Re: OSPF interface authentication (not area authent.)

From: kym blair (kymblair@xxxxxxxxxxx)
Date: Sun Jul 28 2002 - 04:38:27 GMT-3

• Next message: kpalmer: "RE ftp data or gt 1023"
• Previous message: kpalmer: "FTP- DATA or gt 1023 ?"
• Maybe in reply to: yakout esmat: "OSPF interface authentication (not area authent.)"
• Next in thread: yakout esmat: "RE: OSPF interface authentication (not area authent.)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Yakout,

Eric is right ... if the interfaces are sharing the same subnet, then the
hub must be multipoint, not subinterfaces, and ospf authentication is for
the whole area that the subnet is in. Of course, for the routers to form
adjacencies, the interfaces have to be the same ospf network type.

If you choose (or are directed) to go with network type non-broadcast,
you'll have problems with ospf authentication. They can be overcome, but
what a hassle. Given a choice, go with multipoint or broadcast network type
on the hub and spoke interfaces. Either will work, but broadcast elects
DR/BDR so requires neighbor statements on the hub.

Kym

>From: "Erick B." <erickbe@yahoo.com>
>Reply-To: "Erick B." <erickbe@yahoo.com>
>To: yakout esmat <yesmat@iprimus.com.au>, Groupstudy
><ccielab@groupstudy.com>
>Subject: Re: OSPF interface authentication (not area authent.)
>Date: Sat, 27 Jul 2002 23:28:07 -0700 (PDT)
>
>I don't know if anyone has replied yet...
>
>Hub has a multipoint subinterface. Thats 1 interface
>and interface authentication is done on the whole
>interface. If you don't want authentication on the
>other spoke then create another subinterface and
>subnet for that spoke.
>
>No way to do per-PVC OSPF authentication that I know
>of, and as far as I recall thats not part of the RFC.
>
>--- yakout esmat <yesmat@iprimus.com.au> wrote:
> > I have come across a OSPF Interface authentication
> > issue might or might not
> > be of significance.
> >
> > If we have hub and two spokes in frame relay network
> > sharing the same
> > subnet.
> >
> > If I do interface authentication between the hub and
> > one of the spokes only,
> > I lose adjancey with the other spoke understandably.
> >
> > Is there a way with which we can do interface ONLY
> > authentication (not are
> > authentication) between hub and only one of the
> > spokes without loosing the
> > other spoke??
> >
> > I would think not, but if any body has insight on
> > this issue, would be
> > appreciated.
> >
> > Cheers
> >
> > Yakout
>
>

• Next message: kpalmer: "RE ftp data or gt 1023"
• Previous message: kpalmer: "FTP- DATA or gt 1023 ?"
• Maybe in reply to: yakout esmat: "OSPF interface authentication (not area authent.)"
• Next in thread: yakout esmat: "RE: OSPF interface authentication (not area authent.)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:47 GMT-3