From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Sat Jul 06 2002 - 19:07:38 GMT-3
Thank you Gabor,
This makes sense. The authentication commands under ROUTER OSPF is what
names the authentication for all interfaces in a given area, so if this
is adiquit, we can simply name the key on the interface (using the
appropriate syntax for auth or auth-MD5).
Anthony Pace
On Sat, 6 Jul 2002 23:37:59 +0200, "Gyori Gabor" <Gabor.Gyori@lnx.hu>
said:
> In order to make authentication on an interface, You need the following
> - specify the authentication type
> - specify the password
>
> The second allways has to be done on interface config.
> To the first one You have two options:
> - specify the authentication for the entire area, so it is inherited
> by all the interfaces in it
> - specify it on on the desired interfaces one-bye-one.
>
> In my previous example used the second method, most of tehe Cisco
> examples use the first one.
> In the first case all interfaces of the area must use the specified
> authentication, in the second case only the desired subset.
>
> Gabor
>
> > -----Original Message-----
> > From: Anthony Pace [mailto:anthonypace@fastmail.fm]
> > Sent: Saturday, July 06, 2002 11:23 PM
> > To: Gyuri Gabor; kym blair; ccielab@groupstudy.com
> > Cc: tlarus@cox.net; nshah@connect.com.au
> > Subject: RE: OSPF md5 authentication
> >
> >
> > Are both lines of configuration necessary? I have seen OSPF
> > examples of
> > clear-text and MD5 where just one line was configured on the actual
> > interface and the "ip ospf authentication message-digest" or "ip ospf
> > authentication" was ommited. I experemented with it an it seems to
> > function ok without the extra line. Is this line superfluous
> > or is it a
> > legacy command?
> >
> > Anthony Pace
> >
> >
> >
> >
> > On Fri, 5 Jul 2002 21:04:20 +0200, "Gyori Gabor" <Gabor.Gyori@lnx.hu>
> > said:
> > > Make sure to add the
> > > ip ospf authentication message-digest
> > > ip ospf message-digest-key 1 md5 xxx
> > >
> > > on all of the three participating interfaces (an hub and all the
> > > spokes).
> > > It works for me like this, even if I do not put
> > authentication on the
> > > whole
> > > area0 in ospf router
> > > configuration.
> > >
> > > Gabor
> > >
> > > > -----Original Message-----
> > > > From: kym blair [mailto:kymblair@hotmail.com]
> > > > Sent: Friday, July 05, 2002 12:04 AM
> > > > To: ccielab@groupstudy.com
> > > > Cc: tlarus@cox.net; nshah@connect.com.au
> > > > Subject: OSPF md5 authentication
> > > >
> > > >
> > > > This has been discussed several times, but I haven't see a
> > > > working solution
> > > > and hope someone has it:
> > > >
> > > > --MD5 authentication in area 0 over Frame Relay
> > > >
> > > > --hub router (multipoint subinterface; okay to change the
> > > > ospf network type)
> > > >
> > > > -- two spoke routers (physical serial interface; cannot
> > > > change the interface
> > > > type from non-broadcast [this means that the three routers
> > > > must elect DR;
> > > > you may set the priority to 0 on the spoke routers]).
> > > >
> > > > Adjacencies without authentication, but when a
> > > > message-digest-key is added
> > > > to the three, the hub router forms an adjacency with only one
> > > > of the spokes.
> > > > Generates a mismatch key error with the second spoke router.
> > > >
> > > > If you know the trick to get the hub to form adjacencies with
> > > > both spokes,
> > > > I'd sure appreciate hearing it.
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Kym
> > > >
> > > >
> > > >
> > > >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:20 GMT-3