01-24-2008 12:19 AM - edited 03-03-2019 08:24 PM
01-24-2008 12:20 AM
check th below urls
01-24-2008 12:20 AM
hi,
Specifying authentication for an area sets the authentication to Type 1 (simple password). If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.
The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other
via OSPF. Use the ip ospf authentication-key interface command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.
example:
interface ethernet 0
ip address 192.168.251.201 255.255.255.0
ip ospf authentication-key adcdefgh
!
interface ethernet 1
ip address 10.56.0.201 255.255.0.0
ip ospf authentication-key ijklmnop
!
router ospf 201
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication
area 0 authentication
HTH,
regards,
shri :)
01-07-2012 07:46 AM
Hi Ram,
As Shrikar highlighted, There are two types of authentication in OSPF.
Type 1: uses a plain-text password between neighbors on the same network.
Type 2: uses MD5 hash algorithm to compute hashes between neighbors on the same network. (More Secure)
Some notes to consider:
1- Authentication type must be the same in an Area.
2- Authentication key (or password) doesn't have to be the same on all routers in an Area.
3- Authentication key (or password) must be the same between neighbors on the same network. (This is essential for the adjacency to form in the first place)
An example for Type 1 authentication is already highlighted by my friend Shrikar and no need to mention it again.
My example here uses Type 2:
interface ethernet 0
ip address 192.168.251.201 255.255.255.0
ip ospf message-digest-key adcdefgh
!
interface ethernet 1
ip address 10.56.0.201 255.255.0.0
ip ospf message-digest-key ijklmnop
!
router ospf 201
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication message-digest
area 0 authentication message-digest
Hint:
To add more security layer, use "service password-encryption" to encrypt the configured passwords in the running config.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide