[j-nsp] OSPF per interface AuType

Levent Ogut levent.ogut at gmail.com
Mon Jun 20 18:44:53 EDT 2005 

Thats explains, that config passes the checks

thanks a lot


On 6/20/05, Raymond Cheh <rcheh at juniper.net> wrote:
> 
>  Levent,
> 
>  To configure ospf authentication under an interface, you cannot configure 
> authentication-type under the area. (Hence the syntax failure.)
> 
>  To apply 1 authentication-type to all the interfaces under the same area, 
> apply-group can be used. Exceptions can always be specified under the 
> interface explicitly.
> 
>  For example:
> 
>  groups ospf_simple {
> 
> protocols {
> 
> ospf {
> 
> Area 0.0.0.0 <http://0.0.0.0> {
> 
> Interface <*> {
> 
> Authentication simple-password hello;
> 
> }
> 
> }
> 
> }
> 
> }
> 
> }
> 
> protocols {
> 
> ospf {
> 
> apply-groups ospf_simple;
> 
> area 0.0.0.0 <http://0.0.0.0> {
> 
> interface so-0/0/0.0;
> 
> interface ge-0/2/0.2 {
> 
> authentication {
> 
> md5 5 goodbye;
> 
> }
> 
> }
> 
> }
> 
> }
> 
> }
> 
>  In this case, so-0/0/0.0 will be using simple-password authentication and 
> ge-0/2/0.2 md5. (I just made up the configuration, so the passwords are not 
> encrypted.
> 
>  Let me know if you still have problems. Thanks.
> 
>  Raymond
> 
>   ------------------------------
>  
> *From:* Levent Ogut [mailto:levent.ogut at gmail.com] 
> *Sent:* Monday, June 20, 2005 3:07 PM
> *To:* Raymond Cheh
> *Cc:* juniper-nsp at puck.nether.net
> *Subject:* Re: [j-nsp] OSPF per interface AuType
>  
>  am I missing something ? I am testing with 7.1R2.2
> "authentication-type" is not valid under the "protocols ospf area x.x.x.xinterface y" stanza,
> and it doesn't pass the commit check when area is configured simple and 
> interface is configured md5 .
> 
> [edit protocols ospf area 0.0.0.0 <http://0.0.0.0>]
> root at lab# ...0 authentication md5 1 key perinterfacekeytest 
> 
> [edit protocols ospf area 0.0.0.0 <http://0.0.0.0>]
> root at lab# commit check 
> [edit protocols ospf area 0.0.0.0 <http://0.0.0.0> interface so-0/1/0.0 
> authentication]
> 'md5 1'
> area authentication-type incompatible with interface key
> error: configuration check-out failed
> 
> [edit protocols ospf area 0.0.0.0 <http://0.0.0.0>]
> root at lab# show 
> authentication-type simple;
> 
> interface so-0/1/0.0 {
> metric 65000;
> authentication {
> md5 1 key "<deleted>"; ## SECRET-DATA
> }
> }
> 
> 
> 
>  On 6/20/05, *Raymond Cheh* <rcheh at juniper.net> wrote:
> 
> Levent,
> 
> That has been the case for a while now!
> 
> http://www/techpubs/software/junos/junos64/swconfig64-routing/html/ospf- 
> summary4.html
> 
> 
> Raymond
> 
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net [mailto: juniper-nsp-
> > bounces at puck.nether.net] On Behalf Of Levent Ogut
> > Sent: Monday, June 20, 2005 2:12 PM
> > To: juniper-nsp at puck.nether.net
> > Subject: [j-nsp] OSPF per interface AuType
> >
> > Hi all,
> >
> > Does anyone know if Juniper will implement per interface
> authentication-
> > type
> > configuration ? (probably someone from juniper ;)) 
> >
> > Probably everybody is using cryptographic authentication for all
> > areas/interfaces but it would be usefull to get rid of legacy simple
> > authentication configurations.
> >
> >
> > TIA 
> >
> >
> > levent
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
>  
>

More information about the juniper-nsp mailing list