From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Wed Oct 22 2008 - 03:12:20 ARST
I think Fahad is correct
If the question says just to enbale authentication type 1 / type 2
.... just enable that .. no need of assuming and putting up the key
Hence I would say :
area 0 authentication message-digest
PLUS
area 1 virtual-link 1.1.1.1 authentication message-digest
are ok for this task
Gaurav Madan.
On Wed, Oct 22, 2008 at 10:12 AM, Fahad Khan <fahad.khan@gmail.com> wrote:
> Thats correct hobbs, now the question is if the question says just to enable
> authentication for particular area and doesn't shed light on
> message-digest-key, then according to my opinion, we dont have to configure
> "key".
>
> "area 0 authentication message-digest" command will do the task (In this
> case im not talking about any virtual link)
>
> Correct me if I am wrong.
>
> regards,
>
>
> On 10/22/08, Hobbs <deadheadblues@gmail.com> wrote:
>>
>> You can enable authentication without the area authentication command. I
>> just tried it. I am not using IE, just my own lab:
>>
>> R2#show run | sec router ospf
>> router ospf 1
>> log-adjacency-changes
>> area 1 virtual-link 3.3.3.3 authentication message-digest
>> area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
>> network 172.12.25.0 0.0.0.255 area 0
>> network 172.12.123.0 0.0.0.255 area 1
>>
>> R2#show ip ospf virtual-links | inc au
>> Message digest authentication enabled
>> R2#
>>
>> Notice there is 2 commands, one where you enable authentication type, and
>> the other with the key. Just like when you do it for interfaces. The type
>> is
>> message-digest verified with the show command.
>>
>> On Tue, Oct 21, 2008 at 3:38 PM, Jonny English <redkidneybeans@gmail.com
>> >wrote:
>>
>> > yes you do need the area 0 authentication message-digest. Have a look at
>> a
>> > diagram of say IE lab 6. Look at how the OSPF is set up. Where do you use
>> > your virtual-links? what are they used for? Think about these questions
>> and
>> > you will see you need them.
>> >
>> > Things break otherwise. Do it without the area 0 authentication
>> > message-digest and do a show ip ospf nei, and you will see....
>> >
>> >
>> >
>> > On Wed, Oct 22, 2008 at 6:55 AM, Hobbs <deadheadblues@gmail.com> wrote:
>> >
>> >> Do you really need "area 0 authentication message-digest" ? I thought
>> this
>> >> just makes it easier to enable authentication on all your are 0 links.
>> You
>> >> can just manually do it in the VL...
>> >>
>> >>
>> >> On Tue, Oct 21, 2008 at 4:09 AM, Jonny English <
>> redkidneybeans@gmail.com>wrote:
>> >>
>> >>> you need the "area 0 authentication message-digest" on routers that
>> have
>> >>> a
>> >>> virtual-link as well, because they are "virtually" connected to area 0.
>> >>>
>> >>> On Tue, Oct 21, 2008 at 10:00 PM, stephen skinner <
>> stephenski@gmail.com
>> >>> >wrote:
>> >>>
>> >>> > hello Omkar
>> >>> >
>> >>> > thanks for your answer ,
>> >>> >
>> >>> > what do think about adding the "area 0 authentication message-digest"
>> >>> > command on R1 ,
>> >>> >
>> >>> > i suppose because i have put the above command on the Area 0 routers
>> i
>> >>> > should put it on R1 as well, even though it didnt seem to need it??
>> >>> >
>> >>> > any thoughts
>> >>> >
>> >>> > cheers
>> >>> > On Tue, Oct 21, 2008 at 1:56 PM, Omkar Tambalkar <
>> >>> > omkar.groupstudy@gmail.com
>> >>> > > wrote:
>> >>> >
>> >>> > > You would configure the authentication on virtual link between R1
>> and
>> >>> R2
>> >>> > > beause area 0 is being extended to R1 via that virtual link. So it
>> >>> will
>> >>> > be
>> >>> > > On R1: area 5 virtual-link [router-id of R2] authentication
>> >>> > message-digest
>> >>> > > message-digest-key md5 xxxx
>> >>> > > On R2: area 5 virtual-link [router-id of R1] authentication
>> >>> > message-digest
>> >>> > > message-digest-key md5 xxxx
>> >>> > >
>> >>> > > I think its tricky because the authentication task was asked before
>> >>> > > creating the virtual link. So you are extending area 0 after
>> >>> configuring
>> >>> > the
>> >>> > > authentication. If you dont configure authentication on the virtual
>> >>> link
>> >>> > > then the routes from the area 2 will not propogate to area 0.
