Re: md5 authentication for OSPF

From: David Goldsmith (dgoldsmi@xxxxxxxxx)
Date: Thu Nov 16 2000 - 12:51:32 GMT-3

• Next message: Connary, Julie Ann: "new question: route redistribution metrics"
• Previous message: Ronnie Royston: "RE: IPX - Understanding IPX Network Numbering"
• Maybe in reply to: Connary, Julie Ann: "md5 authentication for OSPF"
• Next in thread: Sam Munzani: "Re: md5 authentication for OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Julie,

Actually can now do this on per interface basis.

see link:
http://www.cisco.com/warp/public/104/25.shtml

But only on certain versions.

Dave G.

tom cheung wrote:

> I'm not sure this can be done. If I remember correctly, all ospf neighbors
> in the same area is required to do authentication or else they'll not not
> become neighbors. The hello protocol has certain fields that has to be
> agreed upon by all neighbors within the same area. Authentication type and
> password is one of these required fields.
>
> >From: "Connary, Julie Ann" <jconnary@cisco.com>
> >Reply-To: "Connary, Julie Ann" <jconnary@cisco.com>
> >To: ccielab@groupstudy.com
> >Subject: md5 authentication for OSPF
> >Date: Thu, 16 Nov 2000 09:51:03 -0500
> >
> >Hi All,
> >
> >researching out MD5 authentication for OSPF yields the following two
> >methods:
> >
> >
> >
> >ip ospf message-digest-key keyid md5 key (used under the interface)
> >
> >area area-id authentication message-digest (used under "router ospf
> ><process-id>")
> >
> >I am assuming that if an interface is a Frame-Relay with multiple
> >frame-relay map statements for spokes, that
> >MD5 authentication must also be used on ALL spokes?
> >
> >Is there a way to just enable MD5 authentication to a particular neighbor
> >in a hub and spoke environment? I'm working
> >on a lab that says that I have to set up the hub with a physical interface
> >with frame-relay map statements to two spokes (all three routers in Area
> >0), and then it says to configure MD5 authentication to only one of the
> >spokes - I'm not sure this is possible.
> >
> >Thanks,
> >
> >Julie Ann
> >------------------------------------------------------------------------
> > Julie Ann Connary
> > | | Network Consulting Engineer
> > ||| ||| Federal Support Program
> > .|||||. .|||||. 13635 Dulles Technology Drive,
> >Herndon VA 20171
> > .:|||||||||:.:|||||||||:. Pager: 1-888-642-0551
> > c i s c o S y s t e m s Email: jconnary@cisco.com
> >
> >------------------------------------------------------------------------
> >

• Next message: Connary, Julie Ann: "new question: route redistribution metrics"
• Previous message: Ronnie Royston: "RE: IPX - Understanding IPX Network Numbering"
• Maybe in reply to: Connary, Julie Ann: "md5 authentication for OSPF"
• Next in thread: Sam Munzani: "Re: md5 authentication for OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3