Re: OSPF md5 authentication

From: elping (elpingu@xxxxxxxxxx)
Date: Sat Jul 06 2002 - 19:07:50 GMT-3

• Next message: elping: "Re: Dlsw queueing methods"
• Previous message: Anthony Pace: "RE: OSPF md5 authentication"
• Maybe in reply to: kym blair: "OSPF md5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
when you use the ip ospf authentication command on the interface is for
ospf link authentication
meaning :
you will not use are authentication command under ospf......even though it
does not harm the config

if you use ospf link authentication then all router adjcent to each other
must have it..

Anthony Pace wrote:

> Are both lines of configuration necessary? I have seen OSPF examples of
> clear-text and MD5 where just one line was configured on the actual
> interface and the "ip ospf authentication message-digest" or "ip ospf
> authentication" was ommited. I experemented with it an it seems to
> function ok without the extra line. Is this line superfluous or is it a
> legacy command?
>
> Anthony Pace
>
> On Fri, 5 Jul 2002 21:04:20 +0200, "Gyuri Gabor" <Gabor.Gyori@lnx.hu>
> said:
> > Make sure to add the
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 1 md5 xxx
> >
> > on all of the three participating interfaces (an hub and all the
> > spokes).
> > It works for me like this, even if I do not put authentication on the
> > whole
> > area0 in ospf router
> > configuration.
> >
> > Gabor
> >
> > > -----Original Message-----
> > > From: kym blair [mailto:kymblair@hotmail.com]
> > > Sent: Friday, July 05, 2002 12:04 AM
> > > To: ccielab@groupstudy.com
> > > Cc: tlarus@cox.net; nshah@connect.com.au
> > > Subject: OSPF md5 authentication
> > >
> > >
> > > This has been discussed several times, but I haven't see a
> > > working solution
> > > and hope someone has it:
> > >
> > > --MD5 authentication in area 0 over Frame Relay
> > >
> > > --hub router (multipoint subinterface; okay to change the
> > > ospf network type)
> > >
> > > -- two spoke routers (physical serial interface; cannot
> > > change the interface
> > > type from non-broadcast [this means that the three routers
> > > must elect DR;
> > > you may set the priority to 0 on the spoke routers]).
> > >
> > > Adjacencies without authentication, but when a
> > > message-digest-key is added
> > > to the three, the hub router forms an adjacency with only one
> > > of the spokes.
> > > Generates a mismatch key error with the second spoke router.
> > >
> > > If you know the trick to get the hub to form adjacencies with
> > > both spokes,
> > > I'd sure appreciate hearing it.
> > >
> > >
> > > Thanks,
> > >
> > > Kym
> > >
> > >
> > >
> > >

• Next message: elping: "Re: Dlsw queueing methods"
• Previous message: Anthony Pace: "RE: OSPF md5 authentication"
• Maybe in reply to: kym blair: "OSPF md5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:20 GMT-3