From: Nathan Chessin (nchessin@cisco.com)
Date: Tue Sep 24 2002 - 15:23:48 GMT-3
As far as part one, I would assume that you don't want your passwords/keys
to be seen with show commands. This defeats the purpose of authentication.
Authentication on OSPF isn't just a lab scenario to make configuration more
difficult, it's meant to only allow interfaces running OSPF authentication
with the correct key to partake in the OSPF area process. Obviously, you
don't want Joe Shmoe to execute a show command and get the keys, right?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Dave Stoddard
Sent: Tuesday, September 24, 2002 10:59 AM
To: ccielab@groupstudy.com
Subject: OSPF Authentication
I sent this question yesterday, but I didn't see that it made it to the
list. So sorry if somehow this makes it to the list twice.
1> I have the following configuration (only a portion shown) & everything is
working fine. The specific requirement I'm working on is MD5 authentication
in area 1. What I don't understand is that when I issue the show ip ospf
interface command it shows "Message digest authentication enabled", but "No
key configured, using default key id 0". Why does it show no key
configured?
2> When the lab asks to use MD5 authentication, does it matter encryption
type, i.e. "<0-7> Encryption type (0 for not yet encrypted, 7 for
proprietary)"?
interface Serial0/0.4 multipoint
ip address 135.3.12.4 255.255.255.248
ip ospf authentication message-digest
ip ospf authentication-key 6 secure
ip ospf network non-broadcast
frame-relay map ip 135.3.12.3 300 broadcast
frame-relay map ip 135.3.12.4 401 broadcast
frame-relay map ip 135.3.12.6 401 broadcast
no frame-relay inverse-arp
!
router ospf 100
router-id 135.3.4.4
log-adjacency-changes
area 0 authentication
area 1 authentication message-digest
area 1 virtual-link 135.3.6.6 authentication message-digest
authentication-key 6 secure
area 1 virtual-link 135.3.3.3 authentication message-digest
authentication-key 6 secure
passive-interface Ethernet0/0
passive-interface Serial0/1
network 135.3.4.0 0.0.0.255 area 1
network 135.3.12.0 0.0.0.7 area 1
network 135.3.28.0 0.0.0.255 area 0
neighbor 135.3.12.3
neighbor 135.3.12.6
**********************
r4#sh ip ospf int
Serial0/0.4 is up, line protocol is up
Internet Address 135.3.12.4/29, Area 1
Process ID 100, Router ID 135.3.4.4, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) r4, Interface address 135.3.12.4
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:06
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor r3
Adjacent with neighbor r6
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:01 GMT-3