From: Gyori Gábor (Gabor.Gyori@xxxxxx)
Date: Sat Jul 06 2002 - 18:37:59 GMT-3
In order to make authentication on an interface, You need the following
- specify the authentication type
- specify the password
The second allways has to be done on interface config.
To the first one You have two options:
- specify the authentication for the entire area, so it is inherited by all
the interfaces in it
- specify it on on the desired interfaces one-bye-one.
In my previous example used the second method, most of tehe Cisco examples use
the first one.
In the first case all interfaces of the area must use the specified
authentication, in the second case only the desired subset.
Gabor
> -----Original Message-----
> From: Anthony Pace [mailto:anthonypace@fastmail.fm]
> Sent: Saturday, July 06, 2002 11:23 PM
> To: Gyuri Gabor; kym blair; ccielab@groupstudy.com
> Cc: tlarus@cox.net; nshah@connect.com.au
> Subject: RE: OSPF md5 authentication
>
>
> Are both lines of configuration necessary? I have seen OSPF
> examples of
> clear-text and MD5 where just one line was configured on the actual
> interface and the "ip ospf authentication message-digest" or "ip ospf
> authentication" was ommited. I experemented with it an it seems to
> function ok without the extra line. Is this line superfluous
> or is it a
> legacy command?
>
> Anthony Pace
>
>
>
>
> On Fri, 5 Jul 2002 21:04:20 +0200, "Gyori Gabor" <Gabor.Gyori@lnx.hu>
> said:
> > Make sure to add the
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 1 md5 xxx
> >
> > on all of the three participating interfaces (an hub and all the
> > spokes).
> > It works for me like this, even if I do not put
> authentication on the
> > whole
> > area0 in ospf router
> > configuration.
> >
> > Gabor
> >
> > > -----Original Message-----
> > > From: kym blair [mailto:kymblair@hotmail.com]
> > > Sent: Friday, July 05, 2002 12:04 AM
> > > To: ccielab@groupstudy.com
> > > Cc: tlarus@cox.net; nshah@connect.com.au
> > > Subject: OSPF md5 authentication
> > >
> > >
> > > This has been discussed several times, but I haven't see a
> > > working solution
> > > and hope someone has it:
> > >
> > > --MD5 authentication in area 0 over Frame Relay
> > >
> > > --hub router (multipoint subinterface; okay to change the
> > > ospf network type)
> > >
> > > -- two spoke routers (physical serial interface; cannot
> > > change the interface
> > > type from non-broadcast [this means that the three routers
> > > must elect DR;
> > > you may set the priority to 0 on the spoke routers]).
> > >
> > > Adjacencies without authentication, but when a
> > > message-digest-key is added
> > > to the three, the hub router forms an adjacency with only one
> > > of the spokes.
> > > Generates a mismatch key error with the second spoke router.
> > >
> > > If you know the trick to get the hub to form adjacencies with
> > > both spokes,
> > > I'd sure appreciate hearing it.
> > >
> > >
> > > Thanks,
> > >
> > > Kym
> > >
> > >
> > >
> > >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:20 GMT-3