RE: OSPF authentication

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Mon Aug 02 2004 - 13:19:34 GMT-3

• Next message: Adam Asay: "IP and IOS Features"
• Previous message: Danny Andaluz: "Possible Bug?"
• Maybe in reply to: Narcis Micsoniu: "OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually the scenario does refer to MD5 authentication because you have
to be able to change the password during the password migration without
affecting the routing table. So, MD5 authentication with different keys
will allow you to do this without interupting the routing process during
the migration.

HTH,
Andy

-----Original Message-----
From: Daniel Sheedy [mailto:dansheedy@gmx.net]
Sent: Monday, August 02, 2004 1:32 AM
To: Narcis Micsoniu; ccielab@groupstudy.com
Subject: Re: OSPF authentication

Hi Narcis,

It says you want area 0 to be authenticated. So, the first thing you
need to do is go into:

router ospf 1
area 0 authentication

Im just using plain-text authentication here, as it doesnt specifically
mention anything about encrypting, or MD5..

So, then we go to the interfaces.

On the interface, I type in:

ip ospf authentication-key CISCO

I do that on all my routers, and hey presto, I have authentication
working. Ah, but the requirement was that I must be able to change the
key, without interuption. So, somehow I need to put two keys on the
interface. One using CCIE, the other using CISCO. If I try that with
plain-text, it is not going to really work well...

So, remove all that configuration, and change it to MD5 authentication.

router ospf 1
area 0 authentication message-digest

and under the interface:

ip ospf message-digest-key 1 md5 CISCO

Notice the key number? So, now I am able to have more than one key!

ip ospf message-digest-key 2 md5 CCIE

If I go to the other router, and give it also a second key, I should be
able to delete the first key with no real problems. It will pick up the
second key on both routers, and carry on. Cool huh?

Just dont forget about changing the keys on any virtual-links as well.

hth

Dan Sheedy

----- Original Message -----
From: "Narcis Micsoniu" <micsoniu@telus.net>
To: <ccielab@groupstudy.com>
Sent: Monday, August 02, 2004 8:48 AM
Subject: OSPF authentication

> A really wise advice is more than needed :
>
> Configure area 0 on the Frame Relay cloud between R1, R2 and R3 In
> order to prevent false routing information area 0 will be
> authenticated using the password CISCO. In the future the password
> will be changed from CISCO to CCIE. This migration should be
> performed without disrupting the communication between adjacent
> routers. Start this migration on R3 only
>
> Q: - Is a mechanism similar to ISIS ( area & link keys) available for
> OSPF
?
> If not, what workaround can be used ?
>
> Thank you
>
> [GroupStudy removed an attachment of type application/ms-tnef which
> had a
name of winmail.dat]
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Adam Asay: "IP and IOS Features"
• Previous message: Danny Andaluz: "Possible Bug?"
• Maybe in reply to: Narcis Micsoniu: "OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:31 GMT-3