Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Question on OSPF MD5 Authentication

Hi Sir,

I have few routers on OSPF Area 0. Currently no OSPF authentication is configured.

I'm going to enable OSPF MD5 authentication on only a few routers and selected interfaces only, with the following interface config commands:

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 testkey

My question is, do I also need to configure the router config command "area 0 authentication message-digest" on the routers? Without this command, OSPF adjacency seems to be successfully established between two neighboring routers enabled with MD5 authentication (on interface-basis).

Please advise.

Thank you.

B.Rgds,

Lim TS

3 REPLIES
Silver

Re: Question on OSPF MD5 Authentication

Hi,

"The area authentication message-digest command in this configuration enables authentication for all of the router interfaces in a particular area. You can also use the ip ospf authentication message-digest command under the interface to configure MD5 authentication for the specific interface. This command can be used if a different authentication method or no authentication method is configured under the area to which the interface belongs. It overrides the authentication method configured for the area. This is useful if different interfaces that belong to the same area need to use different authentication methods."

See that:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtml

HTH

Andrea

New Member

Re: Question on OSPF MD5 Authentication

Hi Andrea,

Thanks for the reply.

Let's say, a router currently is not configured to do any OSPF authentication and it successfully establishes adjacencies with other neighbor routers.

If I add the router config command "area 0 authentication message-digest" on the above router but have not configured "ip ospf authentication message-digest" and "ip ospf message-digest-key" on interfaces, will existing adjacencies on Area 0 be torn down?

I don't have routers with me now to test it but I need to know in theory.

Thank you.

B.Rgds,

Lim TS

Silver

Re: Question on OSPF MD5 Authentication

Hi,

if you add the 'area 0 authentication message-digest", you have to configure all routers on area 0, or "in theory" the adjacencies with routers no authenticated will go down.

The interface command overrides the area command, that is you could have an area 0 without auth, and a specific link on it with auth plain or MD5, or an area 0 with auth plain/MD5 and a specific link with auth MD5/plain ... It depends on your topology, and your goals.

Pay a special attention with virtual links ;) For a particolar nature of VL, if you have an area 0 authenticated, you have to use authentication on your VLs too.

HTH

Andrea

320
Views
0
Helpful
3
Replies
CreatePlease to create content