From: Jonathan V Hays (jhays@jtan.com)
Date: Fri Jul 25 2003 - 15:14:52 GMT-3
Interesting.
I always use key 1 for message-digest and I never use any key at all for
simple authentication - these always seem to work for me.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Friday, July 25, 2003 2:07 PM
To: Group Study; William Lijewski
Subject: Re: Verifying per Interface OSPF authen
Hey Bill,
Thanks for your response.
Using a key of 1 works for simple authentication, but I wasn't able to
get
message-digest authen to work by using 7 instead of 1 as shown below.
Here's what I did:
R2 config:
int s1
ip os authentication message-digest
ip os authentication-key 7 cccie
R3 config
int s1
ip os authentication message-digest
ip os authentication-key 7 ccie
Notice that the passwords are different but R2 still formed an adjacency
with R3. In the output of the sh ip os int s1 on both R2 and R3, it
says
this:
"Message-digest Authentication enabled
No key configured, using default key id 0"
When the passwords on both interfaces was the same, ccie, I got the same
result.
However, after looking through the command guide, I did discover the
proper
way to config per link encrypted password authen. For those people
following this thread, here's the correct way to configure this
int x
ip os authen message-digest
ip os message-digest-key # md5 <password>
These 2 commands must be configured at each end of the link and # and
password, obviously, must be the same. The moral of this story is that
if
you see in the output of sh ip os int x, "No key configured...", you're
using the wrong command. You should be using the "ip os
message-digest-key..." command.
Hopes this helps those who were struggling with this. Raj
----- Original Message -----
From: "William Lijewski" <ccie8642@hotmail.com>
To: <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
Sent: Friday, July 25, 2003 12:22 PM
Subject: Re: Verifying per Interface OSPF authen
> Try using a key of 1 and see what happens.
>
> Bill Lijewski
> CCIE #8642
>
>
> >From: "ccie2be" <ccie2be@nyc.rr.com>
> >Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
> >To: "Group Study" <ccielab@groupstudy.com>
> >Subject: Verifying per Interface OSPF authen
> >Date: Fri, 25 Jul 2003 11:56:48 -0400
> >
> > Hi,
> >
> >It seems that I got per interface authen to work with the following:
> >
> >R2 s1 -- area0 --- s1 R3
> >
> >R2
> >int s1
> >ip os authen
> >ip os authentication-key 0 ccie
> >
> >
> >R3
> >int s1
> >ip os authen
> >ip os authentication-key 0 ccie
> >
> >A show ip os nei on both R2 and R3 shows a Full adjacency but when I
do a
> >"show ip os int s1",
> >it says " Simple authentication enabled" but it also says "no key
> >configured,
> >using default key id 0"
> >
> >What does this mean?
> >
> >When I tried to configure message-digest authen, the same thing
happened.
> >Am
> >I not doing this correctly?
> >
> >Thanks, Raj
> >
> >
>
>_______________________________________________________________________
> >You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:53 GMT-3