Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Juniper / OSPF ‘authentication-type’ deprecated or showing as hidden on different versions.

OSPF ‘authentication-type’ deprecated or showing as hidden on different versions.

May 28, 2016 by James Palmer

OSPF ‘authentication-type’ deprecated or showing as hidden on different versions.

In different versions of Junos OS, the command authentication-type shows a warning that it is deprecated, or else when trying to configure it, the command is not even shown as available. Use of the context-sensitive help command (“?”) does not show the command either. This article will explain the behavior.

In Junos OS version 11.4 and earlier, when reviewing the configuration, or when doing a commit check, a message is displayed warning that the command is being deprecated:

[email protected]_11.4> show configuration protocols ospf
area 0.0.0.0 {
              authentication-type md5; ## Warning: 'authentication-type' is deprecated
              interface lo0.0;
              interface ge-0/2/1.101;
             }

OSPF interface authentication configuration is the best practice. OSPF authentication at the area level should be avoided.

Revised in the following Junos versions:
14.1R1
13.3R3
12.3R6
12.1R5
11.4R1

In Junos OS version 11.4 and earlier, when reviewing the configuration, or when doing a commit check, a message is displayed warning that the command is being deprecated:

[email protected]_11.4> show configuration protocols ospf
area 0.0.0.0 {
              authentication-type md5; ## Warning: 'authentication-type' is deprecated
              interface lo0.0;
              interface ge-0/2/1.101;
             }
[edit]
[email protected]_11.4# commit check
[edit protocols ospf area 0.0.0.0 interface lt-0/0/0.1]
'authentication' area authentication-type incompatible with interface key

error: configuration check-out failed

When attempting to configure authentication at the area level the <authentication-type> is not offered as an option choice:

[email protected]_13.3R3# set protocols ospf area 0 ?
Possible completions:
+ apply-groups                       Groups from which to inherit configuration data
+ apply-groups-except                Don't inherit configuration data from these groups
> area-range                         Configure area ranges
> context-identifier                 Configure context identifier in support of edge protection
> interface                          Include an interface in this area
> label-switched-path                Configuration for advertisement of a label-switched path
+ network-summary-export             Export policy for Type 3 Summary LSAs
+ network-summary-import             Import policy for Type 3 Summary LSAs
no-context-identifier-advertisement  Disable context identifier advertisments in this area
> peer-interface                     Configuration for peer interface
> virtual-link                       Configure virtual links

Nevertheless once you have typed the keyword you can verify the possible completions:

[email protected]_13.3R3# set protocols ospf area 0 authentication-type ?
Possible completions:
md5 MD5 authentication
none No authentication
simple Simple password authentication

When you do a commit check, you will not get the warning message as you did on version 11.4.

Below, you will find an example configuration for two logical systems that have configured authentication-type at the area level:
Configuration:

[email protected]# show | display set
set logical-systems D1 interfaces lt-0/0/0 unit 1 encapsulation ethernet
set logical-systems D1 interfaces lt-0/0/0 unit 1 peer-unit 2
set logical-systems D1 interfaces lt-0/0/0 unit 1 family inet address 10.10.10.1/24
set logical-systems D1 protocols ospf area 0.0.0.0 authentication-type md5
set logical-systems D1 protocols ospf area 0.0.0.0 interface lt-0/0/0.1
set logical-systems D2 interfaces lt-0/0/0 unit 2 encapsulation ethernet
set logical-systems D2 interfaces lt-0/0/0 unit 2 peer-unit 1
set logical-systems D2 interfaces lt-0/0/0 unit 2 family inet address 10.10.10.2/24
set logical-systems D2 protocols ospf area 0.0.0.0 authentication-type md5
set logical-systems D2 protocols ospf area 0.0.0.0 interface lt-0/0/0.2

Next, we will show the output from three different show commands:

  • show ospf neighbor
  • show ospf overview
  • show ospf interface

First, you will find that neighborship is up and full between both neighbors, using the command show ospf neighbor:

[email protected]# run show ospf neighbor logical-system D2
Address Interface State ID Pri Dead
10.10.10.1 lt-0/0/0.2 Full 10.10.10.1 128 34

[edit]
[email protected]# run show ospf neighbor logical-system D1
Address Interface State ID Pri Dead
10.10.10.2 lt-0/0/0.1 Full 10.10.10.2 128 37

Second, the overview shows that the authentication type does meet our configuration for message-digest algorithm (MD5). Use the command show ospf overview:

[edit]
[email protected]# run show ospf overview logical-system D1
Instance: master
Router ID: 10.10.10.1
Route table index: 23
LSA refresh time: 50 minutes
Area: 0.0.0.0
Stub type: Not Stub
Authentication Type: MD5
Area border routers: 0, AS boundary routers: 0
Neighbors
Up (in full state): 1
Topology: default (ID 0)
Prefix export count: 0
Full SPF runs: 6
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed

[edit]
[email protected]# run show ospf overview logical-system D2
Instance: master
Router ID: 10.10.10.2
Route table index: 25
LSA refresh time: 50 minutes
Area: 0.0.0.0
Stub type: Not Stub
Authentication Type: MD5
Area border routers: 0, AS boundary routers: 0
Neighbors
Up (in full state): 1
Topology: default (ID 0)
Prefix export count: 0
Full SPF runs: 4
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed

Third, notice that if you check the authentication at the interface level, it will show as None. This is expected, as the configuration was performed at the OSPF area level. Use the command show ospf interface:

[email protected]# run show ospf interface lt-0/0/0.91 detail logical-system D2
Interface State Area DR ID BDR ID Nbrs
lt-0/0/0.91 BDR 0.0.0.0 10.10.10.1 10.10.10.2 1
Type: LAN, Address: 10.10.10.2, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 10.10.10.1, BDR addr: 10.10.10.2, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 1
[email protected]# run show ospf interface lt-0/0/0.90 detail logical-system D1
Interface State Area DR ID BDR ID Nbrs
lt-0/0/0.90 DR 0.0.0.0 10.10.10.1 10.10.10.2 1
Type: LAN, Address: 10.10.10.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1
DR addr: 10.10.10.1, BDR addr: 10.10.10.2, Priority: 128
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 1

Related

Filed Under: Juniper Tagged With: authentication-type, OSPF

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2023 · News Pro Theme on Genesis Framework · WordPress · Log in