RE: Per Interface Authen in OSPF

From: Jung, Jin (jin.jung@lmco.com)
Date: Fri Jul 25 2003 - 11:50:13 GMT-3

• Next message: Joe Martin: "RE: DLSW shutting down ports. Help."
• Previous message: ccie2be: "Unexpected ospf authentication behavior"
• Maybe in reply to: ccie2be: "Per Interface Authen in OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So you have no authencation on area 0
But only on this sub-interface?

I mean, lets say you have point-to-multipoint
R11 Ser 0/1.1 - hub
And have say r14 and r15 on this interface. - spoke
And they are all on area 0
You need to enable authencation only between r11 and r14 not on r15.

And this works with below config???
If so, Can you post full config?

Thanks

Jin jung...

-----Original Message-----
From: R&S Groupstudy [mailto:rsg@synergy-networking.co.uk]
Sent: Friday, July 25, 2003 8:34 AM
To: Group Study; 'ccie2be'
Subject: RE: Per Interface Authen in OSPF

thins looks ok to me

restart the ospf process on both routers, clear ip ospf process....

on my router:
interface FastEthernet1/0.254
 description 192lan
 encapsulation dot1Q 254
 ip address 192.168.200.2 255.255.255.0
 ip access-group 100 in
 ip ospf authentication
 ip ospf authentication-key ccie
!
adam_3600#show run | beg ospf 4000
router ospf 4000
 log-adjacency-changes
 network 192.168.200.2 0.0.0.0 area 0
!
adam_3600#show ip ospf int fast 1/0.254
FastEthernet1/0.254 is up, line protocol is up
  Internet Address 192.168.200.2/24, Area 0
  Process ID 4000, Router ID 192.168.200.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 192.168.200.2, Interface address 192.168.200.2
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:02
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

> ----------
> From: ccie2be[SMTP:ccie2be@nyc.rr.com]
> Reply To: ccie2be
> Sent: Friday, July 25, 2003 1:02 PM
> To: Group Study
> Subject: Per Interface Authen in OSPF
>
> Hi,
>
> I tried to get per link authen to work but didn't succeed. ( Until I
> read Brian Dennis's post I didn't know per link authen was even
> possible)
>
> I looked at Cisco OSPF's support page but couldn't find any sample
> config's so I tried the following approach: Don't use the "area x
> authen" under router
> ospf, instead do the following
>
>
> R1 s0 ---- s0 R2
>
> R1 config
>
> int s0
>
> ip addr x.x.x.1 m.m.m.m
> ip os authen
> ip os authentication-key 0 ccie
>
> router ospf 1
> net x.x.x.0 0.0.0.255 area 0
>
>
> R2 config
>
> int s0
>
> ip addr x.x.x.2 m.m.m.m
> ip os authen
> ip os authentication-key 0 ccie
>
> router ospf 1
> net x.x.x.0 0.0.0.255 area 0
>
> This didn't work even though both routers are running IOS 12.1.
>
> Anybody see what's wrong with this config? Thanks, Raj
>
>
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joe Martin: "RE: DLSW shutting down ports. Help."
• Previous message: ccie2be: "Unexpected ospf authentication behavior"
• Maybe in reply to: ccie2be: "Per Interface Authen in OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:52 GMT-3