From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Mar 29 2005 - 08:15:13 GMT-3
John,
There are a couple things to take note of when configuring ospf
authentication.
1. Unlike rip, eigrp and now ISIS, ospf doesn't ever use the key-chain
construct.
2. Use the area X authen command to specify what type of authen to use.
3. Remember that the interface INHERITS the authen type from the area
command.
4. Configure the interface password using the command appropriate for the
type of authen that's inherited from the area x authen command under the
routing process.
5. (I'm not 100% sure about this but...) If required, you can override the
inherited authen type with interface commands which means some links in an
area can use clear text while others use encrypted while others use null
authen.
If I'm mistaken on that last point, someone please correct me.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Monday, March 28, 2005 11:08 PM
To: ccielab@groupstudy.com
Subject: ospf area authentication
ok, here is the situation.
i go to enable area authtication for 3 router connected in hub-and-spoke
topology. the config is as follows:
all router:
router os 1
area 1 authen message-digest
int s0/0
ip o message-digest-key 1 md5 cisco
key chan cisco
key 1
key-string cisco
so i've done that on the hub and one of the spokes, and the adjacencies of
those 2 routers go down and up as i input the interface level commands, but
the other spoke that is only configured with the area authentication and no
the interface level authentication STILL maintains its adjacency. why
exactly is that???? my expectation is that it would go down and stay down
untill i've configured the interface level authentication...............or
am i wrong (probably)....
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3