Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  OSPF Authentication - RFC 2328 vs Junos

    Posted 09-20-2012 08:34

    RFC 2328 recommends and I quote

    The authentication type is configurable on a per-interface (or
    equivalently, on a per-network/subnet) basis.  Additional
    authentication data is also configurable on a per-interface basis.

     This would mean that any enhancements made to provide authentication for all links in an area in a single command should be exactly that, an enhancement.

     

    But Junos documentation and the CLI lead me to believe that OSPF authentication-type in Junos is configurable at the Area level only. The only thing one can configure at the interface level is the authentication-key/message-digest-key.

     

    Does this not break the RFC requirements?

     

    More so than that, is my observation correct that all interfaces on all routers in a single area must use the same authentication-type? There is no way this can be overridden on a per-interface basis?

     

    Thanks,

     

    Nic


    #OSPFauthentication
    #ospf
    #RFC2328


  • 2.  RE: OSPF Authentication - RFC 2328 vs Junos
    Best Answer

    Posted 09-20-2012 15:33

    Hi Juniper supports OSPF authentication at interface level. You can configure authentication type at interface level. ( MD5 or Simple-Password)

     

    R6#set protocols ospf area 1 interface xe-9/0/0.100 authentication ?
    Possible completions:
    + apply-groups         Groups from which to inherit configuration data
    + apply-groups-except  Don't inherit configuration data from these groups
    > md5                  MD5 authentication key
      simple-password      Authentication key



    R6# set protocols ospf area 1 interface xe-9/0/0.100 authentication md5 ?
    Possible completions:
      <key-id>             Key ID for MD5 authentication (0..255)



    R6# set protocols ospf area 1 interface xe-9/0/0.100 authentication simple-password ?
    Possible completions:
      <simple-password>    Authentication key

     

    Regards

    Moses N

     

    -------------------------------------------------------

    If this post answers your question, please mark it as "Accepted Solution".
    Kudos are a nice way of expressing your gratitude



  • 3.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 04:30

    Moses,

     

    Thanks for clearing my misunderstanding.

     

    So, am I correct in stating that both the authentication-type and the authentication/message-digest-key are set using a single command?

     

    I logged on the CLI quickly and my verification with a single router seems to say that 

     

    interface fe-0/0/0.0 authentication simple-password XXXX
    
    interface fe-0/0/0.0 authentication md5 1 key XXXX

     are mutually exclusive. Thus, the first command sets the authentication-type to 1  and key to XXXX and the second command sets the authentication-type to 2 and key to XXXX.

     

    Thank you, that clarifies a lot. I will be doing some labs over the weekend that should verify my observations.

     

    Nic



  • 4.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 05:04

    Hi Nic,

    Yes, That's correct.

     

    Regards

    Moses N

     

    -------------------------------------------------------

    If this post answers your question, please mark it as "Accepted Solution".
    Kudos are a nice way of expressing your gratitude



  • 5.  RE: OSPF Authentication - RFC 2328 vs Junos

    Posted 09-21-2012 07:42

    Just to add some more information to the post, it seems that even the current Junos does not support the area level authentication.

     

    I have a couple of older machines 8.0 where I have the following command

     

    nic@R2# set protocols ospf area 0 authentication-type ?
    Possible completions:
      md5                  MD5 authentication
      none                 No authentication
      simple               Simple password authentication
    [edit]
    nic@R2# run show version
    Hostname: R2
    Model: m10
    JUNOS Base OS boot [8.1R4.3]
    

     

    The command is gone by the Junos 8.5 release.

     

    Thanks again Moses,

     

    Nic