Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OSPF AUTH

how to do OSPF authentication

3 REPLIES

Re: OSPF AUTH

hi,

Specifying authentication for an area sets the authentication to Type 1 (simple password). If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.

The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other

via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.

example:

interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf authentication-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf authentication-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication

area 0 authentication

HTH,

regards,

shri :)

New Member

Re: OSPF AUTH

Hi Ram,

As Shrikar highlighted, There are two types of authentication in OSPF.

Type 1: uses a plain-text password between neighbors on the same network.

Type 2: uses MD5 hash algorithm to compute hashes between neighbors on the same network. (More Secure)

Some notes to consider:

1- Authentication type must be the same in an Area.

2- Authentication key (or password) doesn't have to be the same on all routers in an Area.

3- Authentication key (or password) must be the same between neighbors on the same network. (This is essential for the adjacency to form in the first place)

An example for Type 1 authentication is already highlighted by my friend Shrikar and no need to mention it again.

My example here uses Type 2:

interface ethernet 0

ip address 192.168.251.201 255.255.255.0

ip ospf  message-digest-key adcdefgh

!

interface ethernet 1

ip address 10.56.0.201 255.255.0.0

ip ospf message-digest-key ijklmnop

!

router ospf 201

network 10.0.0.0 0.255.255.255 area 10.0.0.0

network 192.168.0.0 0.0.255.255 area 0

area 10.0.0.0 authentication message-digest

area 0 authentication message-digest

Hint:

To add more security layer, use "service password-encryption" to encrypt the configured passwords in the running config.

Hope this helps.

284
Views
0
Helpful
3
Replies