From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Fri May 26 2006 - 01:18:49 ART
There is no "area" authentication in OSPF. OSPF authentication is done
on a segment by segment basis as per the RFC.
The authentication type used by OSPF can be changed from the default of
"null" to "clear text" or "MD5" under the routing process which applies
to all interfaces within that area, or can be done at the interface
level. By setting the authentication type under the routing process you
are not doing "area" authentication. You are just setting the
authentication type for all interfaces on your router that are within
that area.
Example:
If I have 50 interfaces in area 1 and I want to authentication all of
them it's easier to just use the command under the routing process as
opposed to typing the interface level command 50 times.
If I have 50 interfaces in area 1 and I only want to authentication 10
of them then it's easiest to just apply the interface level command to
the 10 interfaces that I want to enable authentication on. The reverse
is to enable authentication under the routing process and set the
authentication type to null on the other 40 interfaces within area 1
that we did not want to enable authentication for.
So don't confuse setting the authentication type under the routing
process with doing "area" authentication which is not supported in OSPF.
You can authentication all segments "within" an area but you can not do
"area" authentication.
Quick Command Summary:
OSPF authentication can be enabled using the "area <area-id>
authentication [message-digest]" routing process command or by the
interface level "ip ospf authentication [message-digest | null]"
command. The interface level command supersedes the routing process
level command
Virtual-link authentication can be enabled by using the "area 0
authentication [message-digest]" or by using the "area <area-id>
virtual-link router-id authentication [message-digest | null]" command.
The virtual-link level command supersedes the routing process level
command
Setting the authentication type to null on an interface specifies that
the interface will not perform authentication.
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Simons
Sent: Thursday, May 25, 2006 7:04 PM
To: Cisco certification
Subject: ospf authentication methods
hello all,
I have a wierd question. Recently, I was configuring ospf
authentication on
an area. I used the usual commands but I used one for md5 authentication
(ip
ospf message-digest-key) and one that is used for clear text (ip ospf
authentication)...and it still worked! Any thoughts to why? I tried
debuging the packets and the ospf events but I couldn't see anything
shed
any light.
the commands:
R1 and R2:
interface fa0/0
ip ospf authentication
ip ospf message-digest-key 1 md5 CISCO
cheers,
Jimmy
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART