Cisco,CCNP,BSCI,642-901,Tutori computer Cisco CCNP BSCI 642-901 Tutorial: Clear Text OSPF Neighbor A
----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc
An OSPF adjacency can be authenticated with MD5 (Message Digest 5) or with a clear-text password. Im not much on clear-text passwords, and hopefully you arent either! Whether youre working in the real world or the certification exam room, though, its always a good idea to know more than one way to do things. Lets take a look at how to configure clear-text authentication of an OSPF neighbor relationship.The commands well use are ip ospf authentication-key and ip ospf authentication. In this example, we have preexisting adjacencies between three routers in an OSPF NBMA network. The hub router (R1) has an adjacency with two spoke routers, R2 and R3.The password is set by the interface-level command ip ospf authentication-key. While Cisco routers will usually tell you when youre about to try to do something that you cant do, this password is a rare exception to the rule. Lets set a password of passbscitest and then check the router config.R1(config-if)#ip ospf authentication-key ? Encryption type (0 for not yet encrypted, 7 for proprietary)LINE The OSPF password (key)R1(config-if)#ip ospf authentication-key passbscitestR1#show configinterface Serial0ip address 172.12.123.1 255.255.255.0encapsulation frame-relayip ospf authentication-key passbsciI entered a 12-character password, but only the first eight are showing in the router configuration. The router failed to warn us that this particular password has a limit of eight characters. As of IOS 12.4, the router now warns the admin about this, but there are plenty of routers out there that arent running that recent a release!Clear-text authentication is enabled with the ip ospf authentication command. IOS Help shows there is no specific command for clear-text authentication. (Null and clear-text authentication are not the same thing.)R1(config)#int serial0R1(config-if)#ip ospf authentication ?message-digest Use message-digest authenticationnull Use no authenticationTo set clear-text authentication, just use the basic command with no options.R1(config-if)#ip ospf authenticationAbout two minutes after entering that configuration, the preexisting adjacencies go down:R1#00:25:38: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.2 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expiredR1#00:25:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.3 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expiredR1#Until we configure the spoke routers with the same config, the adjacencies will stay down so lets get those spokes configured!R2(config)#interface serial0R2(config-if)#ip ospf authentication-key passbsciR2(config-if)#ip ospf authenticationR3(config)#interface serial0R3(config-if)#ip ospf authentication-key passbsciR3(config-if)#ip ospf authenticationOn R1, show ip ospf neighbor verifies that the adjacencies are back up. R1#show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface172.12.123.3 0 FULL/DROTHER 00:01:58 172.12.123.3 Serial0172.12.123.2 0 FULL/DROTHER 00:01:37 172.12.123.2 Serial0Now that you know how to configure OSPF neighbor authentication in clear text, you need to learn how to use MD5 authentication, and that just happens to be the subject of my next CCNP BSCI 642-901 exam tutorial! See you then!
Cisco,CCNP,BSCI,642-901,Tutori