From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Mon Sep 10 2007 - 14:27:17 ART
Hi Brian,
I notice that just specifying MD5 authentication (whether at router config
mode or interface config mode) without specifying the key, both routers are
still able to form adjacency. I understand they use the default key (key id
0).
Is this a Cisco-specific key or it's part of the RFC? Without explicitly
setting a key, it seems easy to introduce a "rogue" OSPF router into the
network. I may be missing something. Kindly advise.
Thank you.
B.Rgds,
Lim TS
On 9/11/07, Brian Dennis <bdennis@internetworkexpert.com> wrote:
>
> Do the other routers have the "area 0 authentication message-digest"
> command applied?
>
> Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
> bdennis@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
>
> >----- Original Message -----
> Subject: When is "area 23 virtual-link 150.1.2.2 authentication
> message-digest" needed
> Date: Mon, September 10, 2007 9:32
> From: "ISolveSystems" <support@isolvesystems.com>
>
> > I have configured virtual-link md5 auth on a few neighbors. One of them
> > won't become adjacent without "area 23 virtual-link 150.1.2.2
> authentication
> > message-digest". Any idea why?
> >
> > area 23 virtual-link 150.1.2.2 authentication message-digest
> > area 23 virtual-link 150.1.2.2 message-digest-key 1 md5 CISCO
> >
> > Thanks.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART