Re: OSPF Virtual Link Authentication
From: frank.yu@japan.bnpparibas.com
Date: Fri Sep 06 2002 - 07:57:12 GMT-3
09/06/2002 07:55 Frank Yu
PM
Information Technology
Sankei Bldg, Otemachi
tel : external: +81 3 5290 2291
---------------------------------------------------
To: icenteno2001
cc:
Subject: Re: OSPF Virtual Link Authentication (Document link: Frank Yu)
Ivan,
To enable virtual link authentication you need to enable area 0
authentication. If backbone area and virtual link has different type of
authentication I don't think you can put both "area 0 authentication" and
"area 0 authen me" under one ospf router process.
Just my 2 cents
Frank
Internet
icenteno2001@yahoo.com@groupstudy.com - 09/06/2002 12:21 AM
Please respond to icenteno2001@yahoo.com
Sent by: nobody@groupstudy.com
To: Frank Yu
cc: paul, ccielab
Subject: Re: OSPF Virtual Link Authentication
Frank,
In my understanding the answer is no. Area 1 is just a
transit area, the virtual link encapsulates the LSA
between R2 y R3 ( acting like a real link ). Because
of that Area 1 not even need to have authentication
enable.
Ivan
--- frank.yu@japan.bnpparibas.com wrote:
>
> Paul,
>
> Correct me if I am wrong. When you config a
> diagram as following
>
>
>
R1------------------------------R2--------------------R3-------------
> ospf a0
> ospf a1
> ospf a2
>
> R3 should see route in a0 as intra area route
> other than inter area
> route, so as I understand A0 and A1 should have same
> authentication type
> either plain text or message digest.
>
> Frank
>
>
>
> Internet
> icenteno2001@yahoo.com@groupstudy.com - 09/05/2002
> 12:23 PM
>
>
> Please respond to icenteno2001@yahoo.com
>
> Sent by: nobody@groupstudy.com
>
> To: paul, ccielab
>
> cc:
>
>
> Subject: Re: OSPF Virtual Link Authentication
>
>
> Paul,
>
> I am working in the subject too.
> comments in line.
>
> Ivan
> --- Paul Grey <paul@greyboy.org> wrote:
> > Could someone please clarify for me the exact
> > context that the
> > authentication parameters are used in the OSPF
> > virtual link command:-
> >
> > area 1 virtual-link 1.1.1.1 [authentication |
> > authentication-key]
> >
> > I currently have a config with Area 0 using plain
> > text authentication
> > (password cisco) and Area 1 is using
> message-digest
> > (sanjose).
> >
> > I�ve configured a virtual link across Area 1 to a
> > router tagged to Area
> > 2.
> >
> > Using:-
> >
> > Area 0 authentication
> > Area 1 virtual-link a.b.c.d
> >
> > On the Area 2 router my virtual link comes up.
> >
> > So I�m assuming that the link has come up because
> > the default null
> > string is being used by the virtual-link for
> > authentication. Am I right?
>
> My guess is yes.
> >
> > If I am then why use the parameters in the
> command.
> >
> I think that the main reason is backward
> compatibility
> and the desire of full security in the flooding of
> the
> LSA.
>
> From a Cisco Document:
>
> "Starting in Cisco IOS. 12.0.8, authentication is
> supported on a per-interface basis, as mentioned in
> RFC 2328,
> Appendix D. This feature was added in bug
> CSCdk33792.
> If you are a registered CCO user and you have logged
> in, you
> can view the bug details"
>
> Previous IOS 12.0.8 it was needed define the
> configuration of the authentication in the virtual
> link. Thats is the reason because I think in
> backward
> compatibility.
>
> Any comment would be appreciate.
>
> > Any takers?
> >
> > TIA
> >
> > Paul
> >
> >
> >
> >
> >
> >
> >
> > ________________________________________________
> >
> > Paul Grey
> >
> > paul@greyboy.org
> >
> > This e-mail and any files transmitted with it are
> > confidential and
> > solely for the use of the intended recipient. If
> you
> > are not the
> > intended recipient or the person responsible for
> > delivering it to the
> > intended recipient, please be advised that you
> have
> > received this email
> > in error and that any use is strictly prohibited.
> > Please notify us by
> > replying to this mail and advising accordingly.
> > Thank you for your
> > co-operation.
> >
>
This archive was generated by hypermail 2.1.4
: Mon Oct 07 2002 - 07:43:45 GMT-3