Re: OSPF authentication question

From: Robert DuBell (bobdu11@xxxxxxxx)
Date: Fri Dec 07 2001 - 14:22:14 GMT-3

• Next message: Yonkerbonk: "Excessive Broadcasts on Serial links?"
• Previous message: Tu Nguyen: "RE: OSPF authentication question"
• Maybe in reply to: xujing@xxxxxxxxx: "OSPF authentication question"
• Next in thread: Chuck Ryan: "RE: OSPF authentication question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Yes it does. Because you can't have an area 1 directly neighboring with an
area 0 interface. The area's have to match to establish an adjacency, and
if you have authentication enabled then you will have to have it enabled on
all interfaces in the area.....Bobdu1

----- Original Message -----
From: "Tu Nguyen" <tunguyen@juniper.net>
To: "Asbjorn Hojmark" <Asbjorn@Hojmark.ORG>; <xujing@31942.org>
Cc: "ccielab" <ccielab@groupstudy.com>
Sent: Friday, December 07, 2001 9:52 PM
Subject: RE: OSPF authentication question

> I have a quick question, hopefully someone can shine some light.
>
> If an interface have ip ospf authentication activate.
> Does this mean any router directly connected to this interface running
> ospf must need to enable ip ospf authentication in order for ospf to
> establish adjacency, right? Here is the example:
>
>
> R1-----------------R2 & R3 (Point-Multipoint)
> R1 is connected to R2 and R3 via a frame-relay, sharing the same sub
> interface (point-multipoint)
> If R1 and R2 is enable for ip ospf authentication, does this mean R1 and
> R3 must have the same requirement?
>
> In my opinion, I believe in this case all routers will need to configure
> with ip ospf authentication and no other option. Unless, Cisco allow ip
> ospf authentication per neighbor; which I don't think there is.
>
> Thanks, Tu
>
> -----Original Message-----
> From: Asbjorn Hojmark [mailto:Asbjorn@Hojmark.ORG]
> Sent: Friday, December 07, 2001 6:24 AM
> To: xujing@31942.org
> Cc: 'ccielab'
> Subject: RE: OSPF authentication question
>
>
> > inter f0/0
> > ip add 1.1.1.1 255.255.255.0
> > ip ospf mess 1 md5 cisco
>
> That sets the MD5 key for the authentication. It doesn't actually
> turn on authentication...
>
> > but I also find the "ip ospf authentication mess" from the
> > IOS command list.
>
> That can be used to turn on authentication for the interface.
>
> Back in the Old Days(TM), you could only turn on authentication
> for an entire area, which of course is done in OSPF router config
> mode (with 'area x authen').
>
> If you turn on authentication for the complete area, you don't
> need 'ip ospf authen' on the interfaces in that particular area.
>
> > who can tell me whether I need add the "ip ospf authentication
> > mess" to my config?
>
> You only need to do that if you want to use a different type of
> authentication (plain, md5, null) for an interface than what you
> use for the rest of the area.
>
> HTH,
> -A
> --
> Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe
> Links : http://www.hojmark.org/networking/

• Next message: Yonkerbonk: "Excessive Broadcasts on Serial links?"
• Previous message: Tu Nguyen: "RE: OSPF authentication question"
• Maybe in reply to: xujing@xxxxxxxxx: "OSPF authentication question"
• Next in thread: Chuck Ryan: "RE: OSPF authentication question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:40 GMT-3