1#s ip ospf neig
Neighbor ID Pri State Dead Time Address Interface
135.1.2.2 255 FULL/DR 00:01:42 135.1.125.2 Serial0
r5#s ip os
Area 1
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 35 times
Parry Chua
/////////////////////////////////////////////////////////
-----Original Message-----
From: Don Banyong [mailto:don_study@hotmail.com]
Sent: Friday, March 22, 2002 2:44 PM
To: Brian Lodwick
Cc: ccielab@groupstudy.com; Conte, Charles; contec@nasdaq.com
Subject: Re: RE: OSPF authentication per-link *****OSPF AUTHENTICATION 4
DUMMIES plus******
//////////////////////////////////////////////////////////
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:17 GMT-3