Re: OSPF Virtual Link Authentication

From: frank.yu@japan.bnpparibas.com
Date: Thu Sep 05 2002 - 03:54:12 GMT-3

• Next message: Michael Spencer: "reverse telnet"
• Previous message: Volkov, Dmitry (Toronto - BCE): "RE: DLSW Dynamic Peers"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Next in thread: Ivan Centeno: "Re: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Paul,

    Correct me if I am wrong. When you config a diagram as following

R1------------------------------R2--------------------R3-------------
                 ospf a0 ospf a1
ospf a2

     R3 should see route in a0 as intra area route other than inter area
route, so as I understand A0 and A1 should have same authentication type
either plain text or message digest.

Frank

Internet
icenteno2001@yahoo.com@groupstudy.com - 09/05/2002 12:23 PM

Please respond to icenteno2001@yahoo.com

Sent by: nobody@groupstudy.com

To: paul, ccielab

cc:

Subject: Re: OSPF Virtual Link Authentication

Paul,

I am working in the subject too.
comments in line.

Ivan
--- Paul Grey <paul@greyboy.org> wrote:
> Could someone please clarify for me the exact
> context that the
> authentication parameters are used in the OSPF
> virtual link command:-
>
> area 1 virtual-link 1.1.1.1 [authentication |
> authentication-key]
>
> I currently have a config with Area 0 using plain
> text authentication
> (password cisco) and Area 1 is using message-digest
> (sanjose).
>
> Ive configured a virtual link across Area 1 to a
> router tagged to Area
> 2.
>
> Using:-
>
> Area 0 authentication
> Area 1 virtual-link a.b.c.d
>
> On the Area 2 router my virtual link comes up.
>
> So Im assuming that the link has come up because
> the default null
> string is being used by the virtual-link for
> authentication. Am I right?

My guess is yes.
>
> If I am then why use the parameters in the command.
>
I think that the main reason is backward compatibility
and the desire of full security in the flooding of the
LSA.

From a Cisco Document:

"Starting in Cisco IOS. 12.0.8, authentication is
supported on a per-interface basis, as mentioned in
RFC 2328,
Appendix D. This feature was added in bug CSCdk33792.
If you are a registered CCO user and you have logged
in, you
can view the bug details"

Previous IOS 12.0.8 it was needed define the
configuration of the authentication in the virtual
link. Thats is the reason because I think in backward
compatibility.

Any comment would be appreciate.

> Any takers?
>
> TIA
>
> Paul
>
>
>
>
>
>
>
> ________________________________________________
>
> Paul Grey
>
> paul@greyboy.org
>
> This e-mail and any files transmitted with it are
> confidential and
> solely for the use of the intended recipient. If you
> are not the
> intended recipient or the person responsible for
> delivering it to the
> intended recipient, please be advised that you have
> received this email
> in error and that any use is strictly prohibited.
> Please notify us by
> replying to this mail and advising accordingly.
> Thank you for your
> co-operation.
>

• Next message: Michael Spencer: "reverse telnet"
• Previous message: Volkov, Dmitry (Toronto - BCE): "RE: DLSW Dynamic Peers"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Next in thread: Ivan Centeno: "Re: OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:44 GMT-3