Re: Virtual-link authentication and AREA 0 authentication

From: Petr Lapukhov (petrsoft@gmail.com)
Date: Sun Apr 02 2006 - 14:32:54 GMT-3

• Next message: Petr Lapukhov: "Re: How I learned to stop worrying and love the LAB"
• Previous message: swm@emanon.com: "Re: Virtual-link authentication and AREA 0 authentication"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Only *adjancencies* need to be authenticated.

So you need no authentication on stub networks,
only on transit links.

HTH
Petr

2006/4/2, sheng li <slilxn@yahoo.com>:
>
> Thanks to everyone who chipped in your view. You
> guys/gals are so wonderful!
>
> I'm summarizing the situation:
> With both the physical area 0 router and Virtual
> linked remote router having "area 0 authen mess", the
> virtual links are up and authenticated, but with Null
> key, which might not satisfy the lab requirement. I do
> see links being fully exchanged.
> How about loopbacks? All those loopback interfaces I
> am supposed to put inside area 0, do I really need to
> apply the "ip ospf mess 1 md5 <key>", per possible lab
> requirement?
>
> Thanks,
> Frank
> --- swm@emanon.com wrote:
>
> > If you look at your "show ip ospf interface" and
> > "show ip ospf virtual-link" you'll find that you ARE
> > indeed authenticating over the virtual link.
> > However you are encrypting with a null (empty) key.
> >
> > If your lab says use "cisco" as the password, you
> > just messed up. :)
> >
> > HTH,
> >
> > Scott
> >
> > ---- Message from sheng li <slilxn@yahoo.com> at
> > 2006-04-01 21:45:57 ------
> > >Folks,
> > >I've heard statements from several people that when
> > >OSPF area0 is configured with authentication, say,
> > >md5, the virtual links connecting a remote area
> > must
> > >be also configured with the same authentication.
> > I've
> > >doubted it and my routers seem to be distributing
> > >routes happily as long as the virtual-linked remote
> > >ABR has "ar 0 auth mess". Can you help me clarify
> > if
> > >this is a real requirement or am I missing
> > anything?
> > >
> > >Thanks!
> > >Frank
> > >
> > >__________________________________________________
> > >Do You Yahoo!?
> > >Tired of spam? Yahoo! Mail has the best spam
> > protection around
> > >http://mail.yahoo.com
> > >
> >
> >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Petr Lapukhov: "Re: How I learned to stop worrying and love the LAB"
• Previous message: swm@emanon.com: "Re: Virtual-link authentication and AREA 0 authentication"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3