From: Jonathan V Hays (jhays@jtan.com)
Date: Fri Jul 25 2003 - 18:18:57 GMT-3
Yes. It will work that way also. The type of authentication on the link
can be configured independently of area authentication type, regardless
of the type either on the link or in the area.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Friday, July 25, 2003 4:15 PM
To: Group Study; Jonathan V Hays
Subject: Re: Unexpected ospf authentication behavior
Hey Jonathan,
I never thought of that. But, I'm glad you pointed it out. That's
kinda
cool and something I wouldn't put pass Cisco from having on the lab.
Any chance you tried it in reverse. In other words, now that we know
that
if the area is configured for encrypted password authen, it's possible
to
enable clear text password authen on particular links in that same area,
can
we config the area for clear text password authen and use encrypted
authen
on particular links in the area?
Thank you to all who have been responding to these posts regarding ospf
authentication. Raj
----- Original Message -----
From: "Jonathan V Hays" <jhays@jtan.com>
To: <ccielab@groupstudy.com>
Sent: Friday, July 25, 2003 1:32 PM
Subject: RE: Unexpected ospf authentication behavior
> In addition, if you have area authentication configured, you can
> override it with a different authentication on the link. For example,
> below I have configured area 1 with message-digest authentication, but
I
> have configured simple authentication on the frame-relay subinterface.
I
> have full adjacency across all frame relay connections.
>
> interface Serial1.1 multipoint
> ip address 140.4.1.3 255.255.255.240
> ip ospf authentication
> ip ospf authentication-key 3com
> !
> !
> router ospf 4
> area 1 authentication message-digest
> network 140.4.1.3 0.0.0.0 area 1
>
>
> r3#sh ip ospf
> Routing Process "ospf 4" with ID 140.4.3.3
> [output omitted]
> Area 1
> Number of interfaces in this area is 2
> ==> Area has message digest authentication <==
> SPF algorithm executed 14 times
> Area ranges are
> 140.4.1.0/24 Active(64) Advertise
> Number of LSA 33. Checksum Sum 0xDEA6F
> Number of opaque link LSA 0. Checksum Sum 0x0
> Number of DCbitless LSA 0
> Number of indication LSA 0
> Number of DoNotAge LSA 0
> Flood list length 0
>
> r3#sh ip ospf interface s1.1
> Serial1.1 is up, line protocol is up
> Internet Address 140.4.1.3/28, Area 1
> Process ID 4, Router ID 140.4.3.3, Network Type NON_BROADCAST, Cost:
> 64
> Transmit Delay is 1 sec, State DR, Priority 255
> Designated Router (ID) 140.4.3.3, Interface address 140.4.1.3
> No backup designated router on this network
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:05
> Index 1/2, flood queue length 0
> Next 0x0(0)/0x0(0)
> Last flood scan length is 7, maximum is 11
> Last flood scan time is 4 msec, maximum is 8 msec
> Neighbor Count is 2, Adjacent neighbor count is 2
> Adjacent with neighbor 140.4.5.5
> Adjacent with neighbor 140.4.2.2
> Suppress hello for 0 neighbor(s)
> =>Simple password authentication enabled <==
> r3#
>
> (Responding to your own posts is a bad habit to get into. ;-)
>
> The Doc CD is not too clear on this capability but it is spelled out
> clearly in Chapter 2 of Parkhurst's "Cisco OSPF Command and
> Configuration Handbook", ISBN 1-58705-071-4.
>
> Jonathan
>
>
>
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:53 GMT-3