OSPF Authentication

Unanswered Question
Sep 29th, 2007


I have three routers A,B and C all in area 0 connected to a switch. A and B routers require MD5 authentication where B and C doesnot require any authentication.Remember, all are in same subnet.

How to configure ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Edison Ortiz Sat, 09/29/2007 - 09:19

Instead of going with area authentication, you can configure interface authentication, between A and B.

Area Authentication:

area 0 authentication message-digest

interface f0/0

ip ospf message-digest-key 1 md5 CISCO

Interface Authentication

interface f0/0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 CISCO


GillieLucent Sat, 09/29/2007 - 09:45


Thanks for replying.

I have already mentioned all are in same subnet. So, if I configure interface authentication in A and B, then C won't form neighbourship with A and B.



Edison Ortiz Sat, 09/29/2007 - 09:48

It can't be done unless you want to move the OSPF process to a GRE tunnel, quite ugly config.

Is this for a study lab or production network ?

Edit: Thinking more about it, you can have multiple OSPF process. One OSPF process for A and B (OSPF 1) and another process for A, B and C without authentication (OSPF 2).

I have to lab this up but I believe it should work.

GillieLucent Sat, 09/29/2007 - 10:10


This is for study lab.

But, if we have multiple process, then we need to redistribute between the process, that will be complex.



Edison Ortiz Sat, 09/29/2007 - 10:35

I believe I've seen that Lab.

The solution was building dual OSPF processes.


This Discussion