From: Nate Kleven (cciemail@intellinet.ws)
Date: Tue Nov 12 2002 - 20:17:27 GMT-3
I was able to get obtain full adjacency by putting the "area 0
authentication message-digest" command in on only one side. I then
performed a "clear ip ospf proc" on both sides to make sure the connection
could re-establish and it did. That to me would indicate that the "area 0
authentication message-digest" may not be necessary if you have it in the
interface.
It is better to be safe than sorry, so I will probably do both on the test,
just wanted to let you know what I found.
NK
-----Original Message-----
From: Paglia, John (USPC.PCT.Hopewell) [mailto:JPaglia@NA2.US.ML.com]
Sent: Tuesday, November 12, 2002 2:00 PM
To: 'Nate Kleven'; ccielab@groupstudy.com
Subject: RE: OSFP Message Digest Authentication
Ya need to do it to both. If ya don't it'll appear as if it is working, but
in reality it will be performing a 'null authentication' which in reality
isn't authenticating at all.
router ospf xxx
area 0 auth message-dig
int s0
ip ospf auth message-dig message-digest-k 1 md5 cisco
John
> -----Original Message-----
> From: Nate Kleven [SMTP:cciemail@intellinet.ws]
> Sent: Tuesday, November 12, 2002 4:35 PM
> To: ccielab@groupstudy.com
> Subject: OSFP Message Digest Authentication
>
> Does the interface command "IP OSPF AUTHENTICATION MESSAGE-DIGEST"
> accomplish the same thing as the OSPF router command "AREA O
> AUTHENTICATION MESSAGE-DIGEST" ?
>
> I was told to setup authentication between two OSPF neighbors and I
> did it on the interface level rather than under Router OSPF. It seems
> as though it is working, and a "sh ip ospf int" show authentication in
> use.
>
> Thoughts?
>
> __________
>
> Nate Kleven
>
> Senior Network Engineer, CCNP Voice Access, MCSE
>
> Expanets
>
> 6020 So 190th ST
>
> Kent, WA 98032
>
> (206)219.6135
>
> "Experienced at Networked Solutions"
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:57 GMT-3