Re: Per-interface authentication OSPF

From: Jaroslaw Zak (jaroslawz@hotmail.com)
Date: Tue Feb 18 2003 - 08:22:04 GMT-3

• Next message: Jaroslaw Zak: "Re: router's default gateway"
• Previous message: Herve Bruyere: "Re: Technical Tips"
• Maybe in reply to: Robert Massiache: "Per-interface authentication OSPF"
• Next in thread: OhioHondo: "RE: Per-interface authentication OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Robert,

By the look of it your authentication under OSPF is a bit messed up. Firstly
you need "area ... authentication.." command under OSPF routing process to
actually enable it. Secondly If you have multipoint interface on your hub
with configured authentication on it, all spokes "plugged in" via that
subinterface will have to have authentication enabled. In other words the
spoke with no autentication configured will never talk to the hub with one
configured (unless it is via different interface on the hub with no auth
configured on it)

Hope this helps
J.

>From: "Robert Massiache" <robert2140@hotmail.com>
>Reply-To: "Robert Massiache" <robert2140@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: Per-interface authentication OSPF
>Date: Tue, 18 Feb 2003 17:43:43 +1100
>
>Hi
>
>I have a question on ospf.
>
>
>Its on OSPF per-interface authentication.
>
>In a hub and spoke frame relay environment, I want do best possible
>authentication betweek hub and only one spoke.
>
>Where as with other spoke I don't need authentication. The configuration
>below is not satisfying the requirement. Any clue?
>I choosed Type-1 simple password. Even with message digets also i cann't
>make it work.
>
>Regards
>
>My config with hub is (R2)
>
>interface Serial0.256 multipoint
>ip address 150.50.111.2 255.255.255.0
>ip ospf authentication
>ip ospf authentication-key cisco
>ip ospf priority 250
>frame-relay map ip 150.50.111.5 205 broadcast
>frame-relay map ip 150.50.111.6 206 broadcast
>no frame-relay inverse-arp
>
>router ospf 1
>router-id 150.50.2.2
>log-adjacency-changes
>area 1 virtual-link 150.50.1.1
>network 150.50.2.2 0.0.0.0 area 100
>network 150.50.12.0 0.0.0.3 area 1
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.6
>neighbor 150.50.111.5
>
>first spoke with Authentication R5
>
>interface Serial0
>ip address 150.50.111.5 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication
>ip ospf authentication-key 7 13061E010803
>frame-relay map ip 150.50.111.2 502 broadcast
>frame-relay map ip 150.50.111.6 502 broadcast
>frame-relay lmi-type cisco
>
>router ospf 1
>router-id 150.50.5.5
>log-adjacency-changes
>network 150.50.5.5 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.2 priority 250
>
>Second spoke without Auth R6
>
>interface Serial0
>ip address 150.50.111.6 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication null
>ip ospf priority 0
>no fair-queue
>frame-relay map ip 150.50.111.2 602 broadcast
>frame-relay map ip 150.50.111.5 602 broadcast
>no frame-relay inverse-arp
>!
>
>router ospf 1
>router-id 150.50.6.6
>log-adjacency-changes
>network 150.50.6.6 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>
>_________________________________________________________________
>Hotmail now available on Australian mobile phones. Go to
>http://ninemsn.com.au/mobilecentral/hotmail_mobile.asp

• Next message: Jaroslaw Zak: "Re: router's default gateway"
• Previous message: Herve Bruyere: "Re: Technical Tips"
• Maybe in reply to: Robert Massiache: "Per-interface authentication OSPF"
• Next in thread: OhioHondo: "RE: Per-interface authentication OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:26 GMT-3