RE: OSPF AUTHENTICATION

From: Rik Guyler (rik@guyler.net)
Date: Sun Mar 02 2008 - 15:51:46 ARST

• Next message: Hash Aminu: "Re: BGP ttl-security"
• Previous message: Brian Dennis: "Re: External Flash"
• Maybe in reply to: Tandou Mohamed: "OSPF AUTHENTICATION"
• Next in thread: shiran guez: "Re: OSPF AUTHENTICATION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shiran, I'm not sure what you mean here but I was saying that the virtual
link is part of area 0 and should follow suit with the authentication method
defined under the process. Since he configured area 0 to use MD5 under the
process and the VL is part of area 0 then the VL will be required to use MD5
authentication. I wasn't implying that all the routers in the area now need
MD5 or whatever.
 
Rik

  _____

From: shiran guez [mailto:shiranp3@gmail.com]
Sent: Sunday, March 02, 2008 11:06 AM
To: Rik Guyler
Cc: Tandou Mohamed; Cisco certification
Subject: Re: OSPF AUTHENTICATION

Rik
 
That is not correct, there is a misconception that Area Authentication in
OSPF is really for the entire Area, it is not.
the Authentication is per link the type of the Authentication is per Area in
Cisco but it is not a must requirement according to the RFC.
 
you must specify in the configuration Authentication parameters on each link
you want to authenticate other wise it is null authentication.
 
3 types of Authentication in OSPF
 
null - the default what every one know as no authentication but actually it
is so considered authentication
simple - clear text authentication
digest - the hash method in cisco using md5 but also according to the RFC
you can select what you want to use as digest.
 
Cisco OSPF Authentication
 
when you want to authenticate a virtual link or any other interface you must
specify it, there is no global command, the only thing that you can set
global for an area under the router ospf is the method (null,simple,digest)
but other then null you will need to specify on the interface or virtual
link the key's (passwords you will use) so the global area authentication is
the one that create the confusion

On Sun, Mar 2, 2008 at 5:53 PM, Rik Guyler <rik@guyler.net> wrote:

A virtual link is considered part of area 0 so if you are running
authentication on the entire area or the lnk into area 0 then you do need
the authentication.

Rik

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tandou Mohamed
Sent: Sunday, March 02, 2008 10:18 AM
To: Cisco certification
Subject: OSPF AUTHENTICATION

Hello GS,
 is this config below is ok? or don't need to configure area 41
authentication message-digest

 Thanks

 router ospf 1
 router-id 150.150.6.6 <http://150.150.6.6/>
 log-adjacency-changes
 area 0 authentication message-digest
 area 41 authentication message-digest
  area 41 virtual-link 9.9.2.2 <http://9.9.2.2/> message-digest-key 1 md5
cisco

 Mohamed

---------------------------------
Never miss a thing. Make Yahoo your homepage.

• Next message: Hash Aminu: "Re: BGP ttl-security"
• Previous message: Brian Dennis: "Re: External Flash"
• Maybe in reply to: Tandou Mohamed: "OSPF AUTHENTICATION"
• Next in thread: shiran guez: "Re: OSPF AUTHENTICATION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART