In case of an OSPF network, the connection between neighbors of a router can be authenticated. This allows for a more secure exchange of updated information. This video summarizes the various OSPF authentication techniques.
There are two different ways to authenticate your OSPF network, the simple and the MD5 authentication. In the case of simple authentication, the password is sent over the network as clear-text which is why simple authentication is also known as open-text authentication. The MD5 uses a message-digest algorithm and the password is not directly passed over the OSPF network. Remember that when you start the authentication process, an entire area should have the same type of authentication, but different areas can have different authentications. In the video, we first authenticate area 0 using the open-text authentication method, and area 23 using the MD5 authentication technique.
The Interface
You have to first go to the interface which is supposed to be authenticated. This can be achieved by using the command int sX, like in the video for configuring the serial 0, we use int s0. After this step, you can set the configuration by using the command ip ospf authentication-key followed either by the password directly, or by a numeric value between 0-7 which decides the encryption level. When we enter the password directly without setting the password, the area 0 is now configured using the simple authentication. But still, the authentication has to be enabled.
Authenticate Interfaces
The MD5 authentication computes the hash value from the existing contents of an OSPF packet and the adjoining password. In order to enable the MD5 authentication over an area, you first need to enable the message-direct authentication and the adjoining key using the commands ip ospf authentication message-digest followed by the MD5 key command ip ospf authentication message-digest key. After you type in the above command, you need to enter the key (in the video the key ‘1’ is used) followed by md5 and your desired password. The key ID which you enter allows the operating router to reference multiple passwords. The show ip ospf interface can be used to view and thus verify the authentication type of any interface. At the end of the video, the viewer should be able to easily authenticate any interface and any adjoining neighbors as per their convenience.
Get CCNA Certified
Ready to get Cisco certified? Learn how to install, operate and troubleshoot a small to medium enterprise branch network with our Cisco CCNA Training course.