This topic is to discuss the following lesson:
Rene, do you have IPSEC lesson?
I just published it, it’s a long story:
Let me know what you think of it.
Is the “0” or “7” option relating to whether or not the running-config file saves the key as encrypted or clear text?
Options 0 and 7 refer to whether or not the key that is sent between the routers during the authentication process is encrypted. In order to encrypt the key in the configuration file, use the
system password-encryption command. This command encrypts authentication key passwords among others.
I hope this has been helpful!
does this means IPsec is the only way to authenticate in OSPFv3?
I tried with the following and it worked:
R2#interface Ethernet0/0 no ip address ipv6 address 2001::2/64 ospfv3 1 authentication key-chain CISCO ospfv3 1 ipv6 area 0 R2#show ospfv3 ipv6 OSPFv3 1 address-family ipv6 Router ID 220.127.116.11 Active Key-chains: Key chain CISCO: Send key 1, Algorithm HMAC-SHA-1, Number of interfaces 1 Area BACKBONE(0)
Edit: This post gives the idea that OSPFv3 does not support any authentication beside IPsec, but after checking it does support the usual MD5 and HMAC that I mentioned above.
what about this command?
R1(config-if)#ospfv3 encryption ipsec
This is interesting, I haven’t seen this before. It seems they added non-IPSec support later in OSPFv3:
I’ll update the lesson to include this, it’s a valid method to configure authentication.