From: Fahad Khan (fahad.khan@gmail.com)
Date: Wed Oct 22 2008 - 02:42:13 ARST
Thats correct hobbs, now the question is if the question says just to enable
authentication for particular area and doesn't shed light on
message-digest-key, then according to my opinion, we dont have to configure
"key".
"area 0 authentication message-digest" command will do the task (In this
case im not talking about any virtual link)
Correct me if I am wrong.
regards,
On 10/22/08, Hobbs <deadheadblues@gmail.com> wrote:
>
> You can enable authentication without the area authentication command. I
> just tried it. I am not using IE, just my own lab:
>
> R2#show run | sec router ospf
> router ospf 1
> log-adjacency-changes
> area 1 virtual-link 3.3.3.3 authentication message-digest
> area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
> network 172.12.25.0 0.0.0.255 area 0
> network 172.12.123.0 0.0.0.255 area 1
>
> R2#show ip ospf virtual-links | inc au
> Message digest authentication enabled
> R2#
>
> Notice there is 2 commands, one where you enable authentication type, and
> the other with the key. Just like when you do it for interfaces. The type
> is
> message-digest verified with the show command.
>
> On Tue, Oct 21, 2008 at 3:38 PM, Jonny English <redkidneybeans@gmail.com
> >wrote:
>
> > yes you do need the area 0 authentication message-digest. Have a look at
> a
> > diagram of say IE lab 6. Look at how the OSPF is set up. Where do you use
> > your virtual-links? what are they used for? Think about these questions
> and
> > you will see you need them.
> >
> > Things break otherwise. Do it without the area 0 authentication
> > message-digest and do a show ip ospf nei, and you will see....
> >
> >
> >
> > On Wed, Oct 22, 2008 at 6:55 AM, Hobbs <deadheadblues@gmail.com> wrote:
> >
> >> Do you really need "area 0 authentication message-digest" ? I thought
> this
> >> just makes it easier to enable authentication on all your are 0 links.
> You
> >> can just manually do it in the VL...
> >>
> >>
> >> On Tue, Oct 21, 2008 at 4:09 AM, Jonny English <
> redkidneybeans@gmail.com>wrote:
> >>
> >>> you need the "area 0 authentication message-digest" on routers that
> have
> >>> a
> >>> virtual-link as well, because they are "virtually" connected to area 0.
> >>>
> >>> On Tue, Oct 21, 2008 at 10:00 PM, stephen skinner <
> stephenski@gmail.com
> >>> >wrote:
> >>>
> >>> > hello Omkar
> >>> >
> >>> > thanks for your answer ,
> >>> >
> >>> > what do think about adding the "area 0 authentication message-digest"
> >>> > command on R1 ,
> >>> >
> >>> > i suppose because i have put the above command on the Area 0 routers
> i
> >>> > should put it on R1 as well, even though it didnt seem to need it??
> >>> >
> >>> > any thoughts
> >>> >
> >>> > cheers
> >>> > On Tue, Oct 21, 2008 at 1:56 PM, Omkar Tambalkar <
> >>> > omkar.groupstudy@gmail.com
> >>> > > wrote:
> >>> >
> >>> > > You would configure the authentication on virtual link between R1
> and
> >>> R2
> >>> > > beause area 0 is being extended to R1 via that virtual link. So it
> >>> will
> >>> > be
> >>> > > On R1: area 5 virtual-link [router-id of R2] authentication
> >>> > message-digest
> >>> > > message-digest-key md5 xxxx
> >>> > > On R2: area 5 virtual-link [router-id of R1] authentication
> >>> > message-digest
> >>> > > message-digest-key md5 xxxx
> >>> > >
> >>> > > I think its tricky because the authentication task was asked before
> >>> > > creating the virtual link. So you are extending area 0 after
> >>> configuring
> >>> > the
> >>> > > authentication. If you dont configure authentication on the virtual
> >>> link
> >>> > > then the routes from the area 2 will not propogate to area 0.
> >>> > >
> >>> > > HTH,
> >>> > > -Later
> >>> > > Omkar
> >>> > >
> >>> > > On Mon, Oct 20, 2008 at 10:24 PM, stephen skinner <
> >>> stephenski@gmail.com
> >>> > >wrote:
> >>> > >
> >>> > >> hello,
> >>> > >>
> >>> > >> i have the following questions i am not to sure about ,
> >>> > >>
> >>> > >> could someone please help
> >>> > >>
> >>> > >> Area 2 ----Area 5 ------Area 0
> >>> > >> R1 R1-R2 R2-R3
> >>> > >> 0/0 0/1 0/0 0/1 0/0 (all ethernets)
> >>> > >>
> >>> > >> Senario
> >>> > >> configure OSPF strongest authentication for area 0 by using the
> >>> "area 0
> >>> > >> authentication message-digest" command
> >>> > >>
> >>> > >> Connect area 2 to the main ospf network , Do not use tunnels ( use
> >>> the
> >>> > >> "area
> >>> > >> x virtual link" command)
> >>> > >>
> >>> > >> my question is ,
> >>> > >>
> >>> > >> If i am in the Lab and i have added the "area 0 authentication
> >>> > >> message-digest" to R2 and R3 ..
> >>> > >>
> >>> > >> do i need to add the command "area 0 authentication
> message-digest"
> >>> to
> >>> > my
> >>> > >> router R1 , thats in Area 2 ??
> >>> > >>
> >>> > >> i have configed it up , without the above command in R1 , and it
> >>> works
> >>> > >> fine.
> >>> > >>
> >>> > >> i am just wondering what people think is " best practise"
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >> Another question
> >>> > >>
> >>> > >> when trying this out , i found i had to type all the information
> on
> >>> one
> >>> > >> line
> >>> > >> , even thought the IOS puts these commands on two lines.
> >>> > >>
> >>> > >> i am not going mad am i ???? ,
> >>> > >> not much sleep this week ..
> >>> > >>
> >>> > >> TIA
> >>> > >>
> >>> > >> MD5
> >>> > >> (i typed )
> >>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
> >>> > >> message-digest-key
> >>> > >> 1 md5 CISCO
> >>> > >> (IOS Showed)
> >>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
> >>> > >> area 2 virtual-link 2.2.2.2 message-digest-key 1 md5 CISCO
> >>> > >>
> >>> > >> --
> >>> > >> Only two things are infinite, the universe and human stupidity,
> and
> >>> I'm
> >>> > >> not
> >>> > >> sure about the former.
> >>> > >>
> >>> > >>
> >>> > >> Blogs and organic groups at http://www.ccie.net
> >>> > >>
> >>> > >>
> >>> _______________________________________________________________________
> >>> > >> Subscription information may be found at:
> >>> > >> http://www.groupstudy.com/list/CCIELab.html
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >
> >>> >
> >>> >
> >>> > --
> >>> > Only two things are infinite, the universe and human stupidity, and
> I'm
> >>> not
> >>> > sure about the former.
> >>> >
> >>> >
> >>> > Blogs and organic groups at http://www.ccie.net
> >>> >
> >>> >
> _______________________________________________________________________
> >>> > Subscription information may be found at:
> >>> > http://www.groupstudy.com/list/CCIELab.html
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>>
> >>>
> >>> --
> >>> Thank You,
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> > --
> > Thank You,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Fahad KhanBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST