From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Oct 01 2003 - 14:59:32 GMT-3
Yes, you are correct - you cannot configure more than one plaintext
password. The password itself is never configured on an "area" but is
always configured on the Interface itself EVEN IF YOU ARE USING
AREA-BASED AUTHENTICATION. As a result, you can only have a single
plaintext password.
If you try to enter a second plaintext password on an interface, it will
overwrite the first one.
Let me know if you have any other questions.
Thanks,
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: Alec [mailto:clapun@graduate.hku.hk]
Sent: Wednesday, October 01, 2003 1:28 PM
To: Kenneth Wygand; kasturi cisco; lmac0303@hotmail.com;
ccielab@groupstudy.com
Subject: Re: OSPF Authentication
good explaination, but just want to further clear things up :
if both the area and interface are configured with plaintext
authentication,
can I configure different key for area and interface authentication ? I
guess that's not possible as you mention only one plain-text key is
allowed
for every interface.
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "Alec" <clapun@graduate.hku.hk>; "kasturi cisco"
<kasturi_cisco@hotmail.com>; <lmac0303@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Thursday, October 02, 2003 1:14 AM
Subject: RE: OSPF Authentication
> No. To understand this, you must first understand exactly what each
> command does. Essentially, setting IP OSPF AUTHENTICATION on the
> interface or AREA xx AUTHENTICATION merely turns Authentication on or
> off and specifies the type of authentication. There can only be one
> plain-text key and/or one MD5 key associated with an interface.
> However, only a single type of authentication can be enabled on an
> interface.
>
> Running the command "AREA xx AUTHENTICATION" basically enables
> authentication (and sets the type) on all interfaces configured to be
in
> that particular area. If you have "AREA xx AUTHENTICATION
> MESSAGE-DIGEST" on your router in your OSPF configuration and you also
> have "IP OSPF AUTHENTICATION" on one of the interfaces within that
area
> (note the lack of "message-digest", thus implying plain-text), then
the
> INTERFACE configuration SUPERCEDES the area authentication
> configuration.
>
> So in simple terms, the area and interface authentications are merely
> methods of turning authentication on and off for specific interfaces
or
> interfaces within an area (and setting the type of authentication to
> use). When it comes down to it though, the key (configured only on
the
> INTERFACE) is the piece used to authenticate.
>
> Hope this clears things up a bit.
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
> Custom Computer Specialists, Inc.
> "It's not just about ending up where you want to be, it's about making
> the most of the trip there."
> -Anonymous
>
> -----Original Message-----
> From: Alec [mailto:clapun@graduate.hku.hk]
> Sent: Wednesday, October 01, 2003 1:03 PM
> To: kasturi cisco; lmac0303@hotmail.com; ccielab@groupstudy.com
> Subject: Re: OSPF Authentication
>
> Hello,
>
> If both area and link authentication are enabled, say using plaintext,
> are
> there any way to configure different authentication-key ?
>
> regards,
> alec
>
> ----- Original Message -----
> From: "kasturi cisco" <kasturi_cisco@hotmail.com>
> To: <lmac0303@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, October 01, 2003 10:49 PM
> Subject: Re: OSPF Authentication
>
>
> > Hi Mac,
> >
> > To do OSPF authentication there are 2 ways as i know. Area
> authentication
> > and interface auth (newer ios codes). When u do Area auth u do it
on
> all
> > routers and their respective interfaces in that area. This is how it
> is:
> >
> > Plaintext:
> >
> > interface s0
> > ip ospf authentication-key cisco
> >
> > router ospf 1
> > area 0 authentication
> >
> > MD5:
> >
> > interface s0
> > ip ospf message-digest-key 1 md5 cisco
> >
> > router ospf 1
> > area 0 authentication message-digest
> >
> > When u want to do "Interface authentication" for neighbors as Tim
was
> > mentioning use the "ip ospf authentication commands" on the
interface.
> > This need not be done on all interfaces of all routers in that
> area.Only
> > between the 2 routers where u want this to be done.HTH.
> >
> > Good Luck,
> > Kasturi.
> >
> > >From: "Mac" >Reply-To: "Mac" >To: >Subject: OSPF Authentication
> >Date:
> > Wed, 1 Oct 2003 17:56:01 +1000 > >Hi, Group, > >Could you please
> advise
> > what commands are necessary to complete ospf >authentication? Some
> > examples on Cisco doen't include "ip ospf >authentication" under
> > interface. I am just not sure which is needed. Thanks. > > >Cheers,
>
> >
> > >Mac > >***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
>
>_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials
> from:
> > >shop.groupstudy.com > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
------------------------------------------------------------------------
> >
> > Answer simple questions. Win a free honeymoon. Sail into the sunset!
> >
> > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
>
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3