OSPF can be configured to authenticate each OSPF message. This is usually done to prevent the unauthorized router from injecting erroneous routing information, thereby causing a denial of service attack.
Two types of authentication can be used:
1. Clear text authentication: Simple text passwords are used
2. MD5 Authentication: MD5 authentication is used. This type of authentication is more secure because the password does not enter in clear text over the network.
Note
With OSPF authentication enabled, routers must pass the authentication process before they become OSPF neighbors.
To configure clear text authentication, the following steps are required:
In the following example, we will configure clear text authentication for OSPF.
Both Routers work OSPF. In R1, we need to enter the following commands:
You must enter the same commands in R2:
To verify that text authentication is enabled without encryption, we can use the show ip ospf interface INTERFACE_NUMBER / INTERFACE_TYPE command on any of the following:
Configuring OSPF authentication for MD5 is very similar to the clear text authentication configuration. Two things are also used:
1.You must first initialize an MD5 value on an interface by using the interface command VALUE for the digest-key-key 1 md5 for the ospf protocol
2.Then, you must configure the interface to use MD5 authentication by using the message digest summary interface and the ospf command for the ip interface command
The following is an example of a configuration in R1:
You can verify that R1 uses OSPF authentication for MD5 by entering the show ip ospf INTERFACE / INTERFACE_TYPE command:
Note
The OSPF authentication type can also be enabled on a zone basis, instead of configuring the OSPF authentication type for each interface. This is done by using the AREA_ID zone authentication command [message digest] in OSPF configuration mode. If you delete the message summary keyword, clear text authentication will be used for that area. All interfaces within the zone will use OSPF authentication.
Two types of authentication can be used:
1. Clear text authentication: Simple text passwords are used
2. MD5 Authentication: MD5 authentication is used. This type of authentication is more secure because the password does not enter in clear text over the network.
Note
With OSPF authentication enabled, routers must pass the authentication process before they become OSPF neighbors.
To configure clear text authentication, the following steps are required:
- Configure the OSPF password on the interface by using the PASSWORD ip ospf interface command key for authentication.
2.Configure the interface to use OSPF clear text authentication by using the ospf ip authentication interface command.
In the following example, we will configure clear text authentication for OSPF.
Both Routers work OSPF. In R1, we need to enter the following commands:
You must enter the same commands in R2:
To verify that text authentication is enabled without encryption, we can use the show ip ospf interface INTERFACE_NUMBER / INTERFACE_TYPE command on any of the following:
Configuring OSPF authentication for MD5 is very similar to the clear text authentication configuration. Two things are also used:
1.You must first initialize an MD5 value on an interface by using the interface command VALUE for the digest-key-key 1 md5 for the ospf protocol
2.Then, you must configure the interface to use MD5 authentication by using the message digest summary interface and the ospf command for the ip interface command
The following is an example of a configuration in R1:
You can verify that R1 uses OSPF authentication for MD5 by entering the show ip ospf INTERFACE / INTERFACE_TYPE command:
Note
The OSPF authentication type can also be enabled on a zone basis, instead of configuring the OSPF authentication type for each interface. This is done by using the AREA_ID zone authentication command [message digest] in OSPF configuration mode. If you delete the message summary keyword, clear text authentication will be used for that area. All interfaces within the zone will use OSPF authentication.