[j-nsp] OSPF per interface AuType

[Raymond Cheh]

Levent,

 

To configure ospf authentication under an interface, you cannot
configure authentication-type under the area. (Hence the syntax
failure.)

 

To apply 1 authentication-type to all the interfaces under the same
area, apply-group can be used. Exceptions can always be specified under
the interface explicitly.

 

For example:

 

groups ospf_simple {

   protocols {

      ospf {

         Area 0.0.0.0 {

            Interface <*> {

               Authentication simple-password hello;

            }

         }

      }

   }

}

protocols {

   ospf {

      apply-groups ospf_simple;

      area 0.0.0.0 {

         interface so-0/0/0.0;

         interface ge-0/2/0.2 {

            authentication {

               md5 5 goodbye;

            }

         }

      }

   }

}

 

In this case, so-0/0/0.0 will be using simple-password authentication
and ge-0/2/0.2 md5. (I just made up the configuration, so the passwords
are not encrypted.

 

Let me know if you still have problems. Thanks.

 

Raymond

 

________________________________

From: Levent Ogut [mailto:levent.ogut at gmail.com] 
Sent: Monday, June 20, 2005 3:07 PM
To: Raymond Cheh
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] OSPF per interface AuType

 

am I missing something ? I am testing with 7.1R2.2
"authentication-type" is not valid under the "protocols ospf area
x.x.x.x interface y" stanza,
and it doesn't pass the commit check when area is configured simple and
interface is configured md5 .

[edit protocols ospf area 0.0.0.0]
root at lab# ...0 authentication md5 1 key perinterfacekeytest


[edit protocols ospf area 0.0.0.0]
root at lab# commit check 
[edit protocols ospf area 0.0.0.0 interface so-0/1/0.0 authentication]
  'md5 1'
    area authentication-type incompatible with interface key
error: configuration check-out failed

[edit protocols ospf area 0.0.0.0]
root at lab# show 
authentication-type simple;

interface so-0/1/0.0 {
    metric 65000;
    authentication {
        md5 1 key "<deleted>"; ## SECRET-DATA
    }
}





On 6/20/05, Raymond Cheh <rcheh at juniper.net> wrote:

Levent,

That has been the case for a while now!

http://www/techpubs/software/junos/junos64/swconfig64-routing/html/ospf-

summary4.html


Raymond

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto: juniper-nsp-
<mailto:juniper-nsp-> 
> bounces at puck.nether.net] On Behalf Of Levent Ogut
> Sent: Monday, June 20, 2005 2:12 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] OSPF per interface AuType
>
> Hi all,
>
> Does anyone know if Juniper will implement per interface
authentication-
> type
> configuration ? (probably someone from juniper ;)) 
>
> Probably everybody is using cryptographic authentication for all
> areas/interfaces but it would be usefull to get rid of legacy simple
> authentication configurations.
>
>
> TIA 
>
>
> levent
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp