From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Oct 01 2003 - 17:51:27 GMT-3
Barney,
You are correct in the fact that "ip ospf authentication message-digest"
on the interface will take effect instead of the "area xx authentication
message-digest" in the OSPF routing process - BUT... it doesn't really
"substitute" it, it actually SUPERCEDES it... meaning you can have area
and interface authentication configured, but if both authentication
methods are applied to an interface and that interface is also part of
the area for which you configured authentication, the INTERFACE
authentication configuration is the only one that is in effect.
Does this make sense to you? Let me know if you need further
clarification.
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: Barney Gaumer [mailto:bagaumer@yahoo.com]
Sent: Wednesday, October 01, 2003 4:36 PM
To: kasturi cisco; lmac0303@hotmail.com; ccielab@groupstudy.com
Subject: Re: OSPF Authentication
I've used the following config. for link
authentication between a cat 3550 running 12.1(14)EA1a
and a 2600 running 12.2(19).
I haven't had any problems with this config. I
haven't experimented with the area authentication
commands in the routing process yet but I believe that
the "ip ospf authentication message-digest" at the
interface level substitutes for the same in the
process itself. correct me if I am wrong.
router-a
!
interface FastEthernet0/0
ip address 192.168.5.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 monkey
speed 100
full-duplex
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
network 192.168.5.0 0.0.0.255 area 0
lab_cat3550
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 monkey
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
network 192.168.5.0 0.0.0.255 area 0
default-information originate
!
--- kasturi cisco <kasturi_cisco@hotmail.com> wrote:
> Hi Mac,
>
> To do OSPF authentication there are 2 ways as i
> know. Area authentication
> and interface auth (newer ios codes). When u do
> Area auth u do it on all
> routers and their respective interfaces in that
> area. This is how it is:
>
> Plaintext:
>
> interface s0
> ip ospf authentication-key cisco
>
> router ospf 1
> area 0 authentication
>
> MD5:
>
> interface s0
> ip ospf message-digest-key 1 md5 cisco
>
> router ospf 1
> area 0 authentication message-digest
>
> When u want to do "Interface authentication" for
> neighbors as Tim was
> mentioning use the "ip ospf authentication commands"
> on the interface.
> This need not be done on all interfaces of all
> routers in that area.Only
> between the 2 routers where u want this to be
> done.HTH.
>
> Good Luck,
> Kasturi.
>
> >From: "Mac" >Reply-To: "Mac" >To: >Subject: OSPF
> Authentication >Date:
> Wed, 1 Oct 2003 17:56:01 +1000 > >Hi, Group, >
> >Could you please advise
> what commands are necessary to complete ospf
> >authentication? Some
> examples on Cisco doen't include "ip ospf
> >authentication" under
> interface. I am just not sure which is needed.
> Thanks. > > >Cheers, > >
> >Mac > >***Get your CCIE and a FREE vacation:
> Shop.GroupStudy.com***
>
>_______________________________________________________________________
> >Please help support GroupStudy by purchasing your
> study materials from:
> >shop.groupstudy.com > >Subscription information may
> be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
>
------------------------------------------------------------------------
>
> Answer simple questions. Win a free honeymoon. Sail
> into the sunset!
>
> ***Get your CCIE and a FREE vacation:
> Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:55 GMT-3