Nothing like making a confusing morass from the simple and sublime... I
guess people can trip on their own toes...
sh run | i cisco $ and find the missing character... how's that work with a
blank password?
Nothing like the fun stuff.
Darby
http://www.darbyslogs.blogspot.com
On Fri, May 20, 2011 at 1:00 PM, Marko Milivojevic <markom_at_ipexpert.com>wrote:
> The thing is... it's even a little bit more complicated than that :-).
> There are 3 authentication types, but there are more possibilities
> than only three.
>
> - NULL Authentication (Type 0)
> - Text Authentication (Type 1) with password
> - Text Authentication (Type 1) without password
> - MD5 Authentication (Type 2) with password
> - MD5 Authentication (Type 2) without password
>
> Also, you may have area authentication and per-interface
> authentication, making things even more fun. Which one takes
> precedence, area-configured authentication, or interface one? What
> happens when you configure Type 1 authentication and Type 2 key, or
> the other way around? Etc :-) Endless fun!
>
> @Scott - I like 4th type *grin*.
>
> --
> Marko Milivojevic - CCIE #18427
> Senior Technical Instructor - IPexpert
>
> FREE CCIE training: http://bit.ly/vLecture
>
> Mailto: markom_at_ipexpert.com
> Telephone: +1.810.326.1444
> Web: http://www.ipexpert.com/
>
> On Fri, May 20, 2011 at 09:34, Darby Weaver <darby.weaver_at_gmail.com>
> wrote:
> > All,
> >
> > Refer to the following:
> >
> >
> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186
> > a0080094069.shtml
> >
> >
> > These are the three different types of authentication supported by OSPF.
> >
> > -
> >
> > *Null Authentication* This is also called Type 0 and it means no
> > authentication information is included in the packet header. It is the
> > default.
> > -
> >
> > *Plain Text Authentication* This is also called Type 1 and it uses
> simple
> > clear-text passwords.
> > -
> >
> > *MD5 Authentication* This is also called Type 2 and it uses MD5
> > cryptographic passwords.
> >
> > Authentication does not need to be set. However, if it is set, all peer
> > routers on the same segment must have the same password and
> authentication
> > method. The examples in this document demonstrate configurations for both
> > plain text and MD5 authentication.
> >
> >
> > Umm....
> >
> > I'd advise knowing that there is a "Type 0", a "Type 1", and a "Type 2"
> > authentication for OSPF.
> >
> >
> > True we only configure 2 of the 3 types... however, WELCOME TO SPARTA...
> > don't get kicked into the pit. Know your options and know how to
> interpret
> > them.
> >
> >
> >
> > Some things don't get emphasized enough and some get watered over...
> >
> > I've just emphasized it.
> >
> > :)
> >
> >
> >
> > Darby
> >
> >
> >
> >
> >
> >
> > On Fri, May 20, 2011 at 9:14 AM, GAURAV MADAN
> > <gauravmadan1177_at_gmail.com>wrote:
> >
> >> "everyone" ........... not everyone Darby ..
> >>
> >> if u somehow see Video on demand INE as well .... they also mention 3
> type
> >> of ospf auth ..
> >>
> >> no auth
> >> plain
> >> md5
> >>
> >>
> >>
> >> On Fri, May 20, 2011 at 4:27 PM, Darby Weaver
> > <darby.weaver_at_gmail.com>wrote:
> >>
> >>> That's what I love about the CCIE Lab...
> >>>
> >>> Everyone says there are "only" 2 types of authentication in OSPF....
> >>>
> >>> 1. Plain text
> >>> 2. MD5
> >>>
> >>> If you listen to all your most knowledgeable friends on Groupstudy and
> a
> >>> couple of three (maybe more CCIE's of some repute)...
> >>>
> >>> And then you find yourself in the "gladiator's chamber" one day... and
> a
> >>> third is suggested by some hint of a vague clue...
> >>>
> >>> Unless you've heard of RFC2328 and then you find... there is a third...
> >>> and
> >>> you find yourself astonished in about the same way everyone else was
> when
> >>> we
> >>> found out that Luke Skywalker was not quite "The Last Hope" as
> mentioned
> >>> by
> >>> Yoda... Yep... there are three...
> >>>
> >>>
> >>> OSPF as defined in
> >>> [RFC2328<
> https://mail.google.com/mail/html/compose/static_files/rfc2328>]
> >>>
> >>>
> >>> includes three different types of
> >>> authentication schemes: Null authentication, simple password and
> >>> cryptographic authentication. NULL authentication is akin to having
> >>> no authentication at all. In the simple password scheme of
> >>> authentication, the passwords are exchanged in the clear text on the
> >>> network and anyone with physical access to the network can learn the
> >>> password and compromise the security of the OSPF domain.
> >>>
> >>> In the cryptographic authentication scheme, the OSPF routers on a
> >>> common network/subnet share a secret key which is used to generate a
> >>> keyed MD5 digest for each packet and a monotonically increasing
> >>> sequence number scheme is used to prevent replay attacks.
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Darby Weaver
> >>> Network Engineer
> >>> http://www.darbyslogs.blogspot.com
> >>>
> >>> darbyweaver_at_yahoo.com
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> > --
> > Darby Weaver
> > Network Engineer
> > http://www.darbyslogs.blogspot.com
> >
> > darbyweaver_at_yahoo.com
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
-- Darby Weaver Network Engineer http://www.darbyslogs.blogspot.com darbyweaver_at_yahoo.com Blogs and organic groups at http://www.ccie.netReceived on Fri May 20 2011 - 13:20:56 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART