RE: ospf area authentication

From: Brian Dennis (brian@labforge.com)
Date: Wed Jun 18 2003 - 21:55:04 GMT-3

• Next message: Catcat2608@aol.com: "access-lists with established"
• Previous message: Anthony Pace: "Re: Regular expression for my neighbors neighbors"
• Maybe in reply to: Nathan Chessin: "ospf area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As a side note you do not have to actually add the "string" to the
virtual link. As long as the authentication types match the virtual link
will come up.

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph Rinehart
Sent: Wednesday, June 18, 2003 2:35 PM
To: ccielab@groupstudy.com
Subject: Re: ospf area authentication

amen to that, I have run into this a couple of times when fiddling
around
with virtual links and authentication. it was amazing the magic that
happened "all of a sudden" when I added the "area 0 authentication"
command
(and added the strin to the virtual link command)
----- Original Message -----
From: "Brian Dennis" <brian@labforge.com>
To: "'Nathan Chessin'" <nchessin@cisco.com>; <ccielab@groupstudy.com>
Sent: Wednesday, June 18, 2003 1:30 PM
Subject: RE: ospf area authentication

> The virtual link will use the authentication type configured for area
0
> and not the transit area. You can of course override the area
> authentication for the virtual link just like you can with an
interface.
>
> Also the "area X authentication" command is just setting the
> authentication type for the area. It doesn't actually authenticate.
You
> need to apply the authentication key under the interface. Also as you
> stated you can override the authentication configured with the "area X
> authentication" command by using the "ip ospf authentication <null |
> message-digest>" interface command.
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Nathan Chessin
> Sent: Wednesday, June 18, 2003 12:19 PM
> To: ccielab@groupstudy.com
> Subject: ospf area authentication
>
> Hi All.
>
> When configuring area authentication in OSPF, it looks to me like
> interfaces
> that are put in that area are inheriting the authentication by
default.
>
> For instance, if I have simple authentication in area 245 enabled, and
I
> have a bri interface in that area, it will inherit the simple
> authentication
> parameters even though I don't explicitly state "ip ospf
authentication"
> or
> "ip ospf authentication-key xxxxx"
>
> Is this correct thinking and correct behavior. Oh, and I do have a
> virtual
> link transiting area 245 with simple authentication as well.
>
> Any help?
>
> Thanks,
>
> Nate
>
>
>

• Next message: Catcat2608@aol.com: "access-lists with established"
• Previous message: Anthony Pace: "Re: Regular expression for my neighbors neighbors"
• Maybe in reply to: Nathan Chessin: "ospf area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:00 GMT-3