Re: OSPF Authentication Methods - (3)

The thing is... it's even a little bit more complicated than that :-).
There are 3 authentication types, but there are more possibilities
than only three.

- NULL Authentication (Type 0)
- Text Authentication (Type 1) with password
- Text Authentication (Type 1) without password
- MD5 Authentication (Type 2) with password
- MD5 Authentication (Type 2) without password

Also, you may have area authentication and per-interface
authentication, making things even more fun. Which one takes
precedence, area-configured authentication, or interface one? What
happens when you configure Type 1 authentication and Type 2 key, or
the other way around? Etc :-) Endless fun!

@Scott - I like 4th type *grin*.

--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert
FREE CCIE training: http://bit.ly/vLecture
Mailto: markom_at_ipexpert.com
Telephone: +1.810.326.1444
Web: http://www.ipexpert.com/
On Fri, May 20, 2011 at 09:34, Darby Weaver <darby.weaver_at_gmail.com> wrote:
> All,
>
> Refer to the following:
>
> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186
> a0080094069.shtml
>
>
> These are the three different types of authentication supported by OSPF.
>
> B  -
>
> B  *Null Authentication* This is also called Type 0 and it means no
> B  authentication information is included in the packet header. It is the
> B  default.
> B  -
>
> B  *Plain Text Authentication* This is also called Type 1 and it uses simple
> B  clear-text passwords.
> B  -
>
> B  *MD5 Authentication* This is also called Type 2 and it uses MD5
> B  cryptographic passwords.
>
> Authentication does not need to be set. However, if it is set, all peer
> routers on the same segment must have the same password and authentication
> method. The examples in this document demonstrate configurations for both
> plain text and MD5 authentication.
>
>
> Umm....
>
> I'd advise knowing that there is a "Type 0", a "Type 1", and a "Type 2"
> authentication for OSPF.
>
>
> True we only configure 2 of the 3 types... however, WELCOME TO SPARTA...
> don't get kicked into the pit. B Know your options and know how to interpret
> them.
>
>
>
> Some things don't get emphasized enough and some get watered over...
>
> I've just emphasized it.
>
> :)
>
>
>
> Darby
>
>
>
>
>
>
> On Fri, May 20, 2011 at 9:14 AM, GAURAV MADAN
> <gauravmadan1177_at_gmail.com>wrote:
>
>> "everyone" ........... not everyone Darby ..
>>
>> if u somehow see Video on demand INE as well .... they also mention 3 type
>> of ospf auth ..
>>
>> no auth
>> plain
>> md5
>>
>>
>>
>> B On Fri, May 20, 2011 at 4:27 PM, Darby Weaver
> <darby.weaver_at_gmail.com>wrote:
>>
>>> That's what I love about the CCIE Lab...
>>>
>>> Everyone says there are "only" 2 types of authentication in OSPF....
>>>
>>> 1. Plain text
>>> 2. MD5
>>>
>>> If you listen to all your most knowledgeable friends on Groupstudy and a
>>> couple of three (maybe more CCIE's of some repute)...
>>>
>>> And then you find yourself in the "gladiator's chamber" one day... and a
>>> third is suggested by some hint of a vague clue...
>>>
>>> Unless you've heard of RFC2328 and then you find... there is a third...
>>> and
>>> you find yourself astonished in about the same way everyone else was when
>>> we
>>> found out that Luke Skywalker was not quite "The Last Hope" as mentioned
>>> by
>>> Yoda... B Yep... there are three...
>>>
>>>
>>> OSPF as defined in
>>> [RFC2328<https://mail.google.com/mail/html/compose/static_files/rfc2328>]
>>>
>>>
>>> includes three different types of
>>> B  authentication schemes: Null authentication, simple password and
>>> B  cryptographic authentication. NULL authentication is akin to having
>>> B  no authentication at all. In the simple password scheme of
>>> B  authentication, the passwords are exchanged in the clear text on the
>>> B  network and anyone with physical access to the network can learn the
>>> B  password and compromise the security of the OSPF domain.
>>>
>>> B  In the cryptographic authentication scheme, the OSPF routers on a
>>> B  common network/subnet share a secret key which is used to generate a
>>> B  keyed MD5 digest for each packet and a monotonically increasing
>>> B  sequence number scheme is used to prevent replay attacks.
>>>
>>>
>>>
>>>
>>> --
>>> Darby Weaver
>>> Network Engineer
>>> http://www.darbyslogs.blogspot.com
>>>
>>> darbyweaver_at_yahoo.com
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> Darby Weaver
> Network Engineer
> http://www.darbyslogs.blogspot.com
>
> darbyweaver_at_yahoo.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net