shrikar.dange Thu, 01/24/2008 - 00:20
User Badges:
  • Bronze, 100 points or more

hi,


Specifying authentication for an area sets the authentication to Type 1 (simple password). If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.

The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other

via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.


example:


interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf authentication-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf authentication-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication

area 0 authentication



HTH,


regards,


shri :)



turbo_engine26 Sat, 01/07/2012 - 07:46
User Badges:

Hi Ram,


As Shrikar highlighted, There are two types of authentication in OSPF.


Type 1: uses a plain-text password between neighbors on the same network.

Type 2: uses MD5 hash algorithm to compute hashes between neighbors on the same network. (More Secure)


Some notes to consider:


1- Authentication type must be the same in an Area.

2- Authentication key (or password) doesn't have to be the same on all routers in an Area.

3- Authentication key (or password) must be the same between neighbors on the same network. (This is essential for the adjacency to form in the first place)


An example for Type 1 authentication is already highlighted by my friend Shrikar and no need to mention it again.


My example here uses Type 2:


interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf  message-digest-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf message-digest-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication message-digest

area 0 authentication message-digest



Hint:

To add more security layer, use "service password-encryption" to encrypt the configured passwords in the running config.


Hope this helps.

Actions

This Discussion