RE: Re[2]: OSPF Virtual Link Authentication

From: Jim Brown (Jim.Brown@caselogic.com)
Date: Thu Sep 05 2002 - 19:55:48 GMT-3

• Next message: Liban.Mohamed@mail.sprint.com: "RE: OT: Re: What is irc server ?!?!?!?"
• Previous message: elping: "Re: ipx rip question"
• Maybe in reply to: syv: "Re[2]: OSPF Virtual Link Authentication"
• Next in thread: Jay: "Re: Re[2]: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think you can enable per interface authentication with virtual links
without enabling authentication in area 0.

I pretty sure on this, but I don't want to state it as fact since I've
already been wrong on one post this week.

-----Original Message-----
From: syv [mailto:syv@911networks.com]
Sent: Thursday, September 05, 2002 4:48 PM
To: Ivan Centeno
Cc: ccielab@groupstudy.com
Subject: Re[2]: OSPF Virtual Link Authentication

On Thursday, September 05, 2002, Ivan Centeno wrote:

I just had a similar scenario last week:

Area 0 was authenticated MD5. Here is the code from the
listing:

router ospf 10
 router-id 1.1.1.1
 log-adjacency-changes
 area 0 authentication message-digest
 area 126 virtual-link 6.6.6.6 message-digest-key 1 md5 cisco

I remembered reading somewhere that the far-end router is
logically attached to area 0 through the virtual-link.

-----Original Message-----
IC> Frank,

IC> In my understanding the answer is no. Area 1 is just a
IC> transit area, the virtual link encapsulates the LSA
IC> between R2 y R3 ( acting like a real link ). Because
IC> of that Area 1 not even need to have authentication
IC> enable.

IC> Ivan

IC> --- frank.yu@japan.bnpparibas.com wrote:
>>
>> Paul,
>>
>> Correct me if I am wrong. When you config a
>> diagram as following
>>
>>
>>
IC> R1------------------------------R2--------------------R3-------------
>> ospf a0
>> ospf a1
>> ospf a2
>>
>> R3 should see route in a0 as intra area route
>> other than inter area
>> route, so as I understand A0 and A1 should have same
>> authentication type
>> either plain text or message digest.
>>
>> Frank
>>
>>
>>
>> Internet
>> icenteno2001@yahoo.com@groupstudy.com - 09/05/2002
>> 12:23 PM
>>
>>
>> Please respond to icenteno2001@yahoo.com
>>
>> Sent by: nobody@groupstudy.com
>>
>> To: paul, ccielab
>>
>> cc:
>>
>>
>> Subject: Re: OSPF Virtual Link Authentication
>>
>>
>> Paul,
>>
>> I am working in the subject too.
>> comments in line.
>>
>> Ivan
>> --- Paul Grey <paul@greyboy.org> wrote:
>> > Could someone please clarify for me the exact
>> > context that the
>> > authentication parameters are used in the OSPF
>> > virtual link command:-
>> >
>> > area 1 virtual-link 1.1.1.1 [authentication |
>> > authentication-key]
>> >
>> > I currently have a config with Area 0 using plain
>> > text authentication
>> > (password cisco) and Area 1 is using
>> message-digest
>> > (sanjose).
>> >
>> > Ive configured a virtual link across Area 1 to a
>> > router tagged to Area
>> > 2.
>> >
>> > Using:-
>> >
>> > Area 0 authentication
>> > Area 1 virtual-link a.b.c.d
>> >
>> > On the Area 2 router my virtual link comes up.
>> >
>> > So Im assuming that the link has come up because
>> > the default null
>> > string is being used by the virtual-link for
>> > authentication. Am I right?
>>
>> My guess is yes.
>> >
>> > If I am then why use the parameters in the
>> command.
>> >
>> I think that the main reason is backward
>> compatibility
>> and the desire of full security in the flooding of
>> the
>> LSA.
>>
>> From a Cisco Document:
>>
>> "Starting in Cisco IOS. 12.0.8, authentication is
>> supported on a per-interface basis, as mentioned in
>> RFC 2328,
>> Appendix D. This feature was added in bug
>> CSCdk33792.
>> If you are a registered CCO user and you have logged
>> in, you
>> can view the bug details"
>>
>> Previous IOS 12.0.8 it was needed define the
>> configuration of the authentication in the virtual
>> link. Thats is the reason because I think in
>> backward
>> compatibility.
>>
>> Any comment would be appreciate.
>>
>> > Any takers?
>> >
>> > TIA
>> >
>> > Paul
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > ________________________________________________
>> >
>> > Paul Grey
>> >
>> > paul@greyboy.org
>> >
>> > This e-mail and any files transmitted with it are
>> > confidential and
>> > solely for the use of the intended recipient. If
>> you
>> > are not the
>> > intended recipient or the person responsible for
>> > delivering it to the
>> > intended recipient, please be advised that you
>> have
>> > received this email
>> > in error and that any use is strictly prohibited.
>> > Please notify us by
>> > replying to this mail and advising accordingly.
>> > Thank you for your
>> > co-operation.
>> >
>>
IC> __________________________________________________________________
>> > To unsubscribe from the CCIELAB list, send a
>> message
>> > to
>> > majordomo@groupstudy.com with the body containing:
>> > unsubscribe ccielab
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Yahoo! Finance - Get real-time stock quotes
>> http://finance.yahoo.com
>>
IC> __________________________________________________________________
>> To unsubscribe from the CCIELAB list, send a message
>> to
>> majordomo@groupstudy.com with the body containing:
>> unsubscribe ccielab
>>
>>
>>
>>
>>
>> This message and any attachments (the "message") is
>> intended solely for the addressees and is
>> confidential.
>> If you receive this message in error, please delete
>> it and
>> immediately notify the sender. Any use not in accord
>> with
>> its purpose, any dissemination or disclosure, either
>> whole
>> or partial, is prohibited except formal approval.
>> The internet
>> can not guarantee the integrity of this message.
>> BNP PARIBAS (and its subsidiaries) shall (will) not
>> therefore be liable for the message if modified.
>>
>>
>> ---------------------------------------------
>>
>> Ce message et toutes les pieces jointes (ci-apres le
>>
>> "message") sont etablis a l'intention exclusive de
>> ses
>> destinataires et sont confidentiels. Si vous recevez
>> ce
>> message par erreur, merci de le detruire et d'en
>> avertir
>> immediatement l'expediteur. Toute utilisation de ce
>> message non conforme a sa destination, toute
>> diffusion
>> ou toute publication, totale ou partielle, est
>> interdite, sauf
>> autorisation expresse. L'internet ne permettant pas
>> d'assurer l'integrite de ce message, BNP PARIBAS (et
>> ses
>> filiales) decline(nt) toute responsabilite au titre
>> de ce
>> message, dans l'hypothese ou il aurait ete modifie.
>>

IC> __________________________________________________
IC> Do You Yahoo!?
IC> Yahoo! Finance - Get real-time stock quotes
IC> http://finance.yahoo.com
Thanks

----
syv@911networks.com

• Next message: Liban.Mohamed@mail.sprint.com: "RE: OT: Re: What is irc server ?!?!?!?"
• Previous message: elping: "Re: ipx rip question"
• Maybe in reply to: syv: "Re[2]: OSPF Virtual Link Authentication"
• Next in thread: Jay: "Re: Re[2]: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:45 GMT-3