Re: ospf area authentication

From: Joseph Rinehart (jjrinehart@hotmail.com)
Date: Wed Jun 18 2003 - 18:34:59 GMT-3

• Next message: Howard C. Berkowitz: "Re: ? Layer1 capablity?Again)"
• Previous message: Snow, Tim: "RE: CAT3550:dot1x command"
• Maybe in reply to: Nathan Chessin: "ospf area authentication"
• Next in thread: Brian Dennis: "RE: ospf area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

amen to that, I have run into this a couple of times when fiddling around
with virtual links and authentication. it was amazing the magic that
happened "all of a sudden" when I added the "area 0 authentication" command
(and added the strin to the virtual link command)
----- Original Message -----
From: "Brian Dennis" <brian@labforge.com>
To: "'Nathan Chessin'" <nchessin@cisco.com>; <ccielab@groupstudy.com>
Sent: Wednesday, June 18, 2003 1:30 PM
Subject: RE: ospf area authentication

> The virtual link will use the authentication type configured for area 0
> and not the transit area. You can of course override the area
> authentication for the virtual link just like you can with an interface.
>
> Also the "area X authentication" command is just setting the
> authentication type for the area. It doesn't actually authenticate. You
> need to apply the authentication key under the interface. Also as you
> stated you can override the authentication configured with the "area X
> authentication" command by using the "ip ospf authentication <null |
> message-digest>" interface command.
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Nathan Chessin
> Sent: Wednesday, June 18, 2003 12:19 PM
> To: ccielab@groupstudy.com
> Subject: ospf area authentication
>
> Hi All.
>
> When configuring area authentication in OSPF, it looks to me like
> interfaces
> that are put in that area are inheriting the authentication by default.
>
> For instance, if I have simple authentication in area 245 enabled, and I
> have a bri interface in that area, it will inherit the simple
> authentication
> parameters even though I don't explicitly state "ip ospf authentication"
> or
> "ip ospf authentication-key xxxxx"
>
> Is this correct thinking and correct behavior. Oh, and I do have a
> virtual
> link transiting area 245 with simple authentication as well.
>
> Any help?
>
> Thanks,
>
> Nate
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Howard C. Berkowitz: "Re: ? Layer1 capablity?Again)"
• Previous message: Snow, Tim: "RE: CAT3550:dot1x command"
• Maybe in reply to: Nathan Chessin: "ospf area authentication"
• Next in thread: Brian Dennis: "RE: ospf area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:00 GMT-3