Re: OSPF Authentication

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Mon Feb 19 2007 - 15:32:09 ART

• Next message: M S: "Re: term server"
• Previous message: Brad Ellis: "Re: term server"
• Maybe in reply to: deji500@hotmail.com: "OSPF Authentication"
• Next in thread: Brian McGahan: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There are two ways to "enable" authentication. The first is to enable it for
all interfaces within an area using the "area X authentication" or "area X
authentication message-digest" router process commands. The second method
is to enable it on a per interface basis using the "ip ospf authentication",
"ip ospf authentication message-digest" or "ip ospf authentication null"
interface level commands. These commands override the authentication method
configured under the routing processes for the particular interface. Also
these interface level commands are exactly the same for a virtual link
expect that the "ip ospf" part is replaced with "area X virtual-link
X.X.X.X".

Lastly to be 100% correct my first sentence isn't exactly true. OSPF
authentication is enabled by default but it's null authentication (type 0)
;-)

-- 
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
On 2/19/07 8:56 AM, "deji500@hotmail.com" <deji500@hotmail.com> wrote:
> Hi GS
> 
> I just need some clarification with virtual links authentication with regards
> to this lab task (IEWB Ver 3 Lab 6 Task 4.5).
> When using MD5 authentication in OSPF Area 0 and there are virtual links
> between Area 0 ABRs and ABR's of other areas, is it compulsory to use the
> following two commands or the first command is sufficient:
> 
> 1. area 23 virtual-link 1.2.3.4 message-digest-key 1 md5 CISCO
> 2. area 23 virtual-link 1.2.3.4 authentication message-digest
> 
> I did not use the second command but the routers are authenticated and I can
> see the message 'Message digest authentication enabled' under the sh ip ospf
> virtual-links command.
> 
> Please note that there is an OSPF routing process command area 0
> authentication message-digest also configured.
> 
> 
> Thanks for any input
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: M S: "Re: term server"
• Previous message: Brad Ellis: "Re: term server"
• Maybe in reply to: deji500@hotmail.com: "OSPF Authentication"
• Next in thread: Brian McGahan: "RE: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART