From: Bajo (bajoalex@gmail.com)
Date: Fri May 26 2006 - 10:07:54 ART
Hi Brian,
Thanks for clarifying on "area authentication". I have been using the term
too. Guess where I got that idea from? IE labs :) See labs 3 ...etc... I
just follow my coaches (u two Brians, among others) :)
On 5/25/06, Brian Dennis <bdennis@internetworkexpert.com> wrote:
>
> There is no "area" authentication in OSPF. OSPF authentication is done
> on a segment by segment basis as per the RFC.
>
> The authentication type used by OSPF can be changed from the default of
> "null" to "clear text" or "MD5" under the routing process which applies
> to all interfaces within that area, or can be done at the interface
> level. By setting the authentication type under the routing process you
> are not doing "area" authentication. You are just setting the
> authentication type for all interfaces on your router that are within
> that area.
>
> Example:
> If I have 50 interfaces in area 1 and I want to authentication all of
> them it's easier to just use the command under the routing process as
> opposed to typing the interface level command 50 times.
>
> If I have 50 interfaces in area 1 and I only want to authentication 10
> of them then it's easiest to just apply the interface level command to
> the 10 interfaces that I want to enable authentication on. The reverse
> is to enable authentication under the routing process and set the
> authentication type to null on the other 40 interfaces within area 1
> that we did not want to enable authentication for.
>
> So don't confuse setting the authentication type under the routing
> process with doing "area" authentication which is not supported in OSPF.
> You can authentication all segments "within" an area but you can not do
> "area" authentication.
>
> Quick Command Summary:
>
> OSPF authentication can be enabled using the "area <area-id>
> authentication [message-digest]" routing process command or by the
> interface level "ip ospf authentication [message-digest | null]"
> command. The interface level command supersedes the routing process
> level command
>
> Virtual-link authentication can be enabled by using the "area 0
> authentication [message-digest]" or by using the "area <area-id>
> virtual-link router-id authentication [message-digest | null]" command.
> The virtual-link level command supersedes the routing process level
> command
>
> Setting the authentication type to null on an interface specifies that
> the interface will not perform authentication.
>
>
> HTH,
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> James Simons
> Sent: Thursday, May 25, 2006 7:04 PM
> To: Cisco certification
> Subject: ospf authentication methods
>
> hello all,
>
> I have a wierd question. Recently, I was configuring ospf
> authentication on
> an area. I used the usual commands but I used one for md5 authentication
> (ip
> ospf message-digest-key) and one that is used for clear text (ip ospf
> authentication)...and it still worked! Any thoughts to why? I tried
> debuging the packets and the ospf events but I couldn't see anything
> shed
> any light.
>
> the commands:
> R1 and R2:
> interface fa0/0
> ip ospf authentication
> ip ospf message-digest-key 1 md5 CISCO
>
> cheers,
>
> Jimmy
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Kind Regards,Bajo
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART