From: Glenn Johnson (gjcomcast@comcast.net)
Date: Wed Jul 23 2003 - 17:14:45 GMT-3
John,
I'm not sure that I fully understand your scenario, but have you
looked into the possible use of "ip ospf authentication null" ??
ip ospf authentication null
(Optional) No authentication is used. Useful for overriding password or
message-digest authentication if configured for an area.
Source:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r
/iprprt2/1rdospf.htm#1033619
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Smith
Sent: Wednesday, July 23, 2003 3:44 PM
To: ccielab@groupstudy.com
Subject: ospf and link authentication.
Ok I can authenticate any OSPF area with type 1 (cleartext) or type 2 (md5
hash). I can also authenticate my virtual link ...
but lets say I have hub and spoke with 3 routers
R1 is the hub and R2 and R3 are spokes off or R1 (R2 and R3 use R1 to get
to each other, so not full mesh). Lets call this area 0.
Now assume that I don't want area 0 authentication but authentication
between R1 s0 and R3 s0, is there a doc somewhere on this or can anyone
explain the cmds?
If it was area 0 authen, type 2, I'd do this, on all 3 routers gto ensure
same key throught area 0.
R1 - int s0 - ip ospf message-digest-key 1 md5 cisco and then router
ospf 1 area 0 authent message-digest.
So what do I do if I only want to authenticate between R1 s0 and R3 s0?
Next question is lets say I'm not using a virtual-link but a gre tunnel, how
would I authenicate the tunnel?
Regards,
John
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:50 GMT-3