So OSPF can not work without authentication.
On Fri, May 20, 2011 at 10:42 AM, Scott Morris <swm_at_emanon.com> wrote:
> See.... Now, I'll beg to differ a little bit here on the logic side of
> things.
>
> Because your last line is technically incorrect. According to the RFC,
> you will use a NULL key by default, so it's STILL an md5 password, it
> just happens to be one that you did not specify. But being that it's
> generating a hash, you can't "not" have one, you can simply have one
> seeded with a null string.
>
> But I'd agree that it's good to know what the defaults are!
>
>
>
>
> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> CCDE #2009::D, JNCIE-M #153, JNCIE-ER #102, CISSP, et al.
>
> CCSI #21903, JNCI-M, JNCI-ER
>
> swm_at_emanon.com
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
> On 5/20/11 1:00 PM, Marko Milivojevic wrote:
> > The thing is... it's even a little bit more complicated than that :-).
> > There are 3 authentication types, but there are more possibilities
> > than only three.
> >
> > - NULL Authentication (Type 0)
> > - Text Authentication (Type 1) with password
> > - Text Authentication (Type 1) without password
> > - MD5 Authentication (Type 2) with password
> > - MD5 Authentication (Type 2) without password
> >
> > Also, you may have area authentication and per-interface
> > authentication, making things even more fun. Which one takes
> > precedence, area-configured authentication, or interface one? What
> > happens when you configure Type 1 authentication and Type 2 key, or
> > the other way around? Etc :-) Endless fun!
> >
> > @Scott - I like 4th type *grin*.
> >
> > --
> > Marko Milivojevic - CCIE #18427
> > Senior Technical Instructor - IPexpert
> >
> > FREE CCIE training: http://bit.ly/vLecture
> >
> > Mailto: markom_at_ipexpert.com
> > Telephone: +1.810.326.1444
> > Web: http://www.ipexpert.com/
> >
> > On Fri, May 20, 2011 at 09:34, Darby Weaver <darby.weaver_at_gmail.com>
> wrote:
> >> All,
> >>
> >> Refer to the following:
> >>
> >>
> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186
> >> a0080094069.shtml
> >>
> >>
> >> These are the three different types of authentication supported by OSPF.
> >>
> >> B -
> >>
> >> B *Null Authentication* This is also called Type 0 and it means no
> >> B authentication information is included in the packet header. It is
> the
> >> B default.
> >> B -
> >>
> >> B *Plain Text Authentication* This is also called Type 1 and it uses
> simple
> >> B clear-text passwords.
> >> B -
> >>
> >> B *MD5 Authentication* This is also called Type 2 and it uses MD5
> >> B cryptographic passwords.
> >>
> >> Authentication does not need to be set. However, if it is set, all peer
> >> routers on the same segment must have the same password and
> authentication
> >> method. The examples in this document demonstrate configurations for
> both
> >> plain text and MD5 authentication.
> >>
> >>
> >> Umm....
> >>
> >> I'd advise knowing that there is a "Type 0", a "Type 1", and a "Type 2"
> >> authentication for OSPF.
> >>
> >>
> >> True we only configure 2 of the 3 types... however, WELCOME TO SPARTA...
> >> don't get kicked into the pit. B Know your options and know how to
> interpret
> >> them.
> >>
> >>
> >>
> >> Some things don't get emphasized enough and some get watered over...
> >>
> >> I've just emphasized it.
> >>
> >> :)
> >>
> >>
> >>
> >> Darby
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Fri, May 20, 2011 at 9:14 AM, GAURAV MADAN
> >> <gauravmadan1177_at_gmail.com>wrote:
> >>
> >>> "everyone" ........... not everyone Darby ..
> >>>
> >>> if u somehow see Video on demand INE as well .... they also mention 3
> type
> >>> of ospf auth ..
> >>>
> >>> no auth
> >>> plain
> >>> md5
> >>>
> >>>
> >>>
> >>> B On Fri, May 20, 2011 at 4:27 PM, Darby Weaver
> >> <darby.weaver_at_gmail.com>wrote:
> >>>> That's what I love about the CCIE Lab...
> >>>>
> >>>> Everyone says there are "only" 2 types of authentication in OSPF....
> >>>>
> >>>> 1. Plain text
> >>>> 2. MD5
> >>>>
> >>>> If you listen to all your most knowledgeable friends on Groupstudy and
> a
> >>>> couple of three (maybe more CCIE's of some repute)...
> >>>>
> >>>> And then you find yourself in the "gladiator's chamber" one day... and
> a
> >>>> third is suggested by some hint of a vague clue...
> >>>>
> >>>> Unless you've heard of RFC2328 and then you find... there is a
> third...
> >>>> and
> >>>> you find yourself astonished in about the same way everyone else was
> when
> >>>> we
> >>>> found out that Luke Skywalker was not quite "The Last Hope" as
> mentioned
> >>>> by
> >>>> Yoda... B Yep... there are three...
> >>>>
> >>>>
> >>>> OSPF as defined in
> >>>> [RFC2328<
> https://mail.google.com/mail/html/compose/static_files/rfc2328>]
> >>>>
> >>>>
> >>>> includes three different types of
> >>>> B authentication schemes: Null authentication, simple password and
> >>>> B cryptographic authentication. NULL authentication is akin to having
> >>>> B no authentication at all. In the simple password scheme of
> >>>> B authentication, the passwords are exchanged in the clear text on
> the
> >>>> B network and anyone with physical access to the network can learn
> the
> >>>> B password and compromise the security of the OSPF domain.
> >>>>
> >>>> B In the cryptographic authentication scheme, the OSPF routers on a
> >>>> B common network/subnet share a secret key which is used to generate
> a
> >>>> B keyed MD5 digest for each packet and a monotonically increasing
> >>>> B sequence number scheme is used to prevent replay attacks.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Darby Weaver
> >>>> Network Engineer
> >>>> http://www.darbyslogs.blogspot.com
> >>>>
> >>>> darbyweaver_at_yahoo.com
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >> --
> >> Darby Weaver
> >> Network Engineer
> >> http://www.darbyslogs.blogspot.com
> >>
> >> darbyweaver_at_yahoo.com
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- *Narbik Kocharians *CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining.com <http://www.micronicstraining.com/> Sr. Technical Instructor *Ask about our FREE Lab Voucher with our Boot Camps* YES! We take Cisco Learning Credits! Training & Remote Racks available Blogs and organic groups at http://www.ccie.netReceived on Fri May 20 2011 - 10:50:55 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART