RE: Going for R/S in 20 days, studying ISAKMP

From: John Gibson (johngibson1541@yahoo.com)
Date: Tue Jul 10 2007 - 17:40:48 ART

• Next message: johngibson1541@yahoo.com: "Is EGP obsolete ?"
• Previous message: John Gibson: "RE: BGP path selection process, confederation peer's AS numbers"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yeah, I knew I have to spend some time with ISAKMP
even if I am just doing R/S.

John

--- Antonio Soares <amsoares@netcabo.pt> wrote:

> OSPFv3 Authentication is very easy to configure:
>
> +++++++++++++++++++++++++++++++++++++++++++
> R4:
> !
> ipv6 unicast-routing
> !
> interface Loopback0
> ip address 4.4.4.4 255.255.255.0
> !
> interface Serial0/1
> no ip address
> ipv6 address 2001::4/64
> ipv6 ospf 1 area 0
> clock rate 64000
> !
> ipv6 router ospf 1
> router-id 4.4.4.4
> log-adjacency-changes
> area 0 authentication ipsec spi 4545 md5
> 0123456789ABCDEF0123456789ABCDEF
> !
> +++++++++++++++++++++++++++++++++++++++++++
> R5:
> !
> ipv6 unicast-routing
> !
> interface Loopback0
> ip address 5.5.5.5 255.255.255.0
> !
> interface Serial0/1
> no ip address
> ipv6 address 2001::5/64
> ipv6 ospf 1 area 0
> !
> ipv6 router ospf 1
> router-id 5.5.5.5
> log-adjacency-changes
> area 0 authentication ipsec spi 4545 md5
> 0123456789ABCDEF0123456789ABCDEF
> !
> +++++++++++++++++++++++++++++++++++++++++++
> R4#sh ipv6 ospf n
>
> Neighbor ID Pri State Dead Time
> Interface ID Interface
> 5.5.5.5 1 FULL/ - 00:00:31 6
> Serial0/1
> R4#
> +++++++++++++++++++++++++++++++++++++++++++
> R4#sh ipv6 ospf int s0/1
> Serial0/1 is up, line protocol is up
> Link Local Address FE80::213:19FF:FE38:5B20,
> Interface ID 6
> Area 0, Process ID 1, Instance ID 0, Router ID
> 4.4.4.4
> Network Type POINT_TO_POINT, Cost: 64
> MD5 Authentication (Area) SPI 4545, secure socket
> state UP (errors: 0)
> <----------------
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40,
> Wait 40, Retransmit 5
> Hello due in 00:00:00
> Index 1/1/1, flood queue length 0
> Next 0x0(0)/0x0(0)/0x0(0)
> Last flood scan length is 1, maximum is 1
> Last flood scan time is 0 msec, maximum is 0 msec
> Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 5.5.5.5
> Suppress hello for 0 neighbor(s)
> R4#
> +++++++++++++++++++++++++++++++++++++++++++
> R5#
> R5#sh ipv6 ospf n
>
> Neighbor ID Pri State Dead Time
> Interface ID Interface
> 4.4.4.4 1 FULL/ - 00:00:38 6
> Serial0/1
> R5#
> +++++++++++++++++++++++++++++++++++++++++++
> R5#sh ipv6 ospf int s0/1
> Serial0/1 is up, line protocol is up
> Link Local Address FE80::211:93FF:FEE6:91C0,
> Interface ID 6
> Area 0, Process ID 1, Instance ID 0, Router ID
> 5.5.5.5
> Network Type POINT_TO_POINT, Cost: 64
> MD5 Authentication (Area) SPI 4545, secure socket
> state UP (errors: 0)
> <----------------
> Transmit Delay is 1 sec, State POINT_TO_POINT,
> Timer intervals configured, Hello 10, Dead 40,
> Wait 40, Retransmit 5
> Hello due in 00:00:05
> Index 1/1/1, flood queue length 0
> Next 0x0(0)/0x0(0)/0x0(0)
> Last flood scan length is 1, maximum is 1
> Last flood scan time is 0 msec, maximum is 0 msec
> Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 4.4.4.4
> Suppress hello for 0 neighbor(s)
> R5#
> +++++++++++++++++++++++++++++++++++++++++++
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of John
> Gibson
> Sent: terga-feira, 10 de Julho de 2007 3:00
> To: eric_dobyns@yahoo.com; 'Narbik Kocharians'
> Cc: ccielab@groupstudy.com
> Subject: RE: Going for R/S in 20 days, studying
> ISAKMP
>
> No, I am doing ISAKMP for the TCP connection of the
> BGP peers.
>
> I heard OSPFv3 can use IPSec but I don't know how.
> I can only pray that doesn't show up.
>
> John
>
>
> --- Eric Dobyns <eric_dobyns@yahoo.com> wrote:
>
> > I think OSPFv3 can use IPSEC for authentication in
> IPv6, but somehow I
> > doubt that's what you were doing with ISAKMP.
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of John
> Gibson
> > Sent: Monday, July 09, 2007 3:37 PM
> > To: Narbik Kocharians
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Going for R/S in 20 days, studying
> ISAKMP
> >
> > I fixed my IPSec any ways. Now cranking out BGP
> aggregate routes.
> >
> > I am so surprised that locally generated BGP
> networks can be
> > aggregated locally and sent out.
> > Used to think only learned routes can be
> aggregated like that.
> >
> > If I get CCIE # this round, I must be the least
> qualified CCIE. Or
> > maybe not, this is just minor detail.
> >
> > John
> >
> >
> > --- Narbik Kocharians <narbikk@gmail.com> wrote:
> >
> > > ISAKMP is NOT part of R&S track.
> > >
> > > On 7/9/07, johngibson1541@yahoo.com
> > > <johngibson1541@yahoo.com> wrote:
> > > >
> > > > Have to go back to the right track soon. I set
> > > myself up in my lab for
> > > > loopback to loopback communication requiring
> > IPSec
> > > earlier. Now running
> > > > loopback to loopback TCP connection for eBGP.
> > > Stuck here a day
> > > > troubleshooting
> > > > ISAKMP. My spirit is deteriorating.
> > > >
> > > >
> > >
> >
>

• Next message: johngibson1541@yahoo.com: "Is EGP obsolete ?"
• Previous message: John Gibson: "RE: BGP path selection process, confederation peer's AS numbers"
• Maybe in reply to: johngibson1541@yahoo.com: "Going for R/S in 20 days, studying ISAKMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART