From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Oct 01 2003 - 14:14:54 GMT-3
No. To understand this, you must first understand exactly what each
command does. Essentially, setting IP OSPF AUTHENTICATION on the
interface or AREA xx AUTHENTICATION merely turns Authentication on or
off and specifies the type of authentication. There can only be one
plain-text key and/or one MD5 key associated with an interface.
However, only a single type of authentication can be enabled on an
interface.
Running the command "AREA xx AUTHENTICATION" basically enables
authentication (and sets the type) on all interfaces configured to be in
that particular area. If you have "AREA xx AUTHENTICATION
MESSAGE-DIGEST" on your router in your OSPF configuration and you also
have "IP OSPF AUTHENTICATION" on one of the interfaces within that area
(note the lack of "message-digest", thus implying plain-text), then the
INTERFACE configuration SUPERCEDES the area authentication
configuration.
So in simple terms, the area and interface authentications are merely
methods of turning authentication on and off for specific interfaces or
interfaces within an area (and setting the type of authentication to
use). When it comes down to it though, the key (configured only on the
INTERFACE) is the piece used to authenticate.
Hope this clears things up a bit.
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: Alec [mailto:clapun@graduate.hku.hk]
Sent: Wednesday, October 01, 2003 1:03 PM
To: kasturi cisco; lmac0303@hotmail.com; ccielab@groupstudy.com
Subject: Re: OSPF Authentication
Hello,
If both area and link authentication are enabled, say using plaintext,
are
there any way to configure different authentication-key ?
regards,
alec
----- Original Message -----
From: "kasturi cisco" <kasturi_cisco@hotmail.com>
To: <lmac0303@hotmail.com>; <ccielab@groupstudy.com>
Sent: Wednesday, October 01, 2003 10:49 PM
Subject: Re: OSPF Authentication
> Hi Mac,
>
> To do OSPF authentication there are 2 ways as i know. Area
authentication
> and interface auth (newer ios codes). When u do Area auth u do it on
all
> routers and their respective interfaces in that area. This is how it
is:
>
> Plaintext:
>
> interface s0
> ip ospf authentication-key cisco
>
> router ospf 1
> area 0 authentication
>
> MD5:
>
> interface s0
> ip ospf message-digest-key 1 md5 cisco
>
> router ospf 1
> area 0 authentication message-digest
>
> When u want to do "Interface authentication" for neighbors as Tim was
> mentioning use the "ip ospf authentication commands" on the interface.
> This need not be done on all interfaces of all routers in that
area.Only
> between the 2 routers where u want this to be done.HTH.
>
> Good Luck,
> Kasturi.
>
> >From: "Mac" >Reply-To: "Mac" >To: >Subject: OSPF Authentication
>Date:
> Wed, 1 Oct 2003 17:56:01 +1000 > >Hi, Group, > >Could you please
advise
> what commands are necessary to complete ospf >authentication? Some
> examples on Cisco doen't include "ip ospf >authentication" under
> interface. I am just not sure which is needed. Thanks. > > >Cheers, >
>
> >Mac > >***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
>_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials
from:
> >shop.groupstudy.com > >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
>
------------------------------------------------------------------------
>
> Answer simple questions. Win a free honeymoon. Sail into the sunset!
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3