Sunday, July 28, 2013

OSPF Null Authentication


Pic. 1 - Topology Diagram.


Task 1
Remove OSPF MD5 authentication between R1 and R2 (look at configuration in previous lab). Do not change anything else on R1. Ensure R1 and R2 stay OSPF neighbors.


Questions
Try to answer the following questions:
  1. What is OSPF Null authentication?
Study Drill

Consider the configuration on R1:

Pic. 2.

The task stipulates that we can remove OSPF configuration from R1's FastEthernet, but we CAN'T change anything in OSPF routing context (we can't remove 'area 0 authentication).

Since FastEtherent0/0 on R1 is enabled in OSPF area 0, the only option we have is to apply OSPF null authentication.

Lab Solution
Task 1
Remove OSPF MD5 authentication between R1 and R2 (look at configuration in previous lab). Do not change anything else on R1. Ensure R1 and R2 stay OSPF neighbors.


R1 Config:
!
interface FastEthernet0/0
 no ip ospf message-digest-key 1 md5 G33K
 no ip ospf message-digest-key 2 md5 CISCO123
 ip ospf authentication null

!

R2 Config:
!
interface FastEthernet0/0
 no  ip ospf authentication message-digest
 no  ip ospf message-digest-key 1 md5 G33K

!

Pic. 3.



Study Drill

Recall the order of operations in terms of OSPF: interface-based authentication overrides the routing context one. Also, if authentication is enabled in the OSPF routing context for a specific area, ALL interfaces in this authenticated area will send their 'hello' packets with the authentication method/data by default. 

In the later labs we will use OSPF Virtual Link configuration. Which area will a VL belong to? How area authentication will affect VL?