From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sat Nov 11 2006 - 11:25:36 ART
There was a similar question just asked on this subject. Once you have
authentication set up with the proper keys... you can start adding new
keys to the specific interfaces. This will not break the
authentication, since authentication will always default to using the
youngest key that is common. The best thing to do is to enable
debugging for ospf and try adding keys, watching the behavior of the
"sending youngest key" output. Then, do a show ip ospf X interface to
verify the key being used. HTH.
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ming Ki Au
Sent: Saturday, November 11, 2006 1:46 AM
To: Darby Weaver
Cc: ccielab@groupstudy.com
Subject: Re: Fwd: OSPF area authentication
any sample configuration? I hope to obtain a worksable solution sample.
On 11/11/06, Darby Weaver <darbyweaver@yahoo.com> wrote:
>
> Hmmmm...
>
> Create more than one key...
>
> Starting and Ending lifetimes off the top of my head.
>
> You want to be careful not to break the authentication
> on one side while the keys are changing auth
> credentials...
>
> That should work.
>
> Off the top of my head.
>
> Correct me if I am in error or said it wrong.
>
> :)
>
> Later...
>
> --- Ming Ki Au <aurmkstr@gmail.com> wrote:
>
> > Dear all,
> >
> > Can anyone tell me what is the best practice to do
> > a key rotation with
> > minimum impact when I configure area authentication
> > within OSPF?
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART