Re: Re: OSPF Virtual Link Authentication

From: Ivan Centeno (icenteno2001@yahoo.com)
Date: Fri Sep 06 2002 - 00:31:33 GMT-3

• Next message: Brent Stewart: "ATM Switch Advice Sought"
• Previous message: Kelly Cobean: "Lab Challenge....Routing Loop?"
• Maybe in reply to: frank.yu@japan.bnpparibas.com: "Re: OSPF Virtual Link Authentication"
• Next in thread: frank.yu@japan.bnpparibas.com: "RE: Re[2]: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Comments in line.

--- Em:lRb <coolblackbear@sina.com> wrote:
> Ivan Centeno:
>
> hi,i think the virtual-link authentication should
> be the same with the area 0.

In general Yes ( see the next comment ), the type of
authentication should be same but the value of the
authentication could be NULL.

> by the way ask one question:in the statement of
> area xx virtual-link x.x.x.x [authentication
> |authentication-key] , what differrente between
> with authentication and authentication-key in use?

authentication is the type ( clear text or MD5 ). I
think that this allows authenticate the virtual link
even if the area itself has no authentication
specified.

authentication-key is the password in the clear text
mode.

Ivan

>
> ======= 2002-09-05 08:21:00 DzTZ@4PEVPP45@#:=======
>
> >Frank,
> >
> >In my understanding the answer is no. Area 1 is
> just a
> >transit area, the virtual link encapsulates the LSA
> >between R2 y R3 ( acting like a real link ).
> Because
> >of that Area 1 not even need to have authentication
> >enable.
> >
> >Ivan
> >
> >--- frank.yu@japan.bnpparibas.com wrote:
> >>
> >> Paul,
> >>
> >> Correct me if I am wrong. When you config a
> >> diagram as following
> >>
> >>
> >>
>
>R1------------------------------R2--------------------R3-------------
> >> ospf a0
> >> ospf a1
> >> ospf a2
> >>
> >> R3 should see route in a0 as intra area
> route
> >> other than inter area
> >> route, so as I understand A0 and A1 should have
> same
> >> authentication type
> >> either plain text or message digest.
> >>
> >> Frank
> >>
> >>
> >>
> >> Internet
> >> icenteno2001@yahoo.com@groupstudy.com -
> 09/05/2002
> >> 12:23 PM
> >>
> >>
> >> Please respond to icenteno2001@yahoo.com
> >>
> >> Sent by: nobody@groupstudy.com
> >>
> >> To: paul, ccielab
> >>
> >> cc:
> >>
> >>
> >> Subject: Re: OSPF Virtual Link Authentication
> >>
> >>
> >> Paul,
> >>
> >> I am working in the subject too.
> >> comments in line.
> >>
> >> Ivan
> >> --- Paul Grey <paul@greyboy.org> wrote:
> >> > Could someone please clarify for me the exact
> >> > context that the
> >> > authentication parameters are used in the OSPF
> >> > virtual link command:-
> >> >
> >> > area 1 virtual-link 1.1.1.1 [authentication |
> >> > authentication-key]
> >> >
> >> > I currently have a config with Area 0 using
> plain
> >> > text authentication
> >> > (password cisco) and Area 1 is using
> >> message-digest
> >> > (sanjose).
> >> >
> >> > Ive configured a virtual link across Area 1 to
> a
> >> > router tagged to Area
> >> > 2.
> >> >
> >> > Using:-
> >> >
> >> > Area 0 authentication
> >> > Area 1 virtual-link a.b.c.d
> >> >
> >> > On the Area 2 router my virtual link comes up.
> >> >
> >> > So Im assuming that the link has come up
> because
> >> > the default null
> >> > string is being used by the virtual-link for
> >> > authentication. Am I right?
> >>
> >> My guess is yes.
> >> >
> >> > If I am then why use the parameters in the
> >> command.
> >> >
> >> I think that the main reason is backward
> >> compatibility
> >> and the desire of full security in the flooding
> of
> >> the
> >> LSA.
> >>
> >> From a Cisco Document:
> >>
> >> "Starting in Cisco IOS. 12.0.8, authentication is
> >> supported on a per-interface basis, as mentioned
> in
> >> RFC 2328,
> >> Appendix D. This feature was added in bug
> >> CSCdk33792.
> >> If you are a registered CCO user and you have
> logged
> >> in, you
> >> can view the bug details"
> >>
> >> Previous IOS 12.0.8 it was needed define the
> >> configuration of the authentication in the
> virtual
> >> link. Thats is the reason because I think in
> >> backward
> >> compatibility.
> >>
> >> Any comment would be appreciate.
> >>
> >> > Any takers?
> >> >
> >> > TIA
> >> >
> >> > Paul
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> ________________________________________________
> >> >
> >> > Paul Grey
> >> >
> >> > paul@greyboy.org
> >> >
> >> > This e-mail and any files transmitted with it
> are
> >> > confidential and
> >> > solely for the use of the intended recipient.
> If
> >> you
> >> > are not the
> >> > intended recipient or the person responsible
> for
> >> > delivering it to the
> >> > intended recipient, please be advised that you
> >> have
> >> > received this email
> >> > in error and that any use is strictly
> prohibited.
> >> > Please notify us by
> >> > replying to this mail and advising accordingly.
> >> > Thank you for your
> >> > co-operation.
> >> >
> >>
>
>__________________________________________________________________
> >> > To unsubscribe from the CCIELAB list, send a
> >> message
> >> > to
> >> > majordomo@groupstudy.com with the body
> containing:
> >> > unsubscribe ccielab
> >>
> >>
> >>
> __________________________________________________
> >> Do You Yahoo!?
> >> Yahoo! Finance - Get real-time stock quotes
> >> http://finance.yahoo.com
> >>
>
>__________________________________________________________________
> >> To unsubscribe from the CCIELAB list, send a
> message
> >> to
> >> majordomo@groupstudy.com with the body
> containing:
>
=== message truncated ===

• Next message: Brent Stewart: "ATM Switch Advice Sought"
• Previous message: Kelly Cobean: "Lab Challenge....Routing Loop?"
• Maybe in reply to: frank.yu@japan.bnpparibas.com: "Re: OSPF Virtual Link Authentication"
• Next in thread: frank.yu@japan.bnpparibas.com: "RE: Re[2]: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:45 GMT-3