RE: Re[2]: OSPF Virtual Link Authentication
From: frank.yu@japan.bnpparibas.com
Date: Fri Sep 06 2002 - 08:04:26 GMT-3
Jim
Check this link out.
http://www.cisco.com/warp/public/104/27.html
Frank
Internet
Jim.Brown@caselogic.com@groupstudy.com - 09/06/2002 07:55 AM
Please respond to Jim.Brown@caselogic.com
Sent by: nobody@groupstudy.com
To: syv, icenteno2001
cc: ccielab
Subject: RE: Re[2]: OSPF Virtual Link Authentication
I think you can enable per interface authentication with virtual links
without enabling authentication in area 0.
I pretty sure on this, but I don't want to state it as fact since I've
already been wrong on one post this week.
-----Original Message-----
From: syv [mailto:syv@911networks.com]
Sent: Thursday, September 05, 2002 4:48 PM
To: Ivan Centeno
Cc: ccielab@groupstudy.com
Subject: Re[2]: OSPF Virtual Link Authentication
On Thursday, September 05, 2002, Ivan Centeno wrote:
I just had a similar scenario last week:
Area 0 was authenticated MD5. Here is the code from the
listing:
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
area 0 authentication message-digest
area 126 virtual-link 6.6.6.6 message-digest-key 1 md5 cisco
I remembered reading somewhere that the far-end router is
logically attached to area 0 through the virtual-link.
-----Original Message-----
IC> Frank,
IC> In my understanding the answer is no. Area 1 is just a
IC> transit area, the virtual link encapsulates the LSA
IC> between R2 y R3 ( acting like a real link ). Because
IC> of that Area 1 not even need to have authentication
IC> enable.
IC> Ivan
IC> --- frank.yu@japan.bnpparibas.com wrote:
>>
>> Paul,
>>
>> Correct me if I am wrong. When you config a
>> diagram as following
>>
>>
>>
IC> R1------------------------------R2--------------------R3-------------
>> ospf a0
>> ospf a1
>> ospf a2
>>
>> R3 should see route in a0 as intra area route
>> other than inter area
>> route, so as I understand A0 and A1 should have same
>> authentication type
>> either plain text or message digest.
>>
>> Frank
>>
>>
>>
>> Internet
>> icenteno2001@yahoo.com@groupstudy.com - 09/05/2002
>> 12:23 PM
>>
>>
>> Please respond to icenteno2001@yahoo.com
>>
>> Sent by: nobody@groupstudy.com
>>
>> To: paul, ccielab
>>
>> cc:
>>
>>
>> Subject: Re: OSPF Virtual Link Authentication
>>
>>
>> Paul,
>>
>> I am working in the subject too.
>> comments in line.
>>
>> Ivan
>> --- Paul Grey <paul@greyboy.org> wrote:
>> > Could someone please clarify for me the exact
>> > context that the
>> > authentication parameters are used in the OSPF
>> > virtual link command:-
>> >
>> > area 1 virtual-link 1.1.1.1 [authentication |
>> > authentication-key]
>> >
>> > I currently have a config with Area 0 using plain
>> > text authentication
>> > (password cisco) and Area 1 is using
>> message-digest
>> > (sanjose).
>> >
>> > I�ve configured a virtual link across Area 1 to a
>> > router tagged to Area
>> > 2.
>> >
>> > Using:-
>> >
>> > Area 0 authentication
>> > Area 1 virtual-link a.b.c.d
>> >
>> > On the Area 2 router my virtual link comes up.
>> >
>> > So I�m assuming that the link has come up because
>> > the default null
>> > string is being used by the virtual-link for
>> > authentication. Am I right?
>>
>> My guess is yes.
>> >
>> > If I am then why use the parameters in the
>> command.
>> >
>> I think that the main reason is backward
>> compatibility
>> and the desire of full security in the flooding of
>> the
>> LSA.
>>
>> From a Cisco Document:
>>
>> "Starting in Cisco IOS. 12.0.8, authentication is
>> supported on a per-interface basis, as mentioned in
>> RFC 2328,
>> Appendix D. This feature was added in bug
>> CSCdk33792.
>> If you are a registered CCO user and you have logged
>> in, you
>> can view the bug details"
>>
>> Previous IOS 12.0.8 it was needed define the
>> configuration of the authentication in the virtual
>> link. Thats is the reason because I think in
>> backward
>> compatibility.
>>
>> Any comment would be appreciate.
>>
>> > Any takers?
>> >
>> > TIA
>> >
>> > Paul
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > ________________________________________________
>> >
>> > Paul Grey
>> >
>> > paul@greyboy.org
>> >
>> > This e-mail and any files transmitted with it are
>> > confidential and
>> > solely for the use of the intended recipient. If
>> you
>> > are not the
>> > intended recipient or the person responsible for
>> > delivering it to the
>> > intended recipient, please be advised that you
>> have
>> > received this email
>> > in error and that any use is strictly prohibited.
>> > Please notify us by
>> > replying to this mail and advising accordingly.
>> > Thank you for your
>> > co-operation.
>> >
>>
IC> __________________________________________________________________
>> > To unsubscribe from the CCIELAB list, send a
>> message
>> > to
>> > majordomo@groupstudy.com with the body containing:
>> > unsubscribe ccielab
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Yahoo! Finance - Get real-time stock quotes
>> http://finance.yahoo.com
>>
IC> __________________________________________________________________
>> To unsubscribe from the CCIELAB list, send a message
>> to
>> majordomo@groupstudy.com with the body containing:
>> unsubscribe ccielab
>>
>>
>>
>>
>>
>> This message and any attachments (the "message") is
>> intended solely for the addressees and is
>> confidential.
>> If you receive this message in error, please delete
>> it and
>> immediately notify the sender. Any use not in accord
>> with
>> its purpose, any dissemination or disclosure, either
>> whole
>> or partial, is prohibited except formal approval.
>> The internet
>> can not guarantee the integrity of this message.
>> BNP PARIBAS (and its subsidiaries) shall (will) not
>> therefore be liable for the message if modified.
>>
>>
>> ---------------------------------------------
>>
>> Ce message et toutes les pieces jointes (ci-apres le
>>
>> "message") sont etablis a l'intention exclusive de
>> ses
>> destinataires et sont confidentiels. Si vous recevez
>> ce
>> message par erreur, merci de le detruire et d'en
>> avertir
>> immediatement l'expediteur. Toute utilisation de ce
>> message non conforme a sa destination, toute
>> diffusion
>> ou toute publication, totale ou partielle, est
>> interdite, sauf
>> autorisation expresse. L'internet ne permettant pas
>> d'assurer l'integrite de ce message, BNP PARIBAS (et
>> ses
>> filiales) decline(nt) toute responsabilite au titre
>> de ce
>> message, dans l'hypothese ou il aurait ete modifie.
>>
IC> __________________________________________________
IC> Do You Yahoo!?
IC> Yahoo! Finance - Get real-time stock quotes
IC> http://finance.yahoo.com
Thanks
----
syv@911networks.com
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
This archive was generated by hypermail 2.1.4
: Mon Oct 07 2002 - 07:43:45 GMT-3