Date: 2005-01-09 01:18 -600

To: Cisco certification

Subject: Goodbye area x authentication command????
Hi all!
I think I have stumbled upon something while playing with authentication in OSPF. Pardon me if this is really old news.
Call me crazy - but I never want (or seem to need) to use the area x authentication command again!
In order to configure either Type 1 or Type 2 authentication between peers - simply do the following on INTERFACES:
Type 1 Exampe:

 ip ospf authentication 
 ip ospf authentication-key cisco

 ip ospf authentication message-digest 
 ip ospf message-digest-key 1 md5 cisco

I am thinking about making these methods my new best practices - I found it more quick to configure this way - and I also found that it eliminated the need for additional manipulation of virtual links......

Comments?????

One potential issue that I see is that if Cisco says in the lab that you must authenticate in area 0 - and you do it using this method - and you have virtual links - you are not truly meeting the requirement since there is not authentication on the virtual link which is part of area 0.

Hi Anthony,

What you are talking about is called link authentication and should be used when you need to authenticate a peer. The other method you're talking about is called Area authentication and should be used when you're asked to secure an area.
Area Authenticaton Clear text -

 router ospf 100
   area 0 authentication                               (clear text)
 interface s0/0
   ip ospf authentication-key cisco                (clear text)

  router ospf 100 
    * area 0 authentication                          (clear text)

  router ospf 100
   * area 33 virtual-link 10.1.101.1 authentication-key cisco

 interface s0/0
        ip ospf authentication
        ip ospf authentication-key cisco                (clear text)

The "best practices" for these types of question is to use the context of the question to determine what type of authentication is being asked for.