Re: Authentication on OSPF Area 0 and VL

From: Godswill Oletu (oletu@inbox.lv)
Date: Sat May 06 2006 - 23:56:27 ART

• Next message: Scott Morris: "RE: Trouble shooting questions in the lab exam !!"
• Previous message: johngibson1541@yahoo.com: "What is your inspiration ?"
• Maybe in reply to: Wang, Ting \(Taylor\): "Authentication on OSPF Area 0 and VL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Wang,

Two steps must be completed to authenticate in OSPF.

1. Defination of Authentication method to be used.
2. Defination of the Authentication Key.

For non-virtual links, step 1 can be defined either under the 'Router OSPF
<process>' prompt, for it to affect all the AREA or at the interface level,
to either only Authenticate that interface or choose a different method of
Authentication for that interface or to exclude that interface from
authentication...e.g:

Router OSPF 1
Area 1 authentication - step 1 (using clear text)

OR

Interface Serial0/0
Ip ospf authentication - step 1 (using clear text)
!
For non-virtual links, keys can only be defined at the interface...e.g:

Interface Serial0/0
Ip ospf authentication CISCO - step 2
!

For Virtual Links, steps 1 & 2 have to be defined under 'Router OSPF
<process>' prompt, It is save to think of a Virtual Link as a
pseudo-interface, originating from within the Router OSPF <process id>
prompt.

!
Router OSPF 1
Area 1 virtual-link 1.1.1.1 authentication message-digest -step 1 (usng md5)
Area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 CISCO - step 2

You see that, whatsoever happens at the interface level, will not affect any
authentication method or key choosen by the Virtual Links. However the
virtual links must be authenticated whenever AREA 0 is authenticated and the
method choosen must be the same.

HTH
Godswill Oletu

----- Original Message -----
From: "Wang, Ting (Taylor)" <wangting@avaya.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, May 06, 2006 10:40 AM
Subject: Authentication on OSPF Area 0 and VL

> Hi Group,
>
> If the task require on method of the Authentication (e.g. plain text) on
> OSPF Area 0. Does it mean the VL need to
> use the same authentication? If the none backbone area which the VL
> transit across adopt a more secured authentication like MD5, will the
> packet for VL still use the plain text? As we know, the VL is just like
> a GRE tunnel over the none backbone area.
>
> Thanks,
> Taylor
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Trouble shooting questions in the lab exam !!"
• Previous message: johngibson1541@yahoo.com: "What is your inspiration ?"
• Maybe in reply to: Wang, Ting \(Taylor\): "Authentication on OSPF Area 0 and VL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART