From: Tony Olzak (aolzak@xxxxxxxxxxxxxxxxxxx)
Date: Thu Nov 16 2000 - 15:33:55 GMT-3
But, you can configure "area 0 authentication" as a command on all routers,
but not configure the interface commands to actually do authentication. You
aren't actually doing authentication until you use the interface command to
specify the key and type. In this way, you could use the "area 0
authentication" command on all routers in an area, but only actually do
authentication to one neighbor.
I've got a lab set up where I am doing authentication only through a
virtual link. All other routers in area 0 do not have the interface commands
set and everything works perfectly.
Tony
----- Original Message -----
From: "Sam Munzani" <sam@munzani.com>
To: "David Goldsmith" <dgoldsmi@cisco.com>; "tom cheung"
<tkc9789@hotmail.com>
Cc: <jconnary@cisco.com>; <ccielab@groupstudy.com>
Sent: Thursday, November 16, 2000 11:15 AM
Subject: Re: md5 authentication for OSPF
> You can have different keys per interface basis but I think authentication
> is still per area basis. Try it in lab. Have a few routers in area 0.
> Configure "area 0 authentication" command only on a few routers. I will
not
> work.
>
> How ever you can do following.
> All routers have "area 0 authentication" command. Each point to point link
> have different authentication key.
>
> LAter,
> Sam
>
> > Julie,
> >
> > Actually can now do this on per interface basis.
> >
> > see link:
> > http://www.cisco.com/warp/public/104/25.shtml
> >
> > But only on certain versions.
> >
> > Dave G.
> >
> >
> >
> > tom cheung wrote:
> >
> > > I'm not sure this can be done. If I remember correctly, all ospf
> neighbors
> > > in the same area is required to do authentication or else they'll not
> not
> > > become neighbors. The hello protocol has certain fields that has to be
> > > agreed upon by all neighbors within the same area. Authentication
type
> and
> > > password is one of these required fields.
> > >
> > > >From: "Connary, Julie Ann" <jconnary@cisco.com>
> > > >Reply-To: "Connary, Julie Ann" <jconnary@cisco.com>
> > > >To: ccielab@groupstudy.com
> > > >Subject: md5 authentication for OSPF
> > > >Date: Thu, 16 Nov 2000 09:51:03 -0500
> > > >
> > > >Hi All,
> > > >
> > > >researching out MD5 authentication for OSPF yields the following two
> > > >methods:
> > > >
> > > >
> > > >
> > > >ip ospf message-digest-key keyid md5 key (used under the interface)
> > > >
> > > >area area-id authentication message-digest (used under "router ospf
> > > ><process-id>")
> > > >
> > > >I am assuming that if an interface is a Frame-Relay with multiple
> > > >frame-relay map statements for spokes, that
> > > >MD5 authentication must also be used on ALL spokes?
> > > >
> > > >Is there a way to just enable MD5 authentication to a particular
> neighbor
> > > >in a hub and spoke environment? I'm working
> > > >on a lab that says that I have to set up the hub with a physical
> interface
> > > >with frame-relay map statements to two spokes (all three routers in
> Area
> > > >0), and then it says to configure MD5 authentication to only one of
the
> > > >spokes - I'm not sure this is possible.
> > > >
> > > >Thanks,
> > > >
> > > >Julie Ann
> > >
> >------------------------------------------------------------------------
> > > > Julie Ann Connary
> > > > | | Network Consulting Engineer
> > > > ||| ||| Federal Support Program
> > > > .|||||. .|||||. 13635 Dulles Technology
> Drive,
> > > >Herndon VA 20171
> > > > .:|||||||||:.:|||||||||:. Pager: 1-888-642-0551
> > > > c i s c o S y s t e m s Email: jconnary@cisco.com
> > > >
> > >
> >------------------------------------------------------------------------
> > > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3