>> >>> > >
>> >>> > > HTH,
>> >>> > > -Later
>> >>> > > Omkar
>> >>> > >
>> >>> > > On Mon, Oct 20, 2008 at 10:24 PM, stephen skinner <
>> >>> stephenski@gmail.com
>> >>> > >wrote:
>> >>> > >
>> >>> > >> hello,
>> >>> > >>
>> >>> > >> i have the following questions i am not to sure about ,
>> >>> > >>
>> >>> > >> could someone please help
>> >>> > >>
>> >>> > >> Area 2 ----Area 5 ------Area 0
>> >>> > >> R1 R1-R2 R2-R3
>> >>> > >> 0/0 0/1 0/0 0/1 0/0 (all ethernets)
>> >>> > >>
>> >>> > >> Senario
>> >>> > >> configure OSPF strongest authentication for area 0 by using the
>> >>> "area 0
>> >>> > >> authentication message-digest" command
>> >>> > >>
>> >>> > >> Connect area 2 to the main ospf network , Do not use tunnels ( use
>> >>> the
>> >>> > >> "area
>> >>> > >> x virtual link" command)
>> >>> > >>
>> >>> > >> my question is ,
>> >>> > >>
>> >>> > >> If i am in the Lab and i have added the "area 0 authentication
>> >>> > >> message-digest" to R2 and R3 ..
>> >>> > >>
>> >>> > >> do i need to add the command "area 0 authentication
>> message-digest"
>> >>> to
>> >>> > my
>> >>> > >> router R1 , thats in Area 2 ??
>> >>> > >>
>> >>> > >> i have configed it up , without the above command in R1 , and it
>> >>> works
>> >>> > >> fine.
>> >>> > >>
>> >>> > >> i am just wondering what people think is " best practise"
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >> Another question
>> >>> > >>
>> >>> > >> when trying this out , i found i had to type all the information
>> on
>> >>> one
>> >>> > >> line
>> >>> > >> , even thought the IOS puts these commands on two lines.
>> >>> > >>
>> >>> > >> i am not going mad am i ???? ,
>> >>> > >> not much sleep this week ..
>> >>> > >>
>> >>> > >> TIA
>> >>> > >>
>> >>> > >> MD5
>> >>> > >> (i typed )
>> >>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
>> >>> > >> message-digest-key
>> >>> > >> 1 md5 CISCO
>> >>> > >> (IOS Showed)
>> >>> > >> area 2 virtual-link 2.2.2.2 authentication message-digest
>> >>> > >> area 2 virtual-link 2.2.2.2 message-digest-key 1 md5 CISCO
>> >>> > >>
>> >>> > >> --
>> >>> > >> Only two things are infinite, the universe and human stupidity,
>> and
>> >>> I'm
>> >>> > >> not
>> >>> > >> sure about the former.
>> >>> > >>
>> >>> > >>
>> >>> > >> Blogs and organic groups at http://www.ccie.net
>> >>> > >>
>> >>> > >>
>> >>> _______________________________________________________________________
>> >>> > >> Subscription information may be found at:
>> >>> > >> http://www.groupstudy.com/list/CCIELab.html
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >>
>> >>> > >
>> >>> >
>> >>> >
>> >>> > --
>> >>> > Only two things are infinite, the universe and human stupidity, and
>> I'm
>> >>> not
>> >>> > sure about the former.
>> >>> >
>> >>> >
>> >>> > Blogs and organic groups at http://www.ccie.net
>> >>> >
>> >>> >
>> _______________________________________________________________________
>> >>> > Subscription information may be found at:
>> >>> > http://www.groupstudy.com/list/CCIELab.html
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>>
>> >>>
>> >>> --
>> >>> Thank You,
>> >>>
>> >>>
>> >>> Blogs and organic groups at http://www.ccie.net
>> >>>
>> >>> _______________________________________________________________________
>> >>> Subscription information may be found at:
>> >>> http://www.groupstudy.com/list/CCIELab.html
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>
>> >
>> >
>> > --
>> > Thank You,
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Fahad Khan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST