From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Thu Nov 16 2000 - 13:15:19 GMT-3
You can have different keys per interface basis but I think authentication
is still per area basis. Try it in lab. Have a few routers in area 0.
Configure "area 0 authentication" command only on a few routers. I will not
work.
How ever you can do following.
All routers have "area 0 authentication" command. Each point to point link
have different authentication key.
LAter,
Sam
> Julie,
>
> Actually can now do this on per interface basis.
>
> see link:
> http://www.cisco.com/warp/public/104/25.shtml
>
> But only on certain versions.
>
> Dave G.
>
>
>
> tom cheung wrote:
>
> > I'm not sure this can be done. If I remember correctly, all ospf
neighbors
> > in the same area is required to do authentication or else they'll not
not
> > become neighbors. The hello protocol has certain fields that has to be
> > agreed upon by all neighbors within the same area. Authentication type
and
> > password is one of these required fields.
> >
> > >From: "Connary, Julie Ann" <jconnary@cisco.com>
> > >Reply-To: "Connary, Julie Ann" <jconnary@cisco.com>
> > >To: ccielab@groupstudy.com
> > >Subject: md5 authentication for OSPF
> > >Date: Thu, 16 Nov 2000 09:51:03 -0500
> > >
> > >Hi All,
> > >
> > >researching out MD5 authentication for OSPF yields the following two
> > >methods:
> > >
> > >
> > >
> > >ip ospf message-digest-key keyid md5 key (used under the interface)
> > >
> > >area area-id authentication message-digest (used under "router ospf
> > ><process-id>")
> > >
> > >I am assuming that if an interface is a Frame-Relay with multiple
> > >frame-relay map statements for spokes, that
> > >MD5 authentication must also be used on ALL spokes?
> > >
> > >Is there a way to just enable MD5 authentication to a particular
neighbor
> > >in a hub and spoke environment? I'm working
> > >on a lab that says that I have to set up the hub with a physical
interface
> > >with frame-relay map statements to two spokes (all three routers in
Area
> > >0), and then it says to configure MD5 authentication to only one of the
> > >spokes - I'm not sure this is possible.
> > >
> > >Thanks,
> > >
> > >Julie Ann
> >
>------------------------------------------------------------------------
> > > Julie Ann Connary
> > > | | Network Consulting Engineer
> > > ||| ||| Federal Support Program
> > > .|||||. .|||||. 13635 Dulles Technology
Drive,
> > >Herndon VA 20171
> > > .:|||||||||:.:|||||||||:. Pager: 1-888-642-0551
> > > c i s c o S y s t e m s Email: jconnary@cisco.com
> > >
> >
>------------------------------------------------------------------------
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3