RE: OSPF Authentication : Best Practice

From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Mon Apr 02 2007 - 17:39:12 ART

• Next message: Gina Lopez: "shape peak command"
• Previous message: Todd, Douglas M.: "RE: loading image on router"
• Maybe in reply to: Marut S@MS@DCTH-BKK: "RE: OSPF Authentication : Best Practice"
• Next in thread: Rahmlow, Howard F.: "RE: OSPF Authentication : Best Practice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Marut:

ip ospf message-digest key is only for those interfaces trying to become
adjacent. The loopback is a stub interface (no neighbor connectivity via ospf)
thus applying the key will have no influence on the interface.

DMT

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Marut S@MS@DCTH-BKK
> Sent: Monday, April 02, 2007 7:21 AM
> To: Scott Morris; Jeff Mullan
> Cc: Cisco certification
> Subject: RE: OSPF Authentication : Best Practice
>
> Hi Scott,
>
> Even the stub is loopback interface? Do I have to put
> ip ospf message-digest key under loopback too :-)
>
>
> Best Regards,
> Marut Siriwangso
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Scott Morris
> Sent: Sunday, 18 March, 2007 8:27 PM
> To: 'Jeff Mullan'
> Cc: 'Cisco certification'
> Subject: RE: OSPF Authentication : Best Practice
>
> Everyone inside an area needs to have the authentication,
> otherwise, don't expect to have peers/routes! :)
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> #4713, JNCIE #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> IPexpert VP - Curriculum Development
> IPexpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
> _____
>
> From: Jeff Mullan [mailto:jmullan78@gmail.com]
> Sent: Sunday, March 18, 2007 4:35 AM
> To: swm@emanon.com
> Cc: Cisco certification
> Subject: Re: OSPF Authentication : Best Practice
>
>
> Thanks Scott !! Follow-up quesiton:
>
> Lets assume we have some thing like this :
>
> R1---R2 , both are OSPF adjacent routers say area 0. Also, on R2 we 2
> stub
> networks. Say, VLAN a and VLAN b both in area 0. Now, if we use the
> interface based authentication command, for area 0 , do we have to go
> ahead
> and enable authentication on vlan a and vlan b interfaces on R2 also ?
> If we
> just enable on R2s interface facing R1 we are still OK.
>
> What do yo think ?
> Thanks,
> -JM
>
>
> On 3/17/07, Scott Morris <swm@emanon.com> wrote:
>
> On the exam do whatever you want, as long as the exam doesn't give you
> specifics.
>
> The "area # authentication" is a Cisco shortcut to enable
> authentication
> on
> each interface in a particular area. You have to put the key on the
> interface, so whether you do both there or not is really a personal
> choice.
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE
> #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> IPexpert VP - Curriculum Development
> IPexpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of
> Jeff
>
> Mullan
> Sent: Saturday, March 17, 2007 4:55 AM
> To: Cisco certification
> Subject: OSPF Authentication : Best Practice
>
> Folks, Seeking recommendation from exam point-of-view. For OSPF
> authentication, if the task doesnt mention where to bind the
> authentication
> what would be the best practice ? Ideally, I like to do it on the
> interface,
> it gives me more visibility into whats going on and where !!
> Just wanted
> your thoughts ? How would you folks do it in the exam ?
> Thanks,
> -JM
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **************************************************************
> **************
> This email and all contents are subject to the following disclaimer:
>
> http://www.datacraft-asia.com/disclaimer
> **************************************************************
> **************
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.

• Next message: Gina Lopez: "shape peak command"
• Previous message: Todd, Douglas M.: "RE: loading image on router"
• Maybe in reply to: Marut S@MS@DCTH-BKK: "RE: OSPF Authentication : Best Practice"
• Next in thread: Rahmlow, Howard F.: "RE: OSPF Authentication : Best Practice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART