OSPF Authentication

GillieLucent · ‎09-29-2007

Hi,

I have three routers A,B and C all in area 0 connected to a switch. A and B routers require MD5 authentication where B and C doesnot require any authentication.Remember, all are in same subnet.

How to configure ?

Thanks,

Vijaybabu

Edison Ortiz · ‎09-29-2007

Instead of going with area authentication, you can configure interface authentication, between A and B.

Area Authentication:

area 0 authentication message-digest

interface f0/0

ip ospf message-digest-key 1 md5 CISCO

Interface Authentication

interface f0/0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 CISCO

HTH,

GillieLucent · ‎09-29-2007

Hi,

Thanks for replying.

I have already mentioned all are in same subnet. So, if I configure interface authentication in A and B, then C won't form neighbourship with A and B.

Thanks,

Vijaybabu

Edison Ortiz · ‎09-29-2007

It can't be done unless you want to move the OSPF process to a GRE tunnel, quite ugly config.

Is this for a study lab or production network ?

Edit: Thinking more about it, you can have multiple OSPF process. One OSPF process for A and B (OSPF 1) and another process for A, B and C without authentication (OSPF 2).

I have to lab this up but I believe it should work.

GillieLucent · ‎09-29-2007

hi,

This is for study lab.

But, if we have multiple process, then we need to redistribute between the process, that will be complex.

Thanks,

Vijaybabu

Edison Ortiz · ‎09-29-2007

I believe I've seen that Lab.

The solution was building dual OSPF processes.