Configuration of OSPF Authentication

 

Some people are not familiar with OSPF Authentication because of the OSPF Authentication question. I wrote this article to help you.

 

OSPF Authentication is divided into region authentication and interface authentication. encryption methods include simple encryption and MD5 encryption.

 

 

(The following describes how to correctly install and configure network devices. The OSPF protocol runs normally and the network is fully interconnected)

 

(1) First, let's talk about the authentication under the interface:

1. plaintext-based authentication under the interface

R1 (config) # interface serial 1/1

R1 (config-if) # ip ospf authentication

R1 (config-if) # ip ospf authentication-key free

R1 (config-if) # exit

 

In this case, debug displays the following information:

00: 30: 33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead

00: 30: 33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead, state DOWN

00: 30: 33: % OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from FULL to DOWN, Neighbor Down: Dead timer expired

00: 30: 35: OSPF: Rcv pkt from 192.168.1.2, Serial1/1: Mismatch Authentication type. Input packet specified type 0, we use type 1

00: 54: 45: OSPF: Rcv pkt from 192.168.1.2, Serial1/1: Mismatch Authentication Key-Clear Text

 

It means that the authentication fails, causing the neighbor relationship to go DOWN and the plaintext authentication.

At this time, you need to enable the same command under the peer interface to establish a normal neighbor relationship.

 

2. MD5 authentication for the interface:

 

R1 (config) # interface serial 1/1

R1 (config-if) # ip ospf authentication message-digest

R1 (config-if) # ip ospf message-digest-key 1 md5 free

The command is similar to the plain text above. The first sentence is to enable MD5-based authentication, and the second sentence is the key ID in the range of 1-255. Md5 is followed by a password, which must be within 16 characters, but both parties must be consistent.

 

After the configuration is complete, a message indicating that the adjacent relationship is DOWN is displayed. You can configure the same information for the other party.

 

(2) Let's talk about regional-based authentication.

1. region-based plaintext authentication:

R1 (config) # router ospf 1

R1 (config-router) # area 1 authentication (Region 1 enables authentication)

R1 (config-router) # exit

R1 (config) # interface serial 1/1

R1 (config-if) # ip ospf authentication-key free (configure the plaintext password for authentication)

 

The following prompt is displayed after the configuration is complete.

01: 10: 25: % OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from FULL to DOWN, Neighbor Down: Dead timer expired

At this time, you can add the same information to the other party.

 

2. region-based MD5 authentication:

R1 (config) # router ospf 1

R1 (config-router) # area 1 authentication message-digest (Region 1 enables MD5 authentication)

R1 (config-router) # exit

R1 (config) # interface serial 1/1

R1 (config-if) # ip ospf message-digest-key 1 md5 free (configure the MD5 password for authentication)

 

Then, after the peer configuration is complete, the neighbor relationship can be established normally.

 

If you want to change the password, run the following command,

R1 (config) # interface serial 1/1

R1 (config-if) # ip ospf message-digest-key 2 md5 free2

In this way, OSPF uses both 1 and 2 encryption passwords to send two different data copies at the same time. When both ends are configured, 2 can be used normally and no 1 can be dropped. This does not affect normal neighbor relationships.

 

In fact, OSPF Authentication is relatively simple.