Re: Virtual-link authentication and AREA 0 authentication

From: swm@emanon.com
Date: Sun Apr 02 2006 - 14:37:15 GMT-3

• Next message: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Previous message: sheng li: "Re: Virtual-link authentication and AREA 0 authentication"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Next in thread: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The authentication is between neighbors. Even though we apply part of the
config to a particular interface, you'll never be forming a peer/neighbor
relationship with anyone else over your loopback.

So therefore, the authentication keys are unnecessary on your loopback
interfaces. If it makes you feel better by putting it there though, feel
free, because it won't break anything either and you are not penalized for
"extra" configuration!

Cheers,

Scott

---- Message from sheng li <slilxn@yahoo.com> at 2006-04-02 10:26:25 ------
>Thanks to everyone who chipped in your view. You
>guys/gals are so wonderful!
>
>I'm summarizing the situation:
>With both the physical area 0 router and Virtual
>linked remote router having "area 0 authen mess", the
>virtual links are up and authenticated, but with Null
>key, which might not satisfy the lab requirement. I do
>see links being fully exchanged.
>How about loopbacks? All those loopback interfaces I
>am supposed to put inside area 0, do I really need to
>apply the "ip ospf mess 1 md5 <key>", per possible lab
>requirement?
>
>Thanks,
>Frank
>--- swm@emanon.com wrote:
>
>> If you look at your "show ip ospf interface" and
>> "show ip ospf virtual-link" you'll find that you ARE
>> indeed authenticating over the virtual link.
>> However you are encrypting with a null (empty) key.
>>
>> If your lab says use "cisco" as the password, you
>> just messed up. :)
>>
>> HTH,
>>
>> Scott
>>
>> ---- Message from sheng li <slilxn@yahoo.com> at
>> 2006-04-01 21:45:57 ------
>> >Folks,
>> >I've heard statements from several people that when
>> >OSPF area0 is configured with authentication, say,
>> >md5, the virtual links connecting a remote area
>> must
>> >be also configured with the same authentication.
>> I've
>> >doubted it and my routers seem to be distributing
>> >routes happily as long as the virtual-linked remote
>> >ABR has "ar 0 auth mess". Can you help me clarify
>> if
>> >this is a real requirement or am I missing
>> anything?
>> >
>> >Thanks!
>> >Frank
>> >
>> >__________________________________________________
>> >Do You Yahoo!?
>> >Tired of spam? Yahoo! Mail has the best spam
>> protection around
>> >http://mail.yahoo.com
>> >
>>
>>_______________________________________________________________________
>> >Subscription information may be found at:
>> >http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>>
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com

• Next message: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Previous message: sheng li: "Re: Virtual-link authentication and AREA 0 authentication"
• Maybe in reply to: sheng li: "Virtual-link authentication and AREA 0 authentication"
• Next in thread: Petr Lapukhov: "Re: Virtual-link authentication and AREA 0 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3