From: Jeff.Kline@xxxxxxxxxxxxxxx
Date: Tue Apr 17 2001 - 19:09:13 GMT-3
To configure MD5 authentication you have the ospf process command "area x
authentication message-digest." If you leave off the 'message-digest' part,
it sets up that area for simple authentication. In interface mode, you
would do the following command to complete the MD5 setup: "ip ospf
message-digest-key 1 md5 password' or for simple authentication: "ip ospf
authentication-key password." You may need to add the 0 for unencrypted
password in some IOS versions... In the MD5 interface command, the 1 in the
above line denotes key 1. OSPF allows for smooth key transitions -- it will
use an older key until the last router uses the higher key ID. I think the
OSPF design guide online has a pretty good description of this -- not much
to it:
http://www.cisco.com/warp/public/104/2.html#6.0
The interface command listed below on E0 ("ip ospf authentication
message-digest") was introduced in version 12.0:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r
/1rprt1/1rospf.htm#xtocid677212
I haven't worked with the interface ip ospf authentication message-digest
command, but will see if it works the same as I described in the beginning.
-Jeff
-----Original Message-----
From: Jaeheon Yoo [mailto:kghost@chollian.net]
Sent: Tuesday, April 17, 2001 4:38 PM
To: ccielab@groupstudy.com
Cc: Darek Kuzma
Subject: Re: OSPF authentication
Hi, Darek
I think Michel is right.
"ip ospf authentication-key xxxx" interface command is for specifying a
simple password(cleartext) authentication key.
"ip ospf message-digest-key xxx" interface command is for specifying a
message digest key.
And "ip ospf authentication [message-digest | null ]" is introduced in 12.0
for overriding any authentication type configured for the area.
"ip ospf authentication" is for a simple password authentication type.
"ip ospf authentication message-digest" is for a message-digest
authentication type.
"ip ospf authentication null" is for a null authentication.
So the right configuration is as follows:
!
!
interface Ethernet0
ip address 1.1.1.1 255.255.255.0
no ip directed-broadcast
ip ospf authentication message-digest
ip ospf message-digest-key cisco
!
router ospf 1
area 0 authentication
network 1.1.1.0 0.0.0.255 area 0
ip ospf authentication interface command is needed when an area-wide
authentication type is unspecified or different from the interface-wide
authentication type.
And I believe the key chain authentication supported in RIPv2 and EIGRP is
NOT supported in OSPF. Please correct me if I'm wrong.
Hope this helps.
Regards,
Jaeheon
----- Original Message -----
From: "Darek Kuzma" <darekk@optonline.net>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, April 18, 2001 2:44 AM
Subject: Re: OSPF authentication
>
> Thanks!
> I was missing this command:
> ip ospf authentication-key
>
> Darek
>
> adiment@uswest.com wrote:
>
> > key chain mykeychain
> > key 1
> > key-string cisco
> > !
> > !
> > interface Ethernet0
> > ip address 1.1.1.1 255.255.255.0
> > no ip directed-broadcast
> > ip ospf authentication message-digest
> > ip ospf authentication-key mykeychain
> > !
> > router ospf 1
> > area 0 authentication message-digest
> > network 1.1.1.0 0.0.0.255 area 0
> >
> > -----Original Message-----
> > From: Darek Kuzma [mailto:darekk@optonline.net]
> > Sent: Tuesday, April 17, 2001 10:52 AM
> > To: ccielab@groupstudy.com
> > Subject: OSPF authentication
> >
> > Hi,
> > Does anybody know how to use key-chain with OSPF? Is that possible at
> > all?
> > Thanks,
> > Darek Kuzma
> > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:48 GMT-3