[j-nsp] OSPF per interface AuType
Raymond Cheh
rcheh at juniper.net
Mon Jun 20 18:35:54 EDT 2005
Levent,
To configure ospf authentication under an interface, you cannot
configure authentication-type under the area. (Hence the syntax
failure.)
To apply 1 authentication-type to all the interfaces under the same
area, apply-group can be used. Exceptions can always be specified under
the interface explicitly.
For example:
groups ospf_simple {
protocols {
ospf {
Area 0.0.0.0 {
Interface <*> {
Authentication simple-password hello;
}
}
}
}
}
protocols {
ospf {
apply-groups ospf_simple;
area 0.0.0.0 {
interface so-0/0/0.0;
interface ge-0/2/0.2 {
authentication {
md5 5 goodbye;
}
}
}
}
}
In this case, so-0/0/0.0 will be using simple-password authentication
and ge-0/2/0.2 md5. (I just made up the configuration, so the passwords
are not encrypted.
Let me know if you still have problems. Thanks.
Raymond
________________________________
From: Levent Ogut [mailto:levent.ogut at gmail.com]
Sent: Monday, June 20, 2005 3:07 PM
To: Raymond Cheh
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] OSPF per interface AuType
am I missing something ? I am testing with 7.1R2.2
"authentication-type" is not valid under the "protocols ospf area
x.x.x.x interface y" stanza,
and it doesn't pass the commit check when area is configured simple and
interface is configured md5 .
[edit protocols ospf area 0.0.0.0]
root at lab# ...0 authentication md5 1 key perinterfacekeytest
[edit protocols ospf area 0.0.0.0]
root at lab# commit check
[edit protocols ospf area 0.0.0.0 interface so-0/1/0.0 authentication]
'md5 1'
area authentication-type incompatible with interface key
error: configuration check-out failed
[edit protocols ospf area 0.0.0.0]
root at lab# show
authentication-type simple;
interface so-0/1/0.0 {
metric 65000;
authentication {
md5 1 key "<deleted>"; ## SECRET-DATA
}
}
On 6/20/05, Raymond Cheh <rcheh at juniper.net> wrote:
Levent,
That has been the case for a while now!
http://www/techpubs/software/junos/junos64/swconfig64-routing/html/ospf-
summary4.html
Raymond
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto: juniper-nsp-
<mailto:juniper-nsp->
> bounces at puck.nether.net] On Behalf Of Levent Ogut
> Sent: Monday, June 20, 2005 2:12 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] OSPF per interface AuType
>
> Hi all,
>
> Does anyone know if Juniper will implement per interface
authentication-
> type
> configuration ? (probably someone from juniper ;))
>
> Probably everybody is using cryptographic authentication for all
> areas/interfaces but it would be usefull to get rid of legacy simple
> authentication configurations.
>
>
> TIA
>
>
> levent
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list