From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Tue Feb 18 2003 - 12:06:20 GMT-3
Robert
For OSPF authentication
You can OSPF authenticate on an interface without any statements in the
'ospf router' config just like you've done -- however, all routers that
share the same subnet must use the same type of OSPF authentication. (none,
level 1 or level 2.)
Since all 3 routers are in subnet ip address 150.50.111.0/24, the serial
interface in this subnet must all participate (or not participate) in OSPF
authentication.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jaroslaw Zak
Sent: Tuesday, February 18, 2003 6:22 AM
To: robert2140@hotmail.com; ccielab@groupstudy.com
Subject: Re: Per-interface authentication OSPF
Hi Robert,
By the look of it your authentication under OSPF is a bit messed up. Firstly
you need "area ... authentication.." command under OSPF routing process to
actually enable it. Secondly If you have multipoint interface on your hub
with configured authentication on it, all spokes "plugged in" via that
subinterface will have to have authentication enabled. In other words the
spoke with no autentication configured will never talk to the hub with one
configured (unless it is via different interface on the hub with no auth
configured on it)
Hope this helps
J.
>From: "Robert Massiache" <robert2140@hotmail.com>
>Reply-To: "Robert Massiache" <robert2140@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: Per-interface authentication OSPF
>Date: Tue, 18 Feb 2003 17:43:43 +1100
>
>Hi
>
>I have a question on ospf.
>
>
>Its on OSPF per-interface authentication.
>
>In a hub and spoke frame relay environment, I want do best possible
>authentication betweek hub and only one spoke.
>
>Where as with other spoke I don't need authentication. The configuration
>below is not satisfying the requirement. Any clue?
>I choosed Type-1 simple password. Even with message digets also i cann't
>make it work.
>
>Regards
>
>My config with hub is (R2)
>
>interface Serial0.256 multipoint
>ip address 150.50.111.2 255.255.255.0
>ip ospf authentication
>ip ospf authentication-key cisco
>ip ospf priority 250
>frame-relay map ip 150.50.111.5 205 broadcast
>frame-relay map ip 150.50.111.6 206 broadcast
>no frame-relay inverse-arp
>
>router ospf 1
>router-id 150.50.2.2
>log-adjacency-changes
>area 1 virtual-link 150.50.1.1
>network 150.50.2.2 0.0.0.0 area 100
>network 150.50.12.0 0.0.0.3 area 1
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.6
>neighbor 150.50.111.5
>
>first spoke with Authentication R5
>
>interface Serial0
>ip address 150.50.111.5 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication
>ip ospf authentication-key 7 13061E010803
>frame-relay map ip 150.50.111.2 502 broadcast
>frame-relay map ip 150.50.111.6 502 broadcast
>frame-relay lmi-type cisco
>
>router ospf 1
>router-id 150.50.5.5
>log-adjacency-changes
>network 150.50.5.5 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.2 priority 250
>
>Second spoke without Auth R6
>
>interface Serial0
>ip address 150.50.111.6 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication null
>ip ospf priority 0
>no fair-queue
>frame-relay map ip 150.50.111.2 602 broadcast
>frame-relay map ip 150.50.111.5 602 broadcast
>no frame-relay inverse-arp
>!
>
>router ospf 1
>router-id 150.50.6.6
>log-adjacency-changes
>network 150.50.6.6 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>
>_________________________________________________________________
>Hotmail now available on Australian mobile phones. Go to
>http://ninemsn.com.au/mobilecentral/hotmail_mobile.asp
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:26 GMT-3