RE: OSPF Authentication : Best Practice

From: Marut S@MS@DCTH-BKK (S@MS@DCTH-BKK)
Date: Mon Apr 02 2007 - 08:21:11 ART

• Next message: Ronnie Angello: "Re: trouble understanding L2 protocol tunneling"
• Previous message: Muhammad Nasim: "Re: CCIE Security COD's"
• Next in thread: Todd, Douglas M.: "RE: OSPF Authentication : Best Practice"
• Maybe reply: Todd, Douglas M.: "RE: OSPF Authentication : Best Practice"
• Maybe reply: Rahmlow, Howard F.: "RE: OSPF Authentication : Best Practice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Scott,

        Even the stub is loopback interface? Do I have to put ip ospf
message-digest key under loopback too :-)

        
Best Regards,
Marut Siriwangso

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Sunday, 18 March, 2007 8:27 PM
To: 'Jeff Mullan'
Cc: 'Cisco certification'
Subject: RE: OSPF Authentication : Best Practice

Everyone inside an area needs to have the authentication, otherwise,
don't
expect to have peers/routes! :)
 
 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 

  _____

From: Jeff Mullan [mailto:jmullan78@gmail.com]
Sent: Sunday, March 18, 2007 4:35 AM
To: swm@emanon.com
Cc: Cisco certification
Subject: Re: OSPF Authentication : Best Practice

Thanks Scott !! Follow-up quesiton:
 
Lets assume we have some thing like this :
 
R1---R2 , both are OSPF adjacent routers say area 0. Also, on R2 we 2
stub
networks. Say, VLAN a and VLAN b both in area 0. Now, if we use the
interface based authentication command, for area 0 , do we have to go
ahead
and enable authentication on vlan a and vlan b interfaces on R2 also ?
If we
just enable on R2s interface facing R1 we are still OK.
 
What do yo think ?
Thanks,
-JM

 
On 3/17/07, Scott Morris <swm@emanon.com> wrote:

On the exam do whatever you want, as long as the exam doesn't give you
specifics.

The "area # authentication" is a Cisco shortcut to enable authentication
on
each interface in a particular area. You have to put the key on the
interface, so whether you do both there or not is really a personal
choice.

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jeff

Mullan
Sent: Saturday, March 17, 2007 4:55 AM
To: Cisco certification
Subject: OSPF Authentication : Best Practice

Folks, Seeking recommendation from exam point-of-view. For OSPF
authentication, if the task doesnt mention where to bind the
authentication
what would be the best practice ? Ideally, I like to do it on the
interface,
it gives me more visibility into whats going on and where !! Just wanted
your thoughts ? How would you folks do it in the exam ?
Thanks,
-JM

• Next message: Ronnie Angello: "Re: trouble understanding L2 protocol tunneling"
• Previous message: Muhammad Nasim: "Re: CCIE Security COD's"
• Next in thread: Todd, Douglas M.: "RE: OSPF Authentication : Best Practice"
• Maybe reply: Todd, Douglas M.: "RE: OSPF Authentication : Best Practice"
• Maybe reply: Rahmlow, Howard F.: "RE: OSPF Authentication : Best Practice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART