RE: ospf and link authentication.

From: John Smith (c00per_omers1@yahoo.com)
Date: Thu Jul 24 2003 - 00:12:41 GMT-3

• Next message: wing_lam@jossynergy.com: "Re: 7500 RSP image"
• Previous message: Tim Fletcher: "RE: Point-to-point T1 clock source"
• Maybe in reply to: John Smith: "ospf and link authentication."
• Next in thread: GokhanS@koc.net: "RE: ospf and link authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joe,
 
Many Thanks, I'm going to try this tomorrow in my lab and also see if it works on physical or subinterface as was suggested as well.
 
Regards...

Joe Martin <jmartin@capitalpremium.net> wrote:
John,

This appears to be a typical link authentication. You did not specify that
you wanted r1 to authenticate with r2, though. However, this is assumed as
it is not possible to configure ospf auth to one router on a link and not
the other.

R1 config

int s0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco

R3 (and R2) config

int s0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco

No need to configure authentication for the area, as this is just
authentication for the link. The only way that you could configure
authentication to r3 and not r2 would be to have two separate ptp links on
r1.

As far as authenticating ospf on the tunnel, it would be the same. Just
issue the two commands listed above on the tunnel intf.

HTH,

Joe Martin

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
John Smith
Sent: July 23, 2003 1:44 PM
To: ccielab@groupstudy.com
Subject: ospf and link authentication.

Ok I can authenticate any OSPF area with type 1 (cleartext) or type 2 (md5
hash). I can also authenticate my virtual link ...

but lets say I have hub and spoke with 3 routers

R1 is the hub and R2 and R3 are spokes off or R1 (R2 and R3 use R1 to get
to each other, so not full mesh). Lets call this area 0.

Now assume that I don't want area 0 authentication but authentication
between R1 s0 and R3 s0, is there a doc somewhere on this or can anyone
explain the cmds?

If it was area 0 authen, type 2, I'd do this, on all 3 routers gto ensure
same key throught area 0.

R1 - int s0 - ip ospf message-digest-key 1 md5 cisco and then router
ospf 1 area 0 authent message-digest.

So what do I do if I only want to authenticate between R1 s0 and R3 s0?

Next question is lets say I'm not using a virtual-link but a gre tunnel, how
would I authenicate the tunnel?

Regards,

John

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

• Next message: wing_lam@jossynergy.com: "Re: 7500 RSP image"
• Previous message: Tim Fletcher: "RE: Point-to-point T1 clock source"
• Maybe in reply to: John Smith: "ospf and link authentication."
• Next in thread: GokhanS@koc.net: "RE: ospf and link authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:51 GMT-3