RE: ospf authentication

From: Scott Morris (swm@emanon.com)
Date: Sun Oct 01 2006 - 00:38:19 ART

• Next message: Magmax: "RE: ospf authentication"
• Previous message: Magmax: "RE: ospf authentication"
• Maybe in reply to: Magmax: "ospf authentication"
• Next in thread: Magmax: "RE: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In this particular case, you are only enabling things on a single interface.
So you're right, it has nothing to do with an area, or virtual link or
anything else but peers specifically on this interface.

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: Magmax [mailto:magmax@bigpond.net.au]
Sent: Saturday, September 30, 2006 11:34 PM
To: swm@emanon.com; ccielab@groupstudy.com
Subject: RE: ospf authentication

My mistake it should be

interface Serial0/0.315 multipoint

 ip address 190.168.315.3 255.255.255.0

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 CISCO

 frame-relay map ip 192.168.315.2 502 broadcast

 frame-relay map ip 192.168.315.3 503

 no frame-relay inverse-arp

Right now I will do interface authentication but not ospf area
authentication. Also I don't need to enable any virtual-link authentication
or need area 0 authetication message-digest command under ospf process

Ubaid

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Sunday, 1 October 2006 1:25 PM
To: 'Magmax'; ccielab@groupstudy.com
Subject: RE: ospf authentication

Are you asking or telling? ;)

You CAN.... And it will work with your peers (if they're identical).
However, you won't get any points for it.

"ip ospf authentication message-digest" needs to have "ip ospf
message-digest-key ..." in order to use the password CISCO. You configured
a clear-text key yet enabled message-digest authentication.

When you do "show ip ospf interface s0/0.235" you'll find that
message-digest authentication IS indeed enabled but is using Key 0, which is
the NULL keyset. So if all of your routers are like that you'll get peers,
and things will look good but you aren't using Key 1 CISCO, so you don't get
points.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Magmax
Sent: Saturday, September 30, 2006 11:06 PM
To: ccielab@groupstudy.com
Subject: ospf authentication

interface Serial0/0.235 multipoint

 ip address 190.168.315.3 255.255.255.0

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 CISCO

 frame-relay map ip 192.168.315.2 502 broadcast

 frame-relay map ip 192.168.315.3 503 broadcast

 no frame-relay inverse-arp

Guys,

I can enable ospf authentication on per interface basis like above

• Next message: Magmax: "RE: ospf authentication"
• Previous message: Magmax: "RE: ospf authentication"
• Maybe in reply to: Magmax: "ospf authentication"
• Next in thread: Magmax: "RE: ospf authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:03 ART