Chuck theologized, >I got to thinking about this a little bit further. Warning - what follows is >more metaphysical, and less technical. I believe it does adequately explain >the thought process that resulted in the original homily. > >It comes down to Augustinian and anti-Augustinian thought. > >According to Augustine of Hippo, evil is not a thing in an of itself. Evil >is merely the absence of good. Same as darkness is merely the absence of >light. This good and evil, day and night, are not opposites. I suppose one >might then argue that a vacuum is merely the absence of air. > >In this Augustinian viewpoint, when no area authentication is configured >then what you have is nothing. Which leaves the mystery of interface >authentication and it's purpose.
Have you considered, then, the theological significance of the null interface? > >However, if one takes an anti-Augustinian view, which it appears that the >Cisco developers did, then when you read the documentation that states that >the default area authentication is null, one must then agree that null >authentication is a thing in and of itself. If no area authentication is >configured, then in reality null authentication is configured. The area does >indeed have authentication configured. The interface authentication, then, >is doing what the docs say - overriding the area configuration with a >specific authentication that applied to the interface only. > >The proof of this is that when specific area authentication is configured, >one can override it with the interface configuration of null, which is a >kind of authentication. It is fair to say that now there are three kinds of >OSPF authentication. clear text, md5, and null. One of those types MUST be >configured under the ospf process. The default is null ( not "none" ) One of >those types must be configured on each ospf interface. the default is null >except when an area authentication is configured under the ospf process ( >had to include this one or else the flow of logic fails ) If a man speaks in an empty forest, where there is no woman to hear him, is he still wrong? If a woman speaks in an empty forest, where there is no man to hear her, is she still nagging? If only one side of an interface is authenticated, but if it will not form a neighbor relationship if the other end doesn't care, is the relationship scure? > >The happy accident that results from this is that area authentication need >not be configured on routers on both sides of the link. Only on one side. >Well, maybe not really an accident. After all, the other side ospf process >has the default authentication set to null. The interface authentication >overrides for just that interface. This explains the result I documented >below. > >So how'd I do, Howard? :-> I quote Augustine of Hippo's response to one who asked him "What was God doing before he created the universe?" "Creating a Hell for those who have the impertinence to ask such questions." > >footnote: I realize that in terms of router code, there is probably a >register with certain bit positions indicating authentication in place. for >example: > >0000 = area authentication = null, interface authentication = null >0001 = area authentication = null, interface authentication = clear text >0010 = area authentication = null, interface authentication = md5 >0011 = area authentication = clear text, interface authentication = null >0100 = area authentication = clear text, interface configuration = clear >text >0101 = area authentication = clear text, interface authentication = md5 >0110 = area authentication = md5, interface authentication = null >0111 = area authentication = md5, interface authentication = clear text >1000 = area authentication = md5, interface authentication = md5 >1011 = area authentication required but interface not configured >1111 = area authentication = null, interface authentication configuration >not required ( the absence of good ) > >these would be pointers to the appropriate subroutine process for handling >OSPF packets received or sent on an interface. > >sorry for the boring lecture. > >Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60321&t=60321 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
