Cisco Support Community
Community Member

why OSPF neighbour authentication ?

Hi all

I understand the concept of Ospf router authentications as a security breach prevention mechanism, but could someone please explain to me how route authentication is achieved ?

Thanks in Advance


Hall of Fame Super Bronze

Re: why OSPF neighbour authentication ?

Please refer to this sample config and let us know if you still have any questions:

Re: why OSPF neighbour authentication ?

Maamun, read Edison's link it is all there . but basically when OSPF authentication has been configured on a router the way it works is router authenticates the source of each routing update packets it receives from a neighbor, in other words before learned or advertised routes are exchanged from one OSPF router to another and are participating within the same ospf domain OSPF routers check authentication, if authentication does not match it will not form adjacency and therefore will not receive fraudulent routes from a router unconfigured with same authentication password. It is not the routes that are authenticated.

Community Member

Re: why OSPF neighbour authentication ?


In simple words, a common problem with RIP is that anyone can bring up a bogus RIP router advertising any route, disrupting routing. By authentication in OSPF, a router would have to be given the correct key before it could join the OSPF routing domain. After then, all OSPF protocol exchanges are authenticated.The OSPF packet header (see Section A.3.1 of RFC 2328) includes an authentication type field.



CreatePlease to create content