Re: OSPF AUTHENTICATION

From: Tandou Mohamed (dtandou@yahoo.com)
Date: Sun Mar 02 2008 - 18:26:46 ARST

• Next message: Scott Vermillion: "RE: Framerelay fragment map-class option"
• Previous message: dara tomar: "Re: BGP ttl-security"
• Maybe in reply to: Tandou Mohamed: "OSPF AUTHENTICATION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

GS,
  I think i am the one who created the confusion. i should have been more specific when i posted my question. i know virtual link is considered like an area 0. what i wanted to know if my virtual link is already authenticated it is ok to authenticate that area again ?
  Per Carlos it will depend on the question. if the question ask to authenticate area 0 then u do this :
   
  area 0 authentication message-digest
area 41 virtual-link 9.9.2.2 message-digest-key 1 md5 cisco
   
  if the question ask to authenticate all area then u do this :
   
  area 0 authentication message-digest
area 41 virtual-link 9.9.2.2 message-digest-key 1 md5 cisco
area 41 authentication message-digest
   
  Mohamed
  
dara tomar <wish2ie@gmail.com> wrote:
  Yup Yup,

Both are right in there own way, in what they are talking about!!!

Regards,
Dara

  On Mon, Mar 3, 2008 at 1:07 AM, shiran guez <shiranp3@gmail.com> wrote:
  probably simple misunderstanding :-)
    
  
On Sun, Mar 2, 2008 at 7:51 PM, Rik Guyler <rik@guyler.net> wrote:

> Shiran, I'm not sure what you mean here but I was saying that the virtual
> link is part of area 0 and should follow suit with the authentication method
> defined under the process. Since he configured area 0 to use MD5 under the
> process and the VL is part of area 0 then the VL will be required to use MD5
> authentication. I wasn't implying that all the routers in the area now need
> MD5 or whatever.
>
> Rik
>
> ------------------------------
> *From:* shiran guez [mailto:shiranp3@gmail.com]
> *Sent:* Sunday, March 02, 2008 11:06 AM
> *To:* Rik Guyler
> *Cc:* Tandou Mohamed; Cisco certification
> *Subject:* Re: OSPF AUTHENTICATION
>
> Rik
>
> That is not correct, there is a misconception that Area Authentication in
> OSPF is really for the entire Area, it is not.
> the Authentication is per link the type of the Authentication is per Area
> in Cisco but it is not a must requirement according to the RFC.
>
> you must specify in the configuration Authentication parameters on each
> link you want to authenticate other wise it is null authentication.
>
> 3 types of Authentication in OSPF
>
> null - the default what every one know as no authentication but actually
> it is so considered authentication
> simple - clear text authentication
> digest - the hash method in cisco using md5 but also according to the RFC
> you can select what you want to use as digest.
>
> Cisco OSPF Authentication
>
> when you want to authenticate a virtual link or any other interface you
> must specify it, there is no global command, the only thing that you can set
> global for an area under the router ospf is the method (null,simple,digest)
> but other then null you will need to specify on the interface or virtual
> link the key's (passwords you will use) so the global area authentication is
> the one that create the confusion
>
> On Sun, Mar 2, 2008 at 5:53 PM, Rik Guyler <rik@guyler.net> wrote:
>
> > A virtual link is considered part of area 0 so if you are running
> > authentication on the entire area or the lnk into area 0 then you do
> > need
> > the authentication.
> >
> > Rik
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Tandou Mohamed
> > Sent: Sunday, March 02, 2008 10:18 AM
> > To: Cisco certification
> > Subject: OSPF AUTHENTICATION
> >
> > Hello GS,
> > is this config below is ok? or don't need to configure area 41
> > authentication message-digest
> >
> > Thanks
> >
> > router ospf 1
> > router-id 150.150.6.6

> > log-adjacency-changes
> > area 0 authentication message-digest
> > area 41 authentication message-digest

> > area 41 virtual-link 9.9.2.2 message-digest-key 1 md5 cisco
    
> >
> > Mohamed
> >
> >
> >
> > ---------------------------------
> > Never miss a thing. Make Yahoo your homepage.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
>

--
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3

• Next message: Scott Vermillion: "RE: Framerelay fragment map-class option"
• Previous message: dara tomar: "Re: BGP ttl-security"
• Maybe in reply to: Tandou Mohamed: "OSPF AUTHENTICATION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART