OSPF Authentication question

Hi,

I was hoping someone could double check me.  I'm trying to find out if there is a
difference between the following two command sets?

My Solution for part of WB2 Lab3 to add authentication:

inter ser 0/0/0

 ip ospf
authentication message-digest

 ip ospf
authentication-key CISCO

Book solution:

interface Serial0/0

 ip ospf
message-digest-key 1 md5 CISCO

router ospf 1

 area 0 authentication
message-digest

 

Other than the book solution putting MD5 authentication on
all other neighbors in Area 0 is there any other differences?  Thanks for all help in advance.

AndyL

Comments

  • Hi

     

    There is no difference in the way auth works if configured at the process level compared to interface other than it is enabled for all interfaces in area 0 (including virtual links)

     

    If you have both configured then the interface overrides the area config.

    Nick

  • Three OSPF authentication types:

    1. Null - No authentication

    2. Type 1 - Simple Password

    3. Type 2 -  Message Digest

    Authentication can be enabled under
    1. OSPF Process - Applies to all interfaces in the Area but can be overridden by specifying different authentication at the specific interface.

     area 0 authentication ( type 1 )

    area 0 authentication message-digest(type 2).

    2. At Interface Level(Overrides OSPF Process Authentication)

    e.g.

     ip ospf  authentication ( Type 1)

    ip ospf authentication message-digest(Type 2)

    ip ospf authentication null ( no authentication and is default)

    Authentication is applied at interface level as follows:

    ip ospf message-digest-key 1 md5 CISCO (Type 2)

    ip ospf authentication-key CISCO (Type 1)

    Notice in your case you specified

    ip ospf authentication message-digest (enables type 2 authentication)

    ip ospf authentication-key CISCO (Applies type 1 authentication)

     

    Can be confusing but I hope that helps clear things out.

  • inter ser 0/0/0

     ip ospf
    authentication message-digest

     ip ospf
    authentication-key CISCO

    Book solution:

    interface Serial0/0

     ip ospf
    message-digest-key 1 md5 CISCO

    router ospf 1

     area 0 authentication
    message-digest

     

    Other than the book solution putting MD5 authentication on
    all other neighbors in Area 0 is there any other differences?  Thanks for all help in advance.

    AndyL

     

    In OSPF authentication, interface level configuration is preferred over the router subcommand mode. In order to configure OSPF MD5 authentiation , you need to put "ip ospf message-digest-key" command not the "authentication-key" which is used for simple password authentication.

    Sometimes you may need to enable OSPF authentication between two neighbors in a multi-access network. In that case you can configure interface level commands, but if you need to have an authentication on all the routers within the broadcast domain, you can go for router sub command mode configurations.

    If you have prevously configured router subcommand mode command on all the routers in a multi-access network & some of the routers need to be removed from the authentication, you can use " ip ospf authentication null" command for the same.

     

  • Guys,

     

    Thanks for explaining the differences between the types of authentication.  I now understand were I went wrong.

     

    Andy

  • Well put somniferous. I like that break down, easy follow and understand.

    Rob


    On Tuesday, November 19, 2013 10:00 AM, somniferous <[email protected]> wrote:
    Three OSPF authentication types:

    1. Null - No authentication

    2. Type 1 - Simple Password

    3. Type 2 -  Message Digest

    Authentication can be enabled under
    1. OSPF Process - area 0 authentication ( type 1 )

    area 0 authentication message-digest(type 2).

    2. At Interface Level(Overrides OSPF Process Authentication)

    e.g. ip ospf  authentication ( Type 1)

    ip ospf authentication message-digest(Type 2)

    ip ospf authentication null ( no authentication and is default)

    Authentication is applied at interface level as follows:

    ip ospf message-digest-key 1 md5 CISCO (Type 2)

    ip ospf authentication-key CISCO (Type 1)

    Notice in your case you specified

    ip ospf authentication message-digest(enables type 2)

    ip ospf authentication-key CISCO(Applies type 1).

    Can be confusing but I hope that helps clear things out.



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • Andy and Rob,

    I'm glad to be of help. I struggled with the combinations at first until I broke them down that way then I understood better.

Sign In or Register to comment.