Re: ospf authentication

From: Joe Higgins (netsat@xxxxxxxxxxxxx)
Date: Wed May 08 2002 - 19:27:50 GMT-3

• Next message: Jenkins, Buddy: "RE: Redistribute ospf external route into igrp"
• Previous message: Howard C. Berkowitz: "RE: Redistribution between OSPF and EIGRP"
• Maybe in reply to: Joe Higgins: "ospf authentication"
• Next in thread: Joe Higgins: "Re: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
No I do not get mismatched type errors. For example I can have all, some or
none of the routes in area 0 configured at the router configuration level for
MD5 authentication and at the same time have all the interfaces in that area
with:
int xx
ip ospf authentication
ip ospf authentication-key cisco

They will all form an adjacency using type 1, i.e. plain text authentication;
On the other hand the authentication put on a virtual link such as
area 2 virtual x.x.x.x message-digest-key 1 md5 cisco
must match the authentication type configured on its border routes at the
router configuration level. If the authentication types do not match they will
still authentication the virtual link but use a null password.

garcia wrote:

> that's a good one. i would think you would get an authentication type error
> between mismatched neighbors and only form neighbors on those that match.
> if you configure md5 between rtr_b -- rtr_a and type 1 clear-text between
> rtr_b -- rtr_c, rtr_a should only form neighbor with rtr_b and rtr_c should
> only form neighbor with rtr_b. did you clear ip ospf proc or reload after
> you set up authentication?
>
> ----- Original Message -----
> From: Joe Higgins <netsat@optonline.net>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, May 08, 2002 11:29 AM
> Subject: ospf authentication
>
> > RTR_A (area 0 ) e0 -- e0 RTR_B (area 0) e1---e0 RTR_C (area 0}
> >
> > In the above scenario if I have the following commands on all three
> > routers running IOS 12.1 will the routers ospf authenticate using md5
> > encryption on that network segment even though on the router
> > configuration level I have specified plain text configuration? From
> > what I see it appears that if the first command ( ip ospf authentication
> > message-digest) is there on the interface level it does not care what,
> > if anything, is on the router configuration level as far as that
> > interface is concerned. It only looks to the router level command if
> > the first interface command is not present in the configuration.
> >
> > router ospf 1
> > area 0 authentication
> >
> > interface Ex
> > ip ospf authentication message-digest
> > ip ospf message-digest 1 md5 cisco

• Next message: Jenkins, Buddy: "RE: Redistribute ospf external route into igrp"
• Previous message: Howard C. Berkowitz: "RE: Redistribution between OSPF and EIGRP"
• Maybe in reply to: Joe Higgins: "ospf authentication"
• Next in thread: Joe Higgins: "Re: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:53 GMT-3