I didn't mean that, Darby :-). Lab it up :-).
-- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert FREE CCIE training: http://bit.ly/vLecture Mailto: markom_at_ipexpert.com Telephone: +1.810.326.1444 Web: http://www.ipexpert.com/ On Fri, May 20, 2011 at 10:20, Darby Weaver <darby.weaver_at_gmail.com> wrote: > Nothing like making a confusing morass from the simple and sublime... I > guess people can trip on their own toes... > > sh run | i cisco $B and find the missing character... how's that work with a > blank password? > > Nothing like the fun stuff. > > Darby > > http://www.darbyslogs.blogspot.com > > > > On Fri, May 20, 2011 at 1:00 PM, Marko Milivojevic <markom_at_ipexpert.com> > wrote: >> >> The thing is... it's even a little bit more complicated than that :-). >> There are 3 authentication types, but there are more possibilities >> than only three. >> >> - NULL Authentication (Type 0) >> - Text Authentication (Type 1) with password >> - Text Authentication (Type 1) without password >> - MD5 Authentication (Type 2) with password >> - MD5 Authentication (Type 2) without password >> >> Also, you may have area authentication and per-interface >> authentication, making things even more fun. Which one takes >> precedence, area-configured authentication, or interface one? What >> happens when you configure Type 1 authentication and Type 2 key, or >> the other way around? Etc :-) Endless fun! >> >> @Scott - I like 4th type *grin*. >> >> -- >> Marko Milivojevic - CCIE #18427 >> Senior Technical Instructor - IPexpert >> >> FREE CCIE training: http://bit.ly/vLecture >> >> Mailto: markom_at_ipexpert.com >> Telephone: +1.810.326.1444 >> Web: http://www.ipexpert.com/ >> >> On Fri, May 20, 2011 at 09:34, Darby Weaver <darby.weaver_at_gmail.com> >> wrote: >> > All, >> > >> > Refer to the following: >> > >> > >> > http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186 >> > a0080094069.shtml >> > >> > >> > These are the three different types of authentication supported by OSPF. >> > >> > B - >> > >> > B *Null Authentication* This is also called Type 0 and it means no >> > B authentication information is included in the packet header. It is the >> > B default. >> > B - >> > >> > B *Plain Text Authentication* This is also called Type 1 and it uses >> > simple >> > B clear-text passwords. >> > B - >> > >> > B *MD5 Authentication* This is also called Type 2 and it uses MD5 >> > B cryptographic passwords. >> > >> > Authentication does not need to be set. However, if it is set, all peer >> > routers on the same segment must have the same password and >> > authentication >> > method. The examples in this document demonstrate configurations for >> > both >> > plain text and MD5 authentication. >> > >> > >> > Umm.... >> > >> > I'd advise knowing that there is a "Type 0", a "Type 1", and a "Type 2" >> > authentication for OSPF. >> > >> > >> > True we only configure 2 of the 3 types... however, WELCOME TO SPARTA... >> > don't get kicked into the pit. B Know your options and know how to >> > interpret >> > them. >> > >> > >> > >> > Some things don't get emphasized enough and some get watered over... >> > >> > I've just emphasized it. >> > >> > :) >> > >> > >> > >> > Darby >> > >> > >> > >> > >> > >> > >> > On Fri, May 20, 2011 at 9:14 AM, GAURAV MADAN >> > <gauravmadan1177_at_gmail.com>wrote: >> > >> >> "everyone" ........... not everyone Darby .. >> >> >> >> if u somehow see Video on demand INE as well .... they also mention 3 >> >> type >> >> of ospf auth .. >> >> >> >> no auth >> >> plain >> >> md5 >> >> >> >> >> >> >> >> B On Fri, May 20, 2011 at 4:27 PM, Darby Weaver >> > <darby.weaver_at_gmail.com>wrote: >> >> >> >>> That's what I love about the CCIE Lab... >> >>> >> >>> Everyone says there are "only" 2 types of authentication in OSPF.... >> >>> >> >>> 1. Plain text >> >>> 2. MD5 >> >>> >> >>> If you listen to all your most knowledgeable friends on Groupstudy and >> >>> a >> >>> couple of three (maybe more CCIE's of some repute)... >> >>> >> >>> And then you find yourself in the "gladiator's chamber" one day... and >> >>> a >> >>> third is suggested by some hint of a vague clue... >> >>> >> >>> Unless you've heard of RFC2328 and then you find... there is a >> >>> third... >> >>> and >> >>> you find yourself astonished in about the same way everyone else was >> >>> when >> >>> we >> >>> found out that Luke Skywalker was not quite "The Last Hope" as >> >>> mentioned >> >>> by >> >>> Yoda... B Yep... there are three... >> >>> >> >>> >> >>> OSPF as defined in >> >>> >> >>> [RFC2328<https://mail.google.com/mail/html/compose/static_files/rfc2328>] >> >>> >> >>> >> >>> includes three different types of >> >>> B authentication schemes: Null authentication, simple password and >> >>> B cryptographic authentication. NULL authentication is akin to having >> >>> B no authentication at all. In the simple password scheme of >> >>> B authentication, the passwords are exchanged in the clear text on the >> >>> B network and anyone with physical access to the network can learn the >> >>> B password and compromise the security of the OSPF domain. >> >>> >> >>> B In the cryptographic authentication scheme, the OSPF routers on a >> >>> B common network/subnet share a secret key which is used to generate a >> >>> B keyed MD5 digest for each packet and a monotonically increasing >> >>> B sequence number scheme is used to prevent replay attacks. >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Darby Weaver >> >>> Network Engineer >> >>> http://www.darbyslogs.blogspot.com >> >>> >> >>> darbyweaver_at_yahoo.com >> >>> >> >>> >> >>> Blogs and organic groups at http://www.ccie.net >> >>> >> >>> >> >>> _______________________________________________________________________ >> >>> Subscription information may be found at: >> >>> http://www.groupstudy.com/list/CCIELab.html >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >> >> > >> > >> > -- >> > Darby Weaver >> > Network Engineer >> > http://www.darbyslogs.blogspot.com >> > >> > darbyweaver_at_yahoo.com >> > >> > >> > Blogs and organic groups at http://www.ccie.net >> > >> > _______________________________________________________________________ >> > Subscription information may be found at: >> > http://www.groupstudy.com/list/CCIELab.html >> > >> > >> > >> > >> > >> > >> > >> > > > > > -- > Darby Weaver > Network Engineer > http://www.darbyslogs.blogspot.com > > darbyweaver_at_yahoo.com Blogs and organic groups at http://www.ccie.netReceived on Fri May 20 2011 - 10:22:47 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART