C
HAPTER
45
| IP Routing Commands
Open Shortest Path First (OSPFv2)
– 1061 –
COMMAND MODE
Interface Configuration (VLAN)
DEFAULT SETTING
No authentