From: Khalid A. Kaseb (khalid_ameen@rayaintegration.com)
Date: Wed Feb 19 2003 - 10:09:27 GMT-3
Take care while using those command and try to not use key #1 , start
from 2 or more, key 1 is some times cause a problems in the
authentication especially over ISDN links (Point to point links), I
faced this in my lab
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bob Rech
Sent: Tuesday, February 18, 2003 7:24 PM
To: Hughes, Gordon; Jaroslaw Zak; robert2140@hotmail.com;
ccielab@groupstudy.com
Subject: Re: Per-interface authentication OSPF
on each interface using authentication you need 2 cmds
to use md5
ip ospf authentication message-digest
ip ospf message-digest <key ID> md5 <Encyrpt type cn be left out> <ospf
key
password>
example : ip ospf message-digest 1 md5 cisco
if you setup one router with these on a pt-pt interface you will see the
OSPF adj fail then set tit up on the other side
and you'll see it form again.
----- Original Message -----
From: "Hughes, Gordon" <Gordon.Hughes@Tricon-Yum.Com>
To: "Jaroslaw Zak" <jaroslawz@hotmail.com>; <robert2140@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Tuesday, February 18, 2003 8:47 AM
Subject: RE: Per-interface authentication OSPF
> I have run across exactly the same problem, and I don't think the
"area
> ... authentication" command will do the trick. That area command
makes
> sure that the entire area uses authentication (this would include all
> interfaces in the area), which does not solve the requirement.
>
> I grabbed this off of Cisco's site:
>
> To support per-interface authentication type as described in
> RFC2178, the following command is added for interface configuration
> mode:
> ip ospf authentication [message-digest | null]
>
> Cisco added this to 12.0(7.3)
>
> But like Robert says, it doesn't seem to work.
>
> Gordon
>
>
> -----Original Message-----
> From: Jaroslaw Zak [mailto:jaroslawz@hotmail.com]
> Sent: Tuesday, February 18, 2003 5:22 AM
> To: robert2140@hotmail.com; ccielab@groupstudy.com
> Subject: Re: Per-interface authentication OSPF
>
> Hi Robert,
>
> By the look of it your authentication under OSPF is a bit messed up.
> Firstly
> you need "area ... authentication.." command under OSPF routing
process
> to
> actually enable it. Secondly If you have multipoint interface on your
> hub
> with configured authentication on it, all spokes "plugged in" via that
> subinterface will have to have authentication enabled. In other words
> the
> spoke with no autentication configured will never talk to the hub with
> one
> configured (unless it is via different interface on the hub with no
auth
>
> configured on it)
>
> Hope this helps
> J.
>
>
>
>
>
> >From: "Robert Massiache" <robert2140@hotmail.com>
> >Reply-To: "Robert Massiache" <robert2140@hotmail.com>
> >To: ccielab@groupstudy.com
> >Subject: Per-interface authentication OSPF
> >Date: Tue, 18 Feb 2003 17:43:43 +1100
> >
> >Hi
> >
> >I have a question on ospf.
> >
> >
> >Its on OSPF per-interface authentication.
> >
> >In a hub and spoke frame relay environment, I want do best possible
> >authentication betweek hub and only one spoke.
> >
> >Where as with other spoke I don't need authentication. The
> configuration
> >below is not satisfying the requirement. Any clue?
> >I choosed Type-1 simple password. Even with message digets also i
> cann't
> >make it work.
> >
> >Regards
> >
> >My config with hub is (R2)
> >
> >interface Serial0.256 multipoint
> >ip address 150.50.111.2 255.255.255.0
> >ip ospf authentication
> >ip ospf authentication-key cisco
> >ip ospf priority 250
> >frame-relay map ip 150.50.111.5 205 broadcast
> >frame-relay map ip 150.50.111.6 206 broadcast
> >no frame-relay inverse-arp
> >
> >router ospf 1
> >router-id 150.50.2.2
> >log-adjacency-changes
> >area 1 virtual-link 150.50.1.1
> >network 150.50.2.2 0.0.0.0 area 100
> >network 150.50.12.0 0.0.0.3 area 1
> >network 150.50.111.0 0.0.0.255 area 0
> >neighbor 150.50.111.6
> >neighbor 150.50.111.5
> >
> >first spoke with Authentication R5
> >
> >interface Serial0
> >ip address 150.50.111.5 255.255.255.0
> >encapsulation frame-relay
> >ip ospf authentication
> >ip ospf authentication-key 7 13061E010803
> >frame-relay map ip 150.50.111.2 502 broadcast
> >frame-relay map ip 150.50.111.6 502 broadcast
> >frame-relay lmi-type cisco
> >
> >router ospf 1
> >router-id 150.50.5.5
> >log-adjacency-changes
> >network 150.50.5.5 0.0.0.0 area 100
> >network 150.50.111.0 0.0.0.255 area 0
> >neighbor 150.50.111.2 priority 250
> >
> >Second spoke without Auth R6
> >
> >interface Serial0
> >ip address 150.50.111.6 255.255.255.0
> >encapsulation frame-relay
> >ip ospf authentication null
> >ip ospf priority 0
> >no fair-queue
> >frame-relay map ip 150.50.111.2 602 broadcast
> >frame-relay map ip 150.50.111.5 602 broadcast
> >no frame-relay inverse-arp
> >!
> >
> >router ospf 1
> >router-id 150.50.6.6
> >log-adjacency-changes
> >network 150.50.6.6 0.0.0.0 area 100
> >network 150.50.111.0 0.0.0.255 area 0
> >
> >_________________________________________________________________
> >Hotmail now available on Australian mobile phones. Go to
> >http://ninemsn.com.au/mobilecentral/hotmail_mobile.asp
>
>
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> This communication is confidential and may be legally privileged. If
you
are not the intended recipient, (i) please do not read or disclose to
others, (ii) please notify the sender by reply mail, and (iii) please
delete
this communication from your system. Failure to follow this process may
be
unlawful. Thank you for your cooperation.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:31 GMT-3