Re: OSFP Message Digest Authentication

From: Jennifer Bellucci (Jennifer_bellucci@hotmail.com)
Date: Tue Nov 12 2002 - 21:22:38 GMT-3

• Next message: tsiartas@ameritech.net: "RE: memory requirments for CBAC"
• Previous message: Keith Foster: "RE: all you guys with 2610's/11's out there"
• Maybe in reply to: Nate Kleven: "OSFP Message Digest Authentication"
• Next in thread: Paglia, John (USPC.PCT.Hopewell): "RE: OSFP Message Digest Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Cisco specify that you can now enable interface or area authentication. If
this is the case then why would you have to enable area authentication to
get interface authentication to work?
Refer to Cisco OSPF Command and Configuration Handbook, page 364.

JBell
----- Original Message -----
From: "Nate Kleven" <cciemail@intellinet.ws>
To: "'Paglia, John (USPC.PCT.Hopewell)'" <JPaglia@NA2.US.ML.com>;
<ccielab@groupstudy.com>
Sent: Tuesday, November 12, 2002 11:17 PM
Subject: RE: OSFP Message Digest Authentication

> I was able to get obtain full adjacency by putting the "area 0
> authentication message-digest" command in on only one side. I then
> performed a "clear ip ospf proc" on both sides to make sure the connection
> could re-establish and it did. That to me would indicate that the "area 0
> authentication message-digest" may not be necessary if you have it in the
> interface.
>
> It is better to be safe than sorry, so I will probably do both on the
test,
> just wanted to let you know what I found.
>
> NK
>
>
> -----Original Message-----
> From: Paglia, John (USPC.PCT.Hopewell) [mailto:JPaglia@NA2.US.ML.com]
> Sent: Tuesday, November 12, 2002 2:00 PM
> To: 'Nate Kleven'; ccielab@groupstudy.com
> Subject: RE: OSFP Message Digest Authentication
>
>
> Ya need to do it to both. If ya don't it'll appear as if it is working,
but
> in reality it will be performing a 'null authentication' which in reality
> isn't authenticating at all.
>
> router ospf xxx
> area 0 auth message-dig
>
> int s0
> ip ospf auth message-dig message-digest-k 1 md5 cisco
>
>
> John
>
> > -----Original Message-----
> > From: Nate Kleven [SMTP:cciemail@intellinet.ws]
> > Sent: Tuesday, November 12, 2002 4:35 PM
> > To: ccielab@groupstudy.com
> > Subject: OSFP Message Digest Authentication
> >
> > Does the interface command "IP OSPF AUTHENTICATION MESSAGE-DIGEST"
> > accomplish the same thing as the OSPF router command "AREA O
> > AUTHENTICATION MESSAGE-DIGEST" ?
> >
> > I was told to setup authentication between two OSPF neighbors and I
> > did it on the interface level rather than under Router OSPF. It seems
> > as though it is working, and a "sh ip ospf int" show authentication in
> > use.
> >
> > Thoughts?
> >
> > __________
> >
> > Nate Kleven
> >
> > Senior Network Engineer, CCNP Voice Access, MCSE
> >
> > Expanets
> >
> > 6020 So 190th ST
> >
> > Kent, WA 98032
> >
> > (206)219.6135
> >
> > "Experienced at Networked Solutions"

• Next message: tsiartas@ameritech.net: "RE: memory requirments for CBAC"
• Previous message: Keith Foster: "RE: all you guys with 2610's/11's out there"
• Maybe in reply to: Nate Kleven: "OSFP Message Digest Authentication"
• Next in thread: Paglia, John (USPC.PCT.Hopewell): "RE: OSFP Message Digest Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:58 GMT-3