From: Scott Morris (smorris@internetworkexpert.com)
Date: Wed Jul 16 2008 - 16:46:47 ART
So in other words, what you are saying is that all solutions we do (lab or
real life) should be viewed and tested rather than assuming they always
work.
;)
_____
From: Alexey Tolstenok [mailto:alextols@gmail.com]
Sent: Wednesday, July 16, 2008 3:34 PM
To: smorris@internetworkexpert.com
Cc: Narbik Kocharians; Jason Madsen; Petr Lapukhov; Igor Manassypov; GS
CCIE-Lab
Subject: Re: rip passive int with neighbor command
Hi Scott,
Obviously when you are doing md5 auth with different key-ids and same
password - it shouldn't work. But I suppose you agree when it somehow works
under strange conditions this semi-feature shouldn't be considered as a
reliable solution cause you can easily loose points (on CCIE lab) or money
(in ISP network)
2008/7/16 Scott Morris <smorris@internetworkexpert.com>:
Are you doing MD5? If so, according to RFC 2082, section 3.1 the key
number absolutely is exchanged!
If using plain text, according to RFC 2453, section 4.1 there is no entry
for key-id. Simply a 16-byte password.
Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
Senior CCIE Instructor
smorris@internetworkexpert.com
-- Alexey Tolstenok CCIEx2 (R&S, SP) #17405, JNCIE-M #313, CCSI#31737
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART