RE: OSPF Authentication

From: Barney Gaumer (bagaumer@yahoo.com)
Date: Wed Oct 01 2003 - 17:56:32 GMT-3

• Next message: IPexpert, Inc.: "Re: CCIE's Looking for employment"
• Previous message: Kenneth Wygand: "RE: OSPF Authentication"
• Maybe in reply to: Mac: "OSPF Authentication"
• Next in thread: Snow, Tim: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Nope - That makes total sense!

Thanks for the clarification,

Barney
--- Kenneth Wygand <KWygand@customonline.com> wrote:
> Barney,
>
> You are correct in the fact that "ip ospf
> authentication message-digest"
> on the interface will take effect instead of the
> "area xx authentication
> message-digest" in the OSPF routing process - BUT...
> it doesn't really
> "substitute" it, it actually SUPERCEDES it...
> meaning you can have area
> and interface authentication configured, but if both
> authentication
> methods are applied to an interface and that
> interface is also part of
> the area for which you configured authentication,
> the INTERFACE
> authentication configuration is the only one that is
> in effect.
>
> Does this make sense to you? Let me know if you
> need further
> clarification.
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1,
> Network+, A+
> Custom Computer Specialists, Inc.
> "It's not just about ending up where you want to be,
> it's about making
> the most of the trip there."
> -Anonymous
>
> -----Original Message-----
> From: Barney Gaumer [mailto:bagaumer@yahoo.com]
> Sent: Wednesday, October 01, 2003 4:36 PM
> To: kasturi cisco; lmac0303@hotmail.com;
> ccielab@groupstudy.com
> Subject: Re: OSPF Authentication
>
> I've used the following config. for link
> authentication between a cat 3550 running
> 12.1(14)EA1a
> and a 2600 running 12.2(19).
>
> I haven't had any problems with this config. I
> haven't experimented with the area authentication
> commands in the routing process yet but I believe
> that
> the "ip ospf authentication message-digest" at the
> interface level substitutes for the same in the
> process itself. correct me if I am wrong.
>
> router-a
> !
> interface FastEthernet0/0
> ip address 192.168.5.2 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 monkey
> speed 100
> full-duplex
> !
>
> router ospf 100
> log-adjacency-changes
> redistribute connected subnets
> network 192.168.5.0 0.0.0.255 area 0
>
>
>
>
> lab_cat3550
> !
> interface Vlan5
> ip address 192.168.5.1 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 monkey
> !
> router ospf 100
> log-adjacency-changes
> redistribute connected subnets
> network 192.168.5.0 0.0.0.255 area 0
> default-information originate
> !
>
>
>
>
> --- kasturi cisco <kasturi_cisco@hotmail.com> wrote:
> > Hi Mac,
> >
> > To do OSPF authentication there are 2 ways as i
> > know. Area authentication
> > and interface auth (newer ios codes). When u do
> > Area auth u do it on all
> > routers and their respective interfaces in that
> > area. This is how it is:
> >
> > Plaintext:
> >
> > interface s0
> > ip ospf authentication-key cisco
> >
> > router ospf 1
> > area 0 authentication
> >
> > MD5:
> >
> > interface s0
> > ip ospf message-digest-key 1 md5 cisco
> >
> > router ospf 1
> > area 0 authentication message-digest
> >
> > When u want to do "Interface authentication" for
> > neighbors as Tim was
> > mentioning use the "ip ospf authentication
> commands"
> > on the interface.
> > This need not be done on all interfaces of all
> > routers in that area.Only
> > between the 2 routers where u want this to be
> > done.HTH.
> >
> > Good Luck,
> > Kasturi.
> >
> > >From: "Mac" >Reply-To: "Mac" >To: >Subject: OSPF
> > Authentication >Date:
> > Wed, 1 Oct 2003 17:56:01 +1000 > >Hi, Group, >
> > >Could you please advise
> > what commands are necessary to complete ospf
> > >authentication? Some
> > examples on Cisco doen't include "ip ospf
> > >authentication" under
> > interface. I am just not sure which is needed.
> > Thanks. > > >Cheers, > >
> > >Mac > >***Get your CCIE and a FREE vacation:
> > Shop.GroupStudy.com***
> >
>
>_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your
> > study materials from:
> > >shop.groupstudy.com > >Subscription information
> may
> > be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
------------------------------------------------------------------------
> >
> > Answer simple questions. Win a free honeymoon.
> Sail
> > into the sunset!
> >
> > ***Get your CCIE and a FREE vacation:
> > Shop.GroupStudy.com***
> >
>

• Next message: IPexpert, Inc.: "Re: CCIE's Looking for employment"
• Previous message: Kenneth Wygand: "RE: OSPF Authentication"
• Maybe in reply to: Mac: "OSPF Authentication"
• Next in thread: Snow, Tim: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:55 GMT-3