RE: Goodbye area x authentication command????

From: alsontra@hotmail.com
Date: Sun Jan 09 2005 - 02:57:28 GMT-3

• Next message: Richard Gallagher: "Re: EIGRP neighbor statements"
• Previous message: alsontra@hotmail.com: "RE: EIGRP neighbor statements"
• Maybe in reply to: Anthony Sequeira: "Goodbye area x authentication command????"
• Next in thread: john matijevic: "RE: Goodbye area x authentication command????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Anthony,

What you are talking about is called link authentication and should be used
when you need to authenticate a peer. The other method you're talking about
is called Area authentication and should be used when you're asked to secure
an area.

Area Authenticaton Clear text -

router ospf 100
        area 0 authentication (clear text)
        
interface s0/0
        ip ospf authentication-key cisco (clear text)
        
Virtual-link:

router ospf 100
         * area 0 authentication (clear text)
        
router ospf 100
         * area 33 virtual-link 10.1.101.1 authentication-key cisco

Link Authentication Cleat text -

interface s0/0
        ip ospf authentication
        ip ospf authentication-key cisco (clear text)

The "best practices" for these types of question is to use the context of
the question to determine what type of authentication is being asked for.

HTH
Al

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Rick
Sent: Sunday, January 09, 2005 11:34 AM
To: Anthony Sequeira; Cisco certification
Subject: Re: Goodbye area x authentication command????

I use this method exclusively in the real world and lab practice. It is
easier for us since we multiple vendors and the other vendors authenticate
per interface. Just as long as you know the other ways you will be OK on the
lab. Keep in mind that if the question does not point you towards one or the
other you are better off asking the proctor rather than assuming.

Rick

----- Original Message -----
From: "Anthony Sequeira" <terry.francona@gmail.com>
To: "Cisco certification" <ccielab@groupstudy.com>
Sent: Sunday, January 09, 2005 1:18 AM
Subject: Goodbye area x authentication command????

> Hi all!
>
> I think I have stumbled upon something while playing with
> authentication in OSPF. Pardon me if this is really old news.
>
> Call me crazy - but I never want (or seem to need) to use the area x
> authentication command again!
>
> In order to configure either Type 1 or Type 2 authentication between
> peers - simply do the following on INTERFACES:
>
> Type 1 Exampe:
>
> ip ospf authentication
> ip ospf authentication-key cisco
>
> Type 2 Example:
>
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 cisco
>
>
> I am thinking about making these methods my new best practices - I
> found it more quick to configure this way - and I also found that it
> eliminated the need for additional manipulation of virtual links......
>
>
> Comments?????
>
> One potential issue that I see is that if Cisco says in the lab that
> you must authenticate in area 0 - and you do it using this method -
> and you have virtual links - you are not truly meeting the requirement
> since there is not authentication on the virtual link which is part of
> area 0.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Richard Gallagher: "Re: EIGRP neighbor statements"
• Previous message: alsontra@hotmail.com: "RE: EIGRP neighbor statements"
• Maybe in reply to: Anthony Sequeira: "Goodbye area x authentication command????"
• Next in thread: john matijevic: "RE: Goodbye area x authentication command????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:20 GMT-3