From: Alec (clapun@graduate.hku.hk)
Date: Wed Oct 01 2003 - 14:28:02 GMT-3
good explaination, but just want to further clear things up :
if both the area and interface are configured with plaintext authentication,
can I configure different key for area and interface authentication ? I
guess that's not possible as you mention only one plain-text key is allowed
for every interface.
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "Alec" <clapun@graduate.hku.hk>; "kasturi cisco"
<kasturi_cisco@hotmail.com>; <lmac0303@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Thursday, October 02, 2003 1:14 AM
Subject: RE: OSPF Authentication
> No. To understand this, you must first understand exactly what each
> command does. Essentially, setting IP OSPF AUTHENTICATION on the
> interface or AREA xx AUTHENTICATION merely turns Authentication on or
> off and specifies the type of authentication. There can only be one
> plain-text key and/or one MD5 key associated with an interface.
> However, only a single type of authentication can be enabled on an
> interface.
>
> Running the command "AREA xx AUTHENTICATION" basically enables
> authentication (and sets the type) on all interfaces configured to be in
> that particular area. If you have "AREA xx AUTHENTICATION
> MESSAGE-DIGEST" on your router in your OSPF configuration and you also
> have "IP OSPF AUTHENTICATION" on one of the interfaces within that area
> (note the lack of "message-digest", thus implying plain-text), then the
> INTERFACE configuration SUPERCEDES the area authentication
> configuration.
>
> So in simple terms, the area and interface authentications are merely
> methods of turning authentication on and off for specific interfaces or
> interfaces within an area (and setting the type of authentication to
> use). When it comes down to it though, the key (configured only on the
> INTERFACE) is the piece used to authenticate.
>
> Hope this clears things up a bit.
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
> Custom Computer Specialists, Inc.
> "It's not just about ending up where you want to be, it's about making
> the most of the trip there."
> -Anonymous
>
> -----Original Message-----
> From: Alec [mailto:clapun@graduate.hku.hk]
> Sent: Wednesday, October 01, 2003 1:03 PM
> To: kasturi cisco; lmac0303@hotmail.com; ccielab@groupstudy.com
> Subject: Re: OSPF Authentication
>
> Hello,
>
> If both area and link authentication are enabled, say using plaintext,
> are
> there any way to configure different authentication-key ?
>
> regards,
> alec
>
> ----- Original Message -----
> From: "kasturi cisco" <kasturi_cisco@hotmail.com>
> To: <lmac0303@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, October 01, 2003 10:49 PM
> Subject: Re: OSPF Authentication
>
>
> > Hi Mac,
> >
> > To do OSPF authentication there are 2 ways as i know. Area
> authentication
> > and interface auth (newer ios codes). When u do Area auth u do it on
> all
> > routers and their respective interfaces in that area. This is how it
> is:
> >
> > Plaintext:
> >
> > interface s0
> > ip ospf authentication-key cisco
> >
> > router ospf 1
> > area 0 authentication
> >
> > MD5:
> >
> > interface s0
> > ip ospf message-digest-key 1 md5 cisco
> >
> > router ospf 1
> > area 0 authentication message-digest
> >
> > When u want to do "Interface authentication" for neighbors as Tim was
> > mentioning use the "ip ospf authentication commands" on the interface.
> > This need not be done on all interfaces of all routers in that
> area.Only
> > between the 2 routers where u want this to be done.HTH.
> >
> > Good Luck,
> > Kasturi.
> >
> > >From: "Mac" >Reply-To: "Mac" >To: >Subject: OSPF Authentication
> >Date:
> > Wed, 1 Oct 2003 17:56:01 +1000 > >Hi, Group, > >Could you please
> advise
> > what commands are necessary to complete ospf >authentication? Some
> > examples on Cisco doen't include "ip ospf >authentication" under
> > interface. I am just not sure which is needed. Thanks. > > >Cheers, >
> >
> > >Mac > >***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
> >_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials
> from:
> > >shop.groupstudy.com > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> >
> ------------------------------------------------------------------------
> >
> > Answer simple questions. Win a free honeymoon. Sail into the sunset!
> >
> > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3