Re: OSPF Virtual Link Authentication

From: Ivan Centeno (icenteno2001@yahoo.com)
Date: Thu Sep 05 2002 - 00:23:59 GMT-3

• Next message: Omer Ansari: "RE: redistribute ospf to igrp again"
• Previous message: Peng Zheng: "RE: Why neighbor is not required for OSPF configured as ip ospf"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Next in thread: frank.yu@japan.bnpparibas.com: "Re: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Paul,

I am working in the subject too.
comments in line.

Ivan
--- Paul Grey <paul@greyboy.org> wrote:
> Could someone please clarify for me the exact
> context that the
> authentication parameters are used in the OSPF
> virtual link command:-
>
> area 1 virtual-link 1.1.1.1 [authentication |
> authentication-key]
>
> I currently have a config with Area 0 using plain
> text authentication
> (password cisco) and Area 1 is using message-digest
> (sanjose).
>
> Ive configured a virtual link across Area 1 to a
> router tagged to Area
> 2.
>
> Using:-
>
> Area 0 authentication
> Area 1 virtual-link a.b.c.d
>
> On the Area 2 router my virtual link comes up.
>
> So Im assuming that the link has come up because
> the default null
> string is being used by the virtual-link for
> authentication. Am I right?

My guess is yes.
>
> If I am then why use the parameters in the command.
>
I think that the main reason is backward compatibility
and the desire of full security in the flooding of the
LSA.

From a Cisco Document:

"Starting in Cisco IOS. 12.0.8, authentication is
supported on a per-interface basis, as mentioned in
RFC 2328,
Appendix D. This feature was added in bug CSCdk33792.
If you are a registered CCO user and you have logged
in, you
can view the bug details"

Previous IOS 12.0.8 it was needed define the
configuration of the authentication in the virtual
link. Thats is the reason because I think in backward
compatibility.

Any comment would be appreciate.

> Any takers?
>
> TIA
>
> Paul
>
>
>
>
>
>
>
> ________________________________________________
>
> Paul Grey
>
> paul@greyboy.org
>
> This e-mail and any files transmitted with it are
> confidential and
> solely for the use of the intended recipient. If you
> are not the
> intended recipient or the person responsible for
> delivering it to the
> intended recipient, please be advised that you have
> received this email
> in error and that any use is strictly prohibited.
> Please notify us by
> replying to this mail and advising accordingly.
> Thank you for your
> co-operation.
>

• Next message: Omer Ansari: "RE: redistribute ospf to igrp again"
• Previous message: Peng Zheng: "RE: Why neighbor is not required for OSPF configured as ip ospf"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Next in thread: frank.yu@japan.bnpparibas.com: "Re: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:44 GMT-3