See.... Now, I'll beg to differ a little bit here on the logic side of
things.
Because your last line is technically incorrect. According to the RFC,
you will use a NULL key by default, so it's STILL an md5 password, it
just happens to be one that you did not specify. But being that it's
generating a hash, you can't "not" have one, you can simply have one
seeded with a null string.
But I'd agree that it's good to know what the defaults are!
*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
CCDE #2009::D, JNCIE-M #153, JNCIE-ER #102, CISSP, et al.
CCSI #21903, JNCI-M, JNCI-ER
swm_at_emanon.com
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
On 5/20/11 1:00 PM, Marko Milivojevic wrote:
> The thing is... it's even a little bit more complicated than that :-).
> There are 3 authentication types, but there are more possibilities
> than only three.
>
> - NULL Authentication (Type 0)
> - Text Authentication (Type 1) with password
> - Text Authentication (Type 1) without password
> - MD5 Authentication (Type 2) with password
> - MD5 Authentication (Type 2) without password
>
> Also, you may have area authentication and per-interface
> authentication, making things even more fun. Which one takes
> precedence, area-configured authentication, or interface one? What
> happens when you configure Type 1 authentication and Type 2 key, or
> the other way around? Etc :-) Endless fun!
>
> @Scott - I like 4th type *grin*.
>
> --
> Marko Milivojevic - CCIE #18427
> Senior Technical Instructor - IPexpert
>
> FREE CCIE training: http://bit.ly/vLecture
>
> Mailto: markom_at_ipexpert.com
> Telephone: +1.810.326.1444
> Web: http://www.ipexpert.com/
>
> On Fri, May 20, 2011 at 09:34, Darby Weaver <darby.weaver_at_gmail.com> wrote:
>> All,
>>
>> Refer to the following:
>>
>> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186
>> a0080094069.shtml
>>
>>
>> These are the three different types of authentication supported by OSPF.
>>
>> B -
>>
>> B *Null Authentication* This is also called Type 0 and it means no
>> B authentication information is included in the packet header. It is the
>> B default.
>> B -
>>
>> B *Plain Text Authentication* This is also called Type 1 and it uses simple
>> B clear-text passwords.
>> B -
>>
>> B *MD5 Authentication* This is also called Type 2 and it uses MD5
>> B cryptographic passwords.
>>
>> Authentication does not need to be set. However, if it is set, all peer
>> routers on the same segment must have the same password and authentication
>> method. The examples in this document demonstrate configurations for both
>> plain text and MD5 authentication.
>>
>>
>> Umm....
>>
>> I'd advise knowing that there is a "Type 0", a "Type 1", and a "Type 2"
>> authentication for OSPF.
>>
>>
>> True we only configure 2 of the 3 types... however, WELCOME TO SPARTA...
>> don't get kicked into the pit. B Know your options and know how to interpret
>> them.
>>
>>
>>
>> Some things don't get emphasized enough and some get watered over...
>>
>> I've just emphasized it.
>>
>> :)
>>
>>
>>
>> Darby
>>
>>
>>
>>
>>
>>
>> On Fri, May 20, 2011 at 9:14 AM, GAURAV MADAN
>> <gauravmadan1177_at_gmail.com>wrote:
>>
>>> "everyone" ........... not everyone Darby ..
>>>
>>> if u somehow see Video on demand INE as well .... they also mention 3 type
>>> of ospf auth ..
>>>
>>> no auth
>>> plain
>>> md5
>>>
>>>
>>>
>>> B On Fri, May 20, 2011 at 4:27 PM, Darby Weaver
>> <darby.weaver_at_gmail.com>wrote:
>>>> That's what I love about the CCIE Lab...
>>>>
>>>> Everyone says there are "only" 2 types of authentication in OSPF....
>>>>
>>>> 1. Plain text
>>>> 2. MD5
>>>>
>>>> If you listen to all your most knowledgeable friends on Groupstudy and a
>>>> couple of three (maybe more CCIE's of some repute)...
>>>>
>>>> And then you find yourself in the "gladiator's chamber" one day... and a
>>>> third is suggested by some hint of a vague clue...
>>>>
>>>> Unless you've heard of RFC2328 and then you find... there is a third...
>>>> and
>>>> you find yourself astonished in about the same way everyone else was when
>>>> we
>>>> found out that Luke Skywalker was not quite "The Last Hope" as mentioned
>>>> by
>>>> Yoda... B Yep... there are three...
>>>>
>>>>
>>>> OSPF as defined in
>>>> [RFC2328<https://mail.google.com/mail/html/compose/static_files/rfc2328>]
>>>>
>>>>
>>>> includes three different types of
>>>> B authentication schemes: Null authentication, simple password and
>>>> B cryptographic authentication. NULL authentication is akin to having
>>>> B no authentication at all. In the simple password scheme of
>>>> B authentication, the passwords are exchanged in the clear text on the
>>>> B network and anyone with physical access to the network can learn the
>>>> B password and compromise the security of the OSPF domain.
>>>>
>>>> B In the cryptographic authentication scheme, the OSPF routers on a
>>>> B common network/subnet share a secret key which is used to generate a
>>>> B keyed MD5 digest for each packet and a monotonically increasing
>>>> B sequence number scheme is used to prevent replay attacks.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Darby Weaver
>>>> Network Engineer
>>>> http://www.darbyslogs.blogspot.com
>>>>
>>>> darbyweaver_at_yahoo.com
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>
>> --
>> Darby Weaver
>> Network Engineer
>> http://www.darbyslogs.blogspot.com
>>
>> darbyweaver_at_yahoo.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri May 20 2011 - 13:42:28 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART