OSPF Authentication
OSPF supports authentication to secure routing updates.We can use either clear-text or an MD5 authentication with OSPF.
Clear Text Authentication
To configure clear-text authentication, the first step is to enable authentication for the area, under the OSPF routing process:
Router(config)# router ospf 1Then, the authentication key must be configured on the interface:
Router(config-router)# network 172.16.0.0 0.0.255.255 area 0
Router(config-router)# area 0 authentication
Router(config)# interface fa 0/0MD5 Authentication
Router(config-if)# ip ospf authentication
Router(config-if)# ip ospf authentication-key MYKEY
To configure MD5-hashed authentication, the first step is also to enable authentication for the area under the OSPF process:
Router(config)# router ospf 1Notice the additional parameter message-digest included with the area 0 authentication command. Next, the hashed authentication key must be configured on the interface:
Router(config-router)# network 172.16.0.0 0.0.255.255 area 0
Router(config-router)# area 0 authentication message-digest
Router(config)# interface fa 0/0
Router(config-router)# ip ospf message-digest-key 10 md5 MYKEY
Router(config-router)# ip ospf authentication message-digest
NOTE: Area authentication must be enabled on all routers in the area, and the form of authentication must be identical (clear-text or MD5). The authentication keys do not need to be the same on every router in the OSPF area, but must be the same on interfaces connecting two neighbors.
Please note: if authentication is enabled for Area 0, the same authentication must be configured on Virtual Links, as they are “extensions” of Area 0.
Please note: if authentication is enabled for Area 0, the same authentication must be configured on Virtual Links, as they are “extensions” of Area 0.
0 comments:
Post a Comment