From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Mon Apr 23 2007 - 02:39:36 ART
Like this...
Router(config-if)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.1 1 FULL/DR 00:00:38 1.2.12.1
FastEthernet0/1
1.2.12.1 1 FULL/DR 00:00:33 1.1.12.1
FastEthernet0/0
Router(config-if)#do show ip ospf inter
FastEthernet0/1 is up, line protocol is up
Internet Address 1.2.12.2/24, Area 0
Process ID 1, Router ID 1.2.12.2, Network Type BROADCAST, Cost: 1
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 1.2.12.1, Interface address 1.2.12.1
Backup Designated router (ID) 1.2.12.2, Interface address 1.2.12.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:07
Supports Link-local Signaling (LLS)
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.2.12.1 (Designated Router)
Suppress hello for 0 neighbor(s)
FastEthernet0/0 is up, line protocol is up
Internet Address 1.1.12.2/24, Area 0
Process ID 1, Router ID 1.2.12.2, Network Type BROADCAST, Cost: 1
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 1.2.12.1, Interface address 1.1.12.1
Backup Designated router (ID) 1.2.12.2, Interface address 1.1.12.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:07
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.2.12.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
Router(config-if)#
rack11>1
[Resuming connection 1 to R1 ... ]
*Apr 23 05:39:34.262: %OSPF-5-ADJCHG: Process 1, Nbr 1.2.12.2 on
FastEthernet0/0 from LOADING to FULL, Loading Done
R1(config-if)#
R1(config-if)#router ospf 1
R1(config-router)#area 0 authentication message
R1(config-router)#do clear ip ospf pro
Reset ALL OSPF processes? [no]: yes
R1(config-router)#do show ip os
*Apr 23 05:40:43.950: %OSPF-5-ADJCHG: Process 1, Nbr 1.2.12.2 on
FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 23 05:40:43.950: %OSPF-5-ADJCHG: Process 1, Nbr 1.2.12.2 on
FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 23 05:40:44.114: %OSPF-5-ADJCHG: Process 1, Nbr 1.2.12.2 on
FastEthernet0/0 from LOADING to FULL, Loading Donepf
R1(config-router)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:37 1.1.12.2
FastEthernet0/0
R1(config-router)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:38 1.1.12.2
FastEthernet0/0
R1(config-router)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:37 1.1.12.2
FastEthernet0/0
R1(config-router)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:36 1.1.12.2
FastEthernet0/0
R1(config-router)#do show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:39 1.2.12.2
FastEthernet0/1
1.2.12.2 1 FULL/DR 00:00:39 1.1.12.2
FastEthernet0/0
R1(config-router)#
*Apr 23 05:40:52.910: %OSPF-5-ADJCHG: Process 1, Nbr 1.2.12.2 on
FastEthernet0/1 from LOADING to FULL, Loading Donedo show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
1.2.12.2 1 FULL/DR 00:00:39 1.2.12.2
FastEthernet0/1
1.2.12.2 1 FULL/DR 00:00:38 1.1.12.2
FastEthernet0/0
R1(config-router)#
HTH
thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012
-----Original Message-----
From: Narbik Kocharians [mailto:narbikk@gmail.com]
Sent: Sun 4/22/2007 22:28
To: Victor Cappuccio
Cc: Jason Carpenter; ccielab@groupstudy.com
Subject: Re: OSPF authentication [html-rem]
How is that related to "area authentication" and per interface
authentication?
On 4/22/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
>
> Hi Jason,
>
> http://www.faqs.org/rfcs/rfc2328.html
>
> D. Authentication
>
> All OSPF protocol exchanges are authenticated. The OSPF packet
> header (see Section A.3.1) includes an authentication type field,
> and 64-bits of data for use by the appropriate authentication scheme
> (determined by the type field).
>
> The authentication type is configurable on a per-interface (or
> equivalently, on a per-network/subnet) basis. --- seems that in Cisco
> implementation this is using the routing process --- Additional
> authentication data is also configurable on a per-interface basis -- ip
> ospf
> authentication command under the interface running OSPF :) ..
>
> Authentication types 0, 1 and 2 are defined by this specification.
> All other authentication types are reserved for definition by the
> IANA (iana@ISI.EDU). The current list of authentication types is
> described below in Table 20.
>
> AuType Description
> ___________________________________________
> 0 Null authentication
> 1 Simple password
> 2 Cryptographic authentication
> All others Reserved for assignment by the
> IANA (iana@ISI.EDU)
>
>
>
> in the Message generation D.4 After building the contents of an OSPF
> packet,
> the authentication procedure indicated by the sending interface's Autype
> value
> is called before the packet is sent. The authentication procedure
> modifies
> the OSPF packet as follows.
>
> D.4.1 Generating Null authentication
>
> When using Null authentication, the packet is modified as
> follows:
>
> (1) The Autype field in the standard OSPF header is set to
> 0.
>
> Hope this helps
>
> Just my 2 cents more
>
> thanks,
> Victor Cappuccio.-
> Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
> Cisco Learning credits!
> victor@ccbootcamp.com
> http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
> Voice: 702-968-5100
> FAX: 702-446-8012
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of Jason Carpenter
> Sent: Sun 4/22/2007 12:12
> To: ccielab@groupstudy.com
> Subject: OSPF authentication
>
> Will this result in OSPF authentication with a MD5 hash of password CISCO
>
> router ospf 1
> area 0 authentication
>
> int s0/0
> ip ospf authentication message-digest
> ip ospf authentication-key CISCO
>
> when I run sh ip ospf int s0/0
> it says message-digest authentication enabled
> no key configured, using default key id 0
>
> as long as the question does not specify a key number, (for example
> key 1) would this result in md5 authentication with the password
> CISCO?
>
> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Narbik Kocharians CCIE# 12410 (R&S, SP, Security) CCSI# 30832 Network Learning, Inc. (CCIE class Instructor) www.ccbootcamp.com (CCIE Training)
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:37 ART