Configuring OSPF Authentication

Two types of authentication used in OSPF

• Simple password or plain-text authentication

 Assign a password to be used with neighboring routers
router(config-if)# ip ospf authenctication-key password 

Specifies the authentication type for an interface (since IOS 12.0)
router(config-if)# ip ospf authentication [message-digest | null]

Specifies the authentication type for an area (before IOS 12.0)
router(config-router)# area area-id authencation [message-digest]

Example :

 

R2-2503
interface Loopback0
  ip address 70.70.70.70 255.255.255.255
 !
 interface Serial0
  ip address 192.16.64.2 255.255.255.0
  ip ospf authentication-key kal
  clockrate 64000
  !
 router ospf 10
  log-adjacency-changes
  network 70.0.0.0 0.255.255.255 area 0
  network 192.16.64.0 0.0.0.255 area 0
  area 0 authentication

R1-2503
interface Loopback0
ip address 172.16.10.36 255.255.255.240
!
interface Serial0
ip address 192.16.64.1 255.255.255.0
ip ospf authentication-key kal
!
router ospf 10
network 172.16.0.0 0.0.255.255 area 0
network 192.16.64.0 0.0.0.255 area 0
area 0 authentication

• Message diggest 5 (MD5) authentication

R2-2503
interface Loopback0
  ip address 70.70.70.70 255.255.255.255
 !
 interface Serial0
  ip address 192.16.64.2 255.255.255.0
  ip ospf message-digest-key 1 md5 kal 
  clockrate 64000
 !
 router ospf 10
  network 192.16.64.0 0.0.0.255 area 0
  network 70.0.0.0 0.255.255.255 area 0
  area 0 authentication message-digest

R1-2503
interface Loopback0
 ip address 172.16.10.36 255.255.255.240
!
interface Serial0
 ip address 192.16.64.1 255.255.255.0
 ip ospf message-digest-key 1 md5 kal 
!
router ospf 10
 network 172.16.0.0 0.0.255.255 area 0
 network 192.16.64.0 0.0.0.255 area 0
 area 0 authentication message-digest

Note : kal is password

TROUBLESHOOT

- show ip ospf neighbor
- show ip ospf interface serial0
- show ip route
- ping (ip address)
- debug ip ospf adj

 

November 3, 2008 Posted by wyulansa | Cisco | cisco OSPF authentication | No Comments Yet