From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Fri Oct 28 2005 - 02:57:32 GMT-3
Thinking of this, seems that only MD5 uses the Key to his math stuffs, so
keys have to be the same to compare the Hash Value.. Nice !
It would be nice to debug the authentication process
Dismiss my last question please
----- Original Message -----
From: "Victor Cappuccio" <cvictor@protokolgroup.com>
To: <ccielab@groupstudy.com>
Sent: Friday, October 28, 2005 1:15 AM
Subject: Simple OSPF Authentication..
> What is the difference in Security perspective to use?
>
> ip ospf authentication
>
> ip ospf authentication-key 1 cisco
>
>
>
> or
>
>
>
> ip ospf authentication
>
> ip ospf authentication-key cisco
>
>
>
> ?
>
>
>
> Thanks
>
> I have it working with 1 key in one side with no key in the other, with no
> keys in both sides, and with keys in both sides :S
> ======================
> R6 Fast0/0.26 ------- Eth0 R2
> =======================
>
>
> =========================
>
> R6 Config
>
> ..
>
> Rack1R6#show run interface fastEthernet 0/0.26
>
> Building configuration...
>
>
>
> Current configuration : 157 bytes
>
> !
>
> interface FastEthernet0/0.26
>
> encapsulation dot1Q 26
>
> ip address 174.1.26.6 255.255.255.0
>
> ip ospf authentication
>
> ip ospf authentication-key 1 cisco
>
> end
>
>
>
> Rack1R6#show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address
Interface
>
> 150.1.2.2 1 FULL/DR 00:00:38 174.1.26.2
> FastEthernet0/0.26
>
> Rack1R6#
>
> Rack1R6#show ip ospf interface
>
> FastEthernet0/0.26 is up, line protocol is up
>
> Internet Address 174.1.26.6/24, Area 0
>
> Process ID 1, Router ID 150.1.6.6, Network Type BROADCAST, Cost: 1
>
> Transmit Delay is 1 sec, State BDR, Priority 1
>
> Designated Router (ID) 150.1.2.2, Interface address 174.1.26.2
>
> Backup Designated router (ID) 150.1.6.6, Interface address 174.1.26.6
>
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>
> oob-resync timeout 40
>
> Hello due in 00:00:01
>
> Index 1/1, flood queue length 0
>
> Next 0x0(0)/0x0(0)
>
> Last flood scan length is 1, maximum is 1
>
> Last flood scan time is 0 msec, maximum is 4 msec
>
> Neighbor Count is 1, Adjacent neighbor count is 1
>
> Adjacent with neighbor 150.1.2.2 (Designated Router)
>
> Suppress hello for 0 neighbor(s)
>
> Simple password authentication enabled
> Rack1R6#
>
> ============================
> R2 Config
> ...
>
> Rack1R2#show ip ospf interface
>
>
> Ethernet0 is up, line protocol is up
>
> Internet Address 174.1.26.2/24, Area 0
>
> Process ID 1, Router ID 150.1.2.2, Network Type BROADCAST, Cost: 10
>
> Transmit Delay is 1 sec, State DR, Priority 1
>
> Designated Router (ID) 150.1.2.2, Interface address 174.1.26.2
>
> Backup Designated router (ID) 150.1.6.6, Interface address 174.1.26.6
>
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>
> Hello due in 00:00:01
>
> Index 3/3, flood queue length 0
>
> Next 0x0(0)/0x0(0)
>
> Last flood scan length is 2, maximum is 2
>
> Last flood scan time is 0 msec, maximum is 0 msec
>
> Neighbor Count is 1, Adjacent neighbor count is 1
>
> Adjacent with neighbor 150.1.6.6 (Backup Designated Router)
>
> Suppress hello for 0 neighbor(s)
>
> Simple password authentication enabled
> Loopback0 is up, line protocol is up
>
> Internet Address 150.1.2.2/24, Area 0
>
> Process ID 1, Router ID 150.1.2.2, Network Type LOOPBACK, Cost: 1
>
> Loopback interface is treated as a stub Host
>
> Rack1R2#
>
> Rack1R2#show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address
Interface
>
> 150.1.6.6 1 FULL/BDR 00:00:38 174.1.26.6
Ethernet0
>
>
>
> Rack1R2#show run interface ethernet 0
>
> Building configuration...
>
>
>
> Current configuration : 122 bytes
>
> !
>
> interface Ethernet0
>
> ip address 174.1.26.2 255.255.255.0
>
> ip ospf authentication
>
> ip ospf authentication-key cisco
>
> end
>
>
>
> ---
> Victor Cappuccio
> cvictor@protokolgroup.com
> ..O.
> ....O
> OOO
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:54 GMT-3