Re: area authentication

From: Ali.Huang (zero5291@gmail.com)
Date: Mon Aug 29 2005 - 09:55:25 GMT-3

• Next message: cciein2006@yahoo.com: "Three Test Minimum?"
• Previous message: Anh P Tran: "What would you recommend in the last 2 months"
• Maybe in reply to: Ali.Huang: "area authentication"
• Next in thread: Leo Leung: "Re: area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks ,I got it.
Wow!The following summary is very classical.
From Brian Dennis,
       There isn't support for "area" and "interface" authentication in
OSPF. All OSPF authentication is done on a per segment basis. The
RFC says that all routers on a "network" (i.e. segment/subnet) must
have the same authentication type configured and not all routers
within an "area". The confusion comes in the way Cisco has
implemented the commands to set the authentication type.

       The "area <area-id> authentication" and "area <area-id>
authentication message-digest" commands are just simple methods to set
the authentication type for all interfaces within an area on
router.The interface level commands (ip ospf authentication, ip ospf
authentication message-digest, and ip ospf authentication null" are
methods to enable authentication on a single interface and/or override
the authentication type set under the routing process.

       If you have ten interfaces in area 0 and you want to perform
authentication on all ten of them, it's easier to just enable
authentication using the "area 0 authentication <message-digest>"
command than it is to type the "ip ospf authentication <message-digest>"
command under each of the ten interfaces. But if you have ten
interfaces in area 0 and you want to authenticate just a single
interface, it's easier to use the interface level command on the one
interface than it is to use the routing process level command. If the
routing process level command is used, you will need to override it on
the other nine interfaces by setting them back to the default of null
authentication by using the "ip ospf authentication null" command.

       Lastly the authentication type configured under the interface
will always override the authentication type configured under the
routing process.

On 8/29/05, ccie2be <ccie2be@nyc.rr.com> wrote:
> There was a detailed discussion on this topic fairly recently around May
> 2005.
>
> Do a search in the archives for this subject:
>
> Simple Authentication on Area 0 and MD5 on Virtual link
>
> HTH,Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ali.Huang
> Sent: Monday, August 29, 2005 7:52 AM
> To: Cisco certification
> Subject: Re: area authentication
>
> Hi,group,
> Thanks you.
> I know I can do this under interface level ,even though without
> using the "area <area-id> authentication" or "area <area-id>
> authentication message-digest" commands.It seems like bones,no
> contents, useless.But you have to use in CCIE exam.
> I want to know whether it's right or not?
>
> On 8/29/05, kumara.shunmugam@wipro.com <kumara.shunmugam@wipro.com> wrote:
> >
> > What key/password you have configured in the ospf interface using ip ospf
> authentication-key/ip ospf message-digest-key 1 md5 command. What is your
> "show ip ospf inter" output shows about the authentication in the last lines
> ?
> >
> > Shun
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ali.Huang
> > Sent: Monday, August 29, 2005 3:02 AM
> > To: Cisco certification
> > Subject: area authentication
> >
> > Hi,group,
> > I am confused of area authentication of OSPF.
> > I configure as"area <area-id> authentication" or "area <area-id>
> > authentication message-digest" commands on routers,but I didn't know
> > where to find the key?When I issue debug ip ospf adja,I found the
> > following ,
> > 08:23:59: OSPF: Send with youngest Key 0,
> > It doesn't affect adjacencies between routers.It seems not work,why?
> >
> > --
> > THX.
> > Ali.huang
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > Confidentiality Notice
> > The information contained in this electronic
> > message and any attachments to this message are
> > intended for the exclusive use of the addressee(s)
> > and may contain confidential or privileged information.
> > If you are not the intended recipient, please notify
> > the sender at Wipro or Mailadmin@wipro.com immediately
> > and destroy all copies of this message and any attachments.
> >
>
>
> --
> THX.
> Ali.huang
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>

-- 
THX.
Ali.huang

• Next message: cciein2006@yahoo.com: "Three Test Minimum?"
• Previous message: Anh P Tran: "What would you recommend in the last 2 months"
• Maybe in reply to: Ali.Huang: "area authentication"
• Next in thread: Leo Leung: "Re: area authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:20 GMT-3