RE: OSPF Authentication

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Feb 19 2007 - 15:53:25 ART

• Next message: Ivan: "Re: chap auth over frame relay"
• Previous message: joshua lauer: "Re: OT: Bachelors degree in Computer Networking"
• Maybe in reply to: deji500@hotmail.com: "OSPF Authentication"
• Next in thread: wilson@wilsonch.gotdns.com: "Re: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        "area 0 authentication message-digest" means to enable MD5
authentication on all interfaces in area 0. "area 23 virtual-link
1.2.3.4 authentication message-digest" means to enable MD5
authentication on the logical virtual-link interface. Since the
virtual-link is already in area 0 (it is a logical area 0 interface)
enabling authentication on all interfaces in area 0 implicitly enables
it on the virtual-link.

        It's not "wrong" to use both commands, it's just redundant. You
can however use the virtual-link interface config to override what's
going on in the area. For example:

MD5 on virtual-link, clear text on all others:
area 0 authentication
area 23 virtual-link 1.2.3.4 authentication message-digest

Clear text on virtual-link, MD5 on all others:
area 0 authentication message-digest
area 23 virtual-link 1.2.3.4 authentication

No authentication on virtual-link, MD5 on all others:
area 0 authentication message-digest
area 23 virtual-link 1.2.3.4 authentication null

HTH,

Brian McGahan, CCIE #8593 (R&S/SP)
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
deji500@hotmail.com
Sent: Monday, February 19, 2007 10:56 AM
To: ccielab@groupstudy.com
Subject: OSPF Authentication

Hi GS

I just need some clarification with virtual links authentication with
regards to this lab task (IEWB Ver 3 Lab 6 Task 4.5).
When using MD5 authentication in OSPF Area 0 and there are virtual links
between Area 0 ABRs and ABR's of other areas, is it compulsory to use
the following two commands or the first command is sufficient:

1. area 23 virtual-link 1.2.3.4 message-digest-key 1 md5 CISCO
2. area 23 virtual-link 1.2.3.4 authentication message-digest

I did not use the second command but the routers are authenticated and I
can see the message 'Message digest authentication enabled' under the sh
ip ospf virtual-links command.

Please note that there is an OSPF routing process command area 0
authentication message-digest also configured.

Thanks for any input

• Next message: Ivan: "Re: chap auth over frame relay"
• Previous message: joshua lauer: "Re: OT: Bachelors degree in Computer Networking"
• Maybe in reply to: deji500@hotmail.com: "OSPF Authentication"
• Next in thread: wilson@wilsonch.gotdns.com: "Re: OSPF Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART