Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

OSPF Authentication

To enable OSPF MD5 authentication, is it necessary to run it under all interfaces of a router.

If I don't enable it under a interface (and enable it under router process and rest of the interfaces)will that interface's network will not be advertised to the rest of the network. e.g; if a LAN switch is connected to an interface on which users are connected and I don't enable authn on that typical interface then ??


Re: OSPF Authentication

Its not mandatory that all interface should run authentication even if u have configured under the ospf process,but its mandatory that it must be configured on all neighbors reached through that interface,otherwise adjacency will not be formed..


Re: OSPF Authentication


Here is an example "Sample Configuration for Authentication in OSPF"

If I understand well your question, the answer is: "The network will be advertised; the method for not advertise the network is by route map...that is a selection of routes that must be advertised".

I hope this helps.

Best regards.


Re: OSPF Authentication


The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.

To remove the authentication specification for an area, use the no form of this command with the authentication keyword.

You typically enable authentication for a area not for specific interface.The authentication affects the communication between the routers of the authenticated area,not between the users and switches.



shri :)


Re: OSPF Authentication

Yes, the authentication is for ESTABLISHING neighbor relations - i.e. when they see each other, they authenticate before actually exchanging the routes.

Advertising routes is process of already established neighborship relation. After it is established and neighbors are authenticated, inside that relation they exchange information in those relations. In this phase the interface authentication setting is not important and does not play a role.

Cisco Employee

Re: OSPF Authentication

Hi Munawar,

As per the RFC, there is no area authentication in OSPF. It is Cisco who have implemented the area authentication concept. Typically as per the RFC, the authentication is done per interface and if you dont enable the authentication on an interface connected to the OSPF neighbor, the adjacency will break down. The network under the interface will still be advertised though.


-amit singh

Hall of Fame Super Bronze

Re: OSPF Authentication

You can enable OSPF MD5 under the interface or under the OSPF routing process.

If you were to enable under the routing process, all OSPF speaking devices on that area must also have OSPF MD5 enabled.

If you were to enable under the interface, only the OSPF speaking devices on that segment need to have OSPF MD5 enabled.

Usually, when migrating from non-authenticated OSPF to authenticated OSPF, it's recommend to configure OSPF interface authentication since this migration path is more controlled. Imagine having 100+ OSPF speaking devices in one area and having to enable area authentication in all of them at once.