RE: Re[2]: OSPF Virtual Link Authentication

From: Peng Zheng (zpnist@yahoo.com)
Date: Fri Sep 06 2002 - 13:51:45 GMT-3

• Next message: ccie2002@bellsouth.net: "Tunnel Interface Help"
• Previous message: robert.reichel@us.didata.com: "Looking trade a Routing and Switching Oct 8 lab date for a date"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What's the minimum requirement for per interface
authentication?

I searched but found no example.

--- Jim Brown <Jim.Brown@caselogic.com> wrote:
> Frank,
>
> This is only one way to solve the problem. You
> better take a hard look at
> per interface authentication including per interface
> virtual link
> authentication.
>
> Area authentication is old school. You should
> consult the documentation and
> not solely depend on CCO.
>
> -----Original Message-----
> From: frank.yu@japan.bnpparibas.com
> [mailto:frank.yu@japan.bnpparibas.com]
> Sent: Friday, September 06, 2002 5:04 AM
> To: Jim.Brown@caselogic.com
> Cc: syv@911networks.com; icenteno2001@yahoo.com;
> ccielab@groupstudy.com
> Subject: RE: Re[2]: OSPF Virtual Link Authentication
>
>
>
> Jim
>
> Check this link out.
>
> http://www.cisco.com/warp/public/104/27.html
>
> Frank
>
>
>
> Internet
> Jim.Brown@caselogic.com@groupstudy.com - 09/06/2002
> 07:55 AM
>
>
> Please respond to Jim.Brown@caselogic.com
>
> Sent by: nobody@groupstudy.com
>
> To: syv, icenteno2001
>
> cc: ccielab
>
>
> Subject: RE: Re[2]: OSPF Virtual Link
> Authentication
>
>
> I think you can enable per interface authentication
> with virtual links
> without enabling authentication in area 0.
>
> I pretty sure on this, but I don't want to state it
> as fact since I've
> already been wrong on one post this week.
>
>
>
> -----Original Message-----
> From: syv [mailto:syv@911networks.com]
> Sent: Thursday, September 05, 2002 4:48 PM
> To: Ivan Centeno
> Cc: ccielab@groupstudy.com
> Subject: Re[2]: OSPF Virtual Link Authentication
>
>
> On Thursday, September 05, 2002, Ivan Centeno wrote:
>
> I just had a similar scenario last week:
>
> Area 0 was authenticated MD5. Here is the code from
> the
> listing:
>
> router ospf 10
> router-id 1.1.1.1
> log-adjacency-changes
> area 0 authentication message-digest
> area 126 virtual-link 6.6.6.6 message-digest-key 1
> md5 cisco
>
> I remembered reading somewhere that the far-end
> router is
> logically attached to area 0 through the
> virtual-link.
>
>
> -----Original Message-----
> IC> Frank,
>
> IC> In my understanding the answer is no. Area 1 is
> just a
> IC> transit area, the virtual link encapsulates the
> LSA
> IC> between R2 y R3 ( acting like a real link ).
> Because
> IC> of that Area 1 not even need to have
> authentication
> IC> enable.
>
> IC> Ivan
>
> IC> --- frank.yu@japan.bnpparibas.com wrote:
> >>
> >> Paul,
> >>
> >> Correct me if I am wrong. When you config a
> >> diagram as following
> >>
> >>
> >>
> IC>
>
R1------------------------------R2--------------------R3-------------
> >> ospf a0
> >> ospf a1
> >> ospf a2
> >>
> >> R3 should see route in a0 as intra area
> route
> >> other than inter area
> >> route, so as I understand A0 and A1 should have
> same
> >> authentication type
> >> either plain text or message digest.
> >>
> >> Frank
> >>
> >>
> >>
> >> Internet
> >> icenteno2001@yahoo.com@groupstudy.com -
> 09/05/2002
> >> 12:23 PM
> >>
> >>
> >> Please respond to icenteno2001@yahoo.com
> >>
> >> Sent by: nobody@groupstudy.com
> >>
> >> To: paul, ccielab
> >>
> >> cc:
> >>
> >>
> >> Subject: Re: OSPF Virtual Link Authentication
> >>
> >>
> >> Paul,
> >>
> >> I am working in the subject too.
> >> comments in line.
> >>
> >> Ivan
> >> --- Paul Grey <paul@greyboy.org> wrote:
> >> > Could someone please clarify for me the exact
> >> > context that the
> >> > authentication parameters are used in the OSPF
> >> > virtual link command:-
> >> >
> >> > area 1 virtual-link 1.1.1.1 [authentication |
> >> > authentication-key]
> >> >
> >> > I currently have a config with Area 0 using
> plain
> >> > text authentication
> >> > (password cisco) and Area 1 is using
> >> message-digest
> >> > (sanjose).
> >> >
> >> > Ive configured a virtual link across Area 1 to
> a
> >> > router tagged to Area
> >> > 2.
> >> >
> >> > Using:-
> >> >
> >> > Area 0 authentication
> >> > Area 1 virtual-link a.b.c.d
> >> >
> >> > On the Area 2 router my virtual link comes up.
> >> >
> >> > So Im assuming that the link has come up
> because
> >> > the default null
> >> > string is being used by the virtual-link for
> >> > authentication. Am I right?
> >>
> >> My guess is yes.
> >> >
> >> > If I am then why use the parameters in the
> >> command.
> >> >
> >> I think that the main reason is backward
> >> compatibility
> >> and the desire of full security in the flooding
> of
> >> the
> >> LSA.
>
=== message truncated ===

• Next message: ccie2002@bellsouth.net: "Tunnel Interface Help"
• Previous message: robert.reichel@us.didata.com: "Looking trade a Routing and Switching Oct 8 lab date for a date"
• Maybe in reply to: Paul Grey: "OSPF Virtual Link Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:45 GMT-3