RE: ospf and link authentication.

From: GokhanS@koc.net
Date: Thu Jul 24 2003 - 05:06:25 GMT-3

• Next message: George Yiannibas: "RE: eigrp distance for external routes"
• Previous message: Kurt Kruegel: "Re: Cat3550's Voice Vlan Question.."
• Maybe in reply to: John Smith: "ospf and link authentication."
• Next in thread: Rivalino YMT.: "Re: ospf and link authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I guess tunnelling from hub to each spoke may work as well for different keys or passwords.

Regards
Gokhan

-----Original Message-----
From: MMoniz [mailto:ccie2002@tampabay.rr.com]
Sent: Thursday, July 24, 2003 3:47 AM
To: asadovnikov; 'ccie2be'; 'Group Study'; 'John Smith'
Subject: RE: ospf and link authentication.

Well, also on interface authentication, if it is a hub and spoke like mentioned there is no way to only authenticate one spoke to the hub, unless you have seperate sub interfaces to each spoke.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of asadovnikov
Sent: Wednesday, July 23, 2003 8:02 PM
To: 'ccie2be'; 'Group Study'; 'John Smith'
Subject: RE: ospf and link authentication.

I trust in 12.1T the authentication can be changed on interface level. Raj statement is true for 12.0 though.

Best regards,
Alexei

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of ccie2be
Sent: Wednesday, July 23, 2003 4:20 PM
To: Group Study; John Smith
Subject: Re: ospf and link authentication.

Hey John,

The way I understand it, OSPF authen is on area basis which means that you can't authen some links in an area but not others - if authen is turned on for an area then all links must have authen. If I'm not 100% correct about this, please somebody set me straight right away. Raj

----- Original Message -----
From: "John Smith" <c00per_omers1@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, July 23, 2003 3:44 PM
Subject: ospf and link authentication.

> Ok I can authenticate any OSPF area with type 1 (cleartext) or type 2
> (md5
hash). I can also authenticate my virtual link ...
>
> but lets say I have hub and spoke with 3 routers
>
> R1 is the hub and R2 and R3 are spokes off or R1 (R2 and R3 use R1 to
> get
to each other, so not full mesh). Lets call this area 0.
>
> Now assume that I don't want area 0 authentication but authentication
between R1 s0 and R3 s0, is there a doc somewhere on this or can anyone explain the cmds?
>
> If it was area 0 authen, type 2, I'd do this, on all 3 routers gto
> ensure
same key throught area 0.
>
> R1 - int s0 - ip ospf message-digest-key 1 md5 cisco and then router
ospf 1 area 0 authent message-digest.
>
> So what do I do if I only want to authenticate between R1 s0 and R3
> s0?
>
>
> Next question is lets say I'm not using a virtual-link but a gre
> tunnel,
how would I authenicate the tunnel?
>
>
>
> Regards,
>
>
>
> John
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
>
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: George Yiannibas: "RE: eigrp distance for external routes"
• Previous message: Kurt Kruegel: "Re: Cat3550's Voice Vlan Question.."
• Maybe in reply to: John Smith: "ospf and link authentication."
• Next in thread: Rivalino YMT.: "Re: ospf and link authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:51 GMT-3