Re: ospf authentication

From: Joe Higgins (netsat@xxxxxxxxxxxxx)
Date: Wed May 08 2002 - 19:53:50 GMT-3

• Next message: Narvaez, Pablo: "RE: unframed E1 line config"
• Previous message: WBbamo@xxxxxxx: "Re: Redistribution between OSPF and EIGRP"
• Maybe in reply to: Joe Higgins: "ospf authentication"
• Next in thread: Jason Sinclair: "RE: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
The way that I perceive that the ospf authentication is done by the IOS is as
follows:

The IOS looks first at interface commands
1) Is there an "ip ospf authentication" or "ip ospf authentication message"
command on the interface ?
 If no go to (2)
If yes, is there a matching type command on the interface with a password?
If no, authenticate with a null password using that type level
If yes, then use that type of authentication and the password to form an
adjacency.

(2) Is there an "area x authentication" or "area x message-digest " command at
the router ospf configuration level
If no,. use no authentication.
If yes, is there a corresponding type key or password command configured on the
interface
If yes, then authentication at the ospf router configured type level and and us
e
the interface password configured
If no, then authenticate at the configured router ospf type level with a null
password.

garcia wrote:

> that's a good one. i would think you would get an authentication type error
> between mismatched neighbors and only form neighbors on those that match.
> if you configure md5 between rtr_b -- rtr_a and type 1 clear-text between
> rtr_b -- rtr_c, rtr_a should only form neighbor with rtr_b and rtr_c should
> only form neighbor with rtr_b. did you clear ip ospf proc or reload after
> you set up authentication?
>
> ----- Original Message -----
> From: Joe Higgins <netsat@optonline.net>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, May 08, 2002 11:29 AM
> Subject: ospf authentication
>
> > RTR_A (area 0 ) e0 -- e0 RTR_B (area 0) e1---e0 RTR_C (area 0}
> >
> > In the above scenario if I have the following commands on all three
> > routers running IOS 12.1 will the routers ospf authenticate using md5
> > encryption on that network segment even though on the router
> > configuration level I have specified plain text configuration? From
> > what I see it appears that if the first command ( ip ospf authentication
> > message-digest) is there on the interface level it does not care what,
> > if anything, is on the router configuration level as far as that
> > interface is concerned. It only looks to the router level command if
> > the first interface command is not present in the configuration.
> >
> > router ospf 1
> > area 0 authentication
> >
> > interface Ex
> > ip ospf authentication message-digest
> > ip ospf message-digest 1 md5 cisco

• Next message: Narvaez, Pablo: "RE: unframed E1 line config"
• Previous message: WBbamo@xxxxxxx: "Re: Redistribution between OSPF and EIGRP"
• Maybe in reply to: Joe Higgins: "ospf authentication"
• Next in thread: Jason Sinclair: "RE: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:53 GMT-3