RE: OSPF Authentication

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Wed Dec 03 2003 - 13:37:53 GMT-3

• Next message: kasturi cisco: "Re: The bgp confederation peers as-number [... as-number]"
• Previous message: Jaksec, Nick: "RE: CCIE number 12602"
• Maybe in reply to: Ashok Verma \(ashoverm\): "OSPF Authentication"
• Next in thread: Scott Morris: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Blackhawk,
In regards to OSPF plain text authentication, you stated below that by using
'5' the password is being put in as an MD5 hash. So the question is if the
password is stored as an MD5 hash in the configuration, how will OSPF be
able to reverse the hash so it can send the password across in clear text?
;-)

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
Internetwork Expert, Inc.
http://www.InternetworkExpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, December 03, 2003 5:01 AM
To: 'Ashok Verma (ashoverm)'; ccielab@groupstudy.com
Subject: RE: OSPF Authentication

The encryption type is something that should be specified by the router.
YOU should use '0' if you feel the need to type something in there. If
you use '7', you are telling the router that the string you are typing
in is already encrypted with the Cisco-lite encryption. If you use '5',
you ar telling the router that the string you are typing in is already
encrypted as an MD5 hash.

So if you type anything other than '0', you are telling the router that
you are typing in a PRE-encrypted string. This is useful if you are
copying (e.g. cut 'n' paste) configs from another router, but otherwise,
not likely.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ashok Verma (ashoverm)
Sent: Wednesday, December 03, 2003 3:17 AM
To: ccielab@groupstudy.com
Subject: OSPF Authentication

Hi

I have a question about the OSPF authentication, When we configure
simple clear text authentication by using the " ip ospf
authetication-key <encription type 0-7> <key>.

Which Encrytion type should be used.Sometime this gives problem in
authentication of the the hello between neighbours.

Thanks in advance

Ashok Kumar Verma
CCIP,CCDP,CCNP
Network Consulting Engineer
Customer Advocacy Advanced Service Dep.
Service Provider AS Div.2
Cisco Systems, K.K.Japan.

Tel: +81-3-5324-4583
e-mail: ashoverm@cisco.com

• Next message: kasturi cisco: "Re: The bgp confederation peers as-number [... as-number]"
• Previous message: Jaksec, Nick: "RE: CCIE number 12602"
• Maybe in reply to: Ashok Verma \(ashoverm\): "OSPF Authentication"
• Next in thread: Scott Morris: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:35 GMT-3