OSPF Protocol Verification

The router can participate in the routing information domain by setting a password. In this way, OSPF packets can be verified. By default, the router uses null verification, that is, the exchange of route information through the network is not verified. There are two methods to verify the OSPF network: Simple PasswordAuthentication and MD5 verification Message Digest Authentication ).
1. Start OSPF

Enabling the OSPF routing protocol on the NE80 core router consists of the following two steps. In global configuration mode:

1. Activate the OSPF process and run the following command in privileged mode:
Router ospf

2. Divide the port into specific areas:
Network <network or IP address> <mask> <area-id>

When activating the OSPF protocol on a Cisco router, you must specify the process-id, which is a valid local decimal number on the router and does not need to match the Process-id on other routers. This process-id allows you to run multiple OSPF processes on a vro. However, it is not recommended to create multiple OSPF processes on the same vro because this will increase the router overhead.
The Network command is a method to allocate a port to a region. Mask is used as a shortcut. You can use a single line of configuration commands to complete a list of ports in the same region. The mask contains the wildcard "0" and "1". The "0" bits indicate matching, and the "1" bits indicate not matching. For example, 0.0.0000255 indicates matching the first two bytes of the network number.
Area-id is the region number of the port. It is an integer between 0 and 4294967295. It can also be in a format similar to that of the IP address. For example, 0.0.0.100 indicates that the region number is 100.

 
RTA #
Interface GigabitEthernet5/0/0
Ip address 192.213.11.1 255.255.255.0
Interface GigabitEthernet5/0/1
Ip address 192.213.12.2 255.255.255.0
Interface GigabitEthernet5/1/0
Ip address 128.213.1.1 255.255.255.0
Interface GigabitEthernet5/1/1
No ip address
Router ospf 100
Network 192.213.0.0 0.0.255.255 area 0.0.0.0
Network 128.213.1.1 0.0.0.0 area 23
The first network command allocates E0 and E1 ports to zone 0.0.0.0, and the second network command assigns E2 to Zone 23. Note that the 0.0.0.0 mask matches all IP addresses. In case of mask problems, this is a very simple and effective way to allocate a port to a specific area.
2. Simple Password Verification

Simple Password verification allows you to configure only one Password for one region. To connect routers in the same region to a route, you must configure the same Password. The disadvantage of this method is that it is vulnerable to attacks. Anyone using a line analyzer can steal passwords from the network. Run the following command to start password verification:

Ip ospf authentication-key <key> is set in specific port configuration mode) area <area-id> authentication is set in routing configuration mode "(config-router-ospf)

For example:
Interface GigabitEthernet1/0/0
Ip address 10.10.10 255.255.255.0
Ip ospf authentication-key mypassword
Router ospf 10
Network 10.10.0.0 0.0.255.255 area 0
Area 0 authentication
3. MD5 Verification

MD5 Message Digest Authentication) is encrypted Authentication. The password and password ID must be configured on each vro. The router uses an algorithm to generate a "Message Digest" based on the OSPF Packet, password, and password ID, and then add it to the OSPF Message. Unlike simple password verification, the MD5 verification password is not transmitted over the network. Each OSPF Packet also contains a serial number to protect the network from attacks.
This verification method can change the password without interrupting network services, which helps the network administrator to change the OSPF verification password online. If a new password is configured for a port, the router will send multiple copies of the same packet to the network, and each packet will be verified with a different password. When the router detects that all neighbors have adopted a new password, it will stop sending copies of this packet. Use the following command to configure MD5 Verification:

Ip ospf message-digest-key <keyid> md5 <key> set in specific port configuration mode
Area <area-id> authentication message-digest in routing configuration mode
"(Config-router-ospf)

For example
Interface GigabitEthernet1/0/0
Ip address 10.10.10 255.255.255.0
Ip ospf message-digest-key 10 md5 mypassword
Router ospf 10
Network 10.10.0.0 0.0.255.255 area 0
Area 0 authentication message-digest