Re: MD5, multipoint and OSPF

From: Matthew Poole (matthew.poole@blueyonder.co.uk)
Date: Wed Apr 23 2003 - 03:47:21 GMT-3

• Next message: Baety Wayne SrA 18 CS/SCBX: "RE: IPSec confusion"
• Previous message: Peter: "Re: Priviledge commands"
• Maybe in reply to: Teck PhrEAk!!: "MD5, multipoint and OSPF"
• Next in thread: Larson, Chris: "RE: MD5, multipoint and OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Sumit,
It doesn't really, you can have multiple subnets within an area ;-)

The key thing with area authentication is that on every router within an
area, including virtual links if area 0 you must have "area x
authentication" and then on the interface you must have the key.

With interface authentication you just enable authentication on the
interface "ip ospf authentication" and then define the key "IP ospf
authentication-key xxxx" - this is only on the interfaces you want
encrypted, i.e. you could have it over a frame cloud, but maybe not on the
virtual links.

One of the "Brian's" posted a very good email on this a while ago, I'm sure
it'll be in the archives.

HTH
----- Original Message -----
From: "Teck PhrEAk!!" <phreakinphunk@hotmail.com>
To: <jhaverkos@columbus.rr.com>; <jhays@jtan.com>; <ccielab@groupstudy.com>
Sent: Wednesday, April 23, 2003 5:00 AM
Subject: RE: MD5, multipoint and OSPF

> "Note however that if interface authentication is used, all router
> interfaces in the same subnet must use the same type of authentication."
>
> This again suggests that OSPF authentication is area-wide authentication.
>
> cheers,
>
> sumit.
>
>
>
>
>
> >From: "Jerry Haverkos" <jhaverkos@columbus.rr.com>
> >Reply-To: "Jerry Haverkos" <jhaverkos@columbus.rr.com>
> >To: "Jonathan V Hays" <jhays@jtan.com>, <ccielab@groupstudy.com>
> >Subject: RE: MD5, multipoint and OSPF
> >Date: Tue, 22 Apr 2003 20:09:50 -0400
> >
> >Note however that if interface authentication is used, all router
> >interfaces
> >in the same subnet must use the same type of authentication.
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Jonathan V Hays
> >Sent: Tuesday, April 22, 2003 4:54 PM
> >To: ccielab@groupstudy.com
> >Subject: RE: MD5, multipoint and OSPF
> >
> >
> >Page 17 of "Cisco OSPF Command and Configuration Handbook" by William
> >Parkhurst:
> >
> >"In Cisco IOS Software Release 12.X, the authentication used on an
> >interface can be different from the authentication enabled for an area.
> >When using Cisco IOS Software Release 12.X, the authentication method
> >used on different interfaces does not need to be the same.
> >Authentication can be turned off on selected interfaces using the
> >command 'ip ospf authentication null' (see Section 19-1)."
> >
> >HTH
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf Of Teck PhrEAk!!
> > > Sent: Tuesday, April 22, 2003 1:52 PM
> > > To: ng-hlong@hn.vnn.vn; ccielab@groupstudy.com
> > > Subject: Re: MD5, multipoint and OSPF
> > >
> > >
> > > hi Jenny,
> > >
> > > Remember,OSPF authentication is area-wide authentication........
> > >
> > > cheers,
> > >
> > > sumit.
> > >
> > >
> > >
> > >
> > > >From: "Nguyen Hoang Long" <ng-hlong@hn.vnn.vn>
> > > >Reply-To: "Nguyen Hoang Long" <ng-hlong@hn.vnn.vn>
> > > >To: <ccielab@groupstudy.com>
> > > >Subject: Re: MD5, multipoint and OSPF
> > > >Date: Tue, 22 Apr 2003 16:47:15 +0700
> > > >
> > > >Impossible, i think .
> > > >
> > > >
> > > >----- Original Message -----
> > > >From: "Jennifer Bellucci" <jennifer_bellucci@hotmail.com>
> > > >To: <ccielab@groupstudy.com>
> > > >Sent: Tuesday, April 22, 2003 2:41 PM
> > > >Subject: MD5, multipoint and OSPF
> > > >
> > > >
> > > > > Hiyah
> > > > >
> > > > > Say we have the net: r1-----r2-----r3. R2 has a multipoint FR int
> > > > > that connects to R1 / R3. All are in the same subnet. Is
> > > it possible
> > > > > to run
> > > >MD5
> > > > > authentication between just R2 and R1 and not between R2 / R3?
> > > > >
> > > > > I was under the illusion that when running OSPF you have
> > > to activate
> > > > > interfaces authentication as well, which means that it will peer
> > > > > with
> > > >the
> > > > > router config for the same auth type but not others, in
> > > the area. In
> > > > > the scenario, if its all in area 0, is it possible?
> > > > >
> > > > > I don't think so, but some of you might be able to bestow
> > > your wise
> > > >wisdom
> > > > > upon thee.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Smile-=-
> > > > > Jennifer B"ll{cci 3
> > > > >
> > > > > Jennifer_bellucci@hotmail.com
> > >
> > >
> > > _________________________________________________________________
> > > Protect your PC - get McAfee.com VirusScan Online
> > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail

• Next message: Baety Wayne SrA 18 CS/SCBX: "RE: IPSec confusion"
• Previous message: Peter: "Re: Priviledge commands"
• Maybe in reply to: Teck PhrEAk!!: "MD5, multipoint and OSPF"
• Next in thread: Larson, Chris: "RE: MD5, multipoint and OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:02 GMT-3