OSPF AUTH

ram_hiwale · ‎01-24-2008

how to do OSPF authentication

ram_hiwale · ‎01-24-2008

check th below urls

http://books.google.com/books?id=dKzpj4r7KCwC&pg=PA302&lpg=PA302&dq=how+ospf+authentication+works&source=web&ots=qMoOS7NO7K&sig=e_bDu2tLCXp42mec5LZx_JKjlds

http://books.google.com/books?id=qoA9rLLmi3wC&pg=PA225&lpg=PA225&dq=why+ospf+authentication&source=web&ots=9j3XAv9E_u&sig=SOt67jrtWPeBLO8-orVUcapq1Ig#PPA224,M1

shrikar.dange · ‎01-24-2008

hi,

Specifying authentication for an area sets the authentication to Type 1 (simple password). If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.

The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other

via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.

example:

interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf authentication-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf authentication-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication

area 0 authentication

HTH,

regards,

shri :)

turbo_engine26 · ‎01-07-2012

Hi Ram,

As Shrikar highlighted, There are two types of authentication in OSPF.

Type 1: uses a plain-text password between neighbors on the same network.

Type 2: uses MD5 hash algorithm to compute hashes between neighbors on the same network. (More Secure)

Some notes to consider:

1- Authentication type must be the same in an Area.

2- Authentication key (or password) doesn't have to be the same on all routers in an Area.

3- Authentication key (or password) must be the same between neighbors on the same network. (This is essential for the adjacency to form in the first place)

An example for Type 1 authentication is already highlighted by my friend Shrikar and no need to mention it again.

My example here uses Type 2:

interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf message-digest-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf message-digest-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication message-digest

area 0 authentication message-digest

Hint:

To add more security layer, use "service password-encryption" to encrypt the configured passwords in the running config.

Hope this helps.