RE: OSPF authentication

From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Mon Apr 23 2007 - 02:11:57 ART

• Next message: Darby Weaver: "Re: 3620 image problem"
• Previous message: Edward Norton: "3620 image problem"
• Maybe in reply to: Jason Carpenter: "OSPF authentication"
• Next in thread: Darby Weaver: "RE: OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jason,

http://www.faqs.org/rfcs/rfc2328.html

D. Authentication

All OSPF protocol exchanges are authenticated. The OSPF packet
header (see Section A.3.1) includes an authentication type field,
and 64-bits of data for use by the appropriate authentication scheme
(determined by the type field).

The authentication type is configurable on a per-interface (or
equivalently, on a per-network/subnet) basis. --- seems that in Cisco
implementation this is using the routing process --- Additional
authentication data is also configurable on a per-interface basis -- ip ospf
authentication command under the interface running OSPF :) ..

Authentication types 0, 1 and 2 are defined by this specification.
All other authentication types are reserved for definition by the
IANA (iana@ISI.EDU). The current list of authentication types is
described below in Table 20.

                  AuType Description
                  ___________________________________________
                  0 Null authentication
                  1 Simple password
                  2 Cryptographic authentication
                  All others Reserved for assignment by the
                               IANA (iana@ISI.EDU)

in the Message generation D.4 After building the contents of an OSPF packet,
the authentication procedure indicated by the sending interface's Autype value
is called before the packet is sent. The authentication procedure modifies
the OSPF packet as follows.

        D.4.1 Generating Null authentication

            When using Null authentication, the packet is modified as
            follows:

            (1) The Autype field in the standard OSPF header is set to
                0.

Hope this helps

Just my 2 cents more

thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012

-----Original Message-----
From: nobody@groupstudy.com on behalf of Jason Carpenter
Sent: Sun 4/22/2007 12:12
To: ccielab@groupstudy.com
Subject: OSPF authentication

Will this result in OSPF authentication with a MD5 hash of password CISCO

router ospf 1
area 0 authentication

int s0/0
ip ospf authentication message-digest
ip ospf authentication-key CISCO

when I run sh ip ospf int s0/0
it says message-digest authentication enabled
no key configured, using default key id 0

as long as the question does not specify a key number, (for example
key 1) would this result in md5 authentication with the password
CISCO?

Thanks

• Next message: Darby Weaver: "Re: 3620 image problem"
• Previous message: Edward Norton: "3620 image problem"
• Maybe in reply to: Jason Carpenter: "OSPF authentication"
• Next in thread: Darby Weaver: "RE: OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:37 ART