From: Hughes, Gordon (Gordon.Hughes@Tricon-Yum.Com)
Date: Tue Feb 18 2003 - 11:47:49 GMT-3
I have run across exactly the same problem, and I don't think the "area
... authentication" command will do the trick. That area command makes
sure that the entire area uses authentication (this would include all
interfaces in the area), which does not solve the requirement.
I grabbed this off of Cisco's site:
To support per-interface authentication type as described in
RFC2178, the following command is added for interface configuration
mode:
ip ospf authentication [message-digest | null]
Cisco added this to 12.0(7.3)
But like Robert says, it doesn't seem to work.
Gordon
-----Original Message-----
From: Jaroslaw Zak [mailto:jaroslawz@hotmail.com]
Sent: Tuesday, February 18, 2003 5:22 AM
To: robert2140@hotmail.com; ccielab@groupstudy.com
Subject: Re: Per-interface authentication OSPF
Hi Robert,
By the look of it your authentication under OSPF is a bit messed up.
Firstly
you need "area ... authentication.." command under OSPF routing process
to
actually enable it. Secondly If you have multipoint interface on your
hub
with configured authentication on it, all spokes "plugged in" via that
subinterface will have to have authentication enabled. In other words
the
spoke with no autentication configured will never talk to the hub with
one
configured (unless it is via different interface on the hub with no auth
configured on it)
Hope this helps
J.
>From: "Robert Massiache" <robert2140@hotmail.com>
>Reply-To: "Robert Massiache" <robert2140@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: Per-interface authentication OSPF
>Date: Tue, 18 Feb 2003 17:43:43 +1100
>
>Hi
>
>I have a question on ospf.
>
>
>Its on OSPF per-interface authentication.
>
>In a hub and spoke frame relay environment, I want do best possible
>authentication betweek hub and only one spoke.
>
>Where as with other spoke I don't need authentication. The
configuration
>below is not satisfying the requirement. Any clue?
>I choosed Type-1 simple password. Even with message digets also i
cann't
>make it work.
>
>Regards
>
>My config with hub is (R2)
>
>interface Serial0.256 multipoint
>ip address 150.50.111.2 255.255.255.0
>ip ospf authentication
>ip ospf authentication-key cisco
>ip ospf priority 250
>frame-relay map ip 150.50.111.5 205 broadcast
>frame-relay map ip 150.50.111.6 206 broadcast
>no frame-relay inverse-arp
>
>router ospf 1
>router-id 150.50.2.2
>log-adjacency-changes
>area 1 virtual-link 150.50.1.1
>network 150.50.2.2 0.0.0.0 area 100
>network 150.50.12.0 0.0.0.3 area 1
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.6
>neighbor 150.50.111.5
>
>first spoke with Authentication R5
>
>interface Serial0
>ip address 150.50.111.5 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication
>ip ospf authentication-key 7 13061E010803
>frame-relay map ip 150.50.111.2 502 broadcast
>frame-relay map ip 150.50.111.6 502 broadcast
>frame-relay lmi-type cisco
>
>router ospf 1
>router-id 150.50.5.5
>log-adjacency-changes
>network 150.50.5.5 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>neighbor 150.50.111.2 priority 250
>
>Second spoke without Auth R6
>
>interface Serial0
>ip address 150.50.111.6 255.255.255.0
>encapsulation frame-relay
>ip ospf authentication null
>ip ospf priority 0
>no fair-queue
>frame-relay map ip 150.50.111.2 602 broadcast
>frame-relay map ip 150.50.111.5 602 broadcast
>no frame-relay inverse-arp
>!
>
>router ospf 1
>router-id 150.50.6.6
>log-adjacency-changes
>network 150.50.6.6 0.0.0.0 area 100
>network 150.50.111.0 0.0.0.255 area 0
>
>_________________________________________________________________
>Hotmail now available on Australian mobile phones. Go to
>http://ninemsn.com.au/mobilecentral/hotmail_mobile.asp
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:27 GMT-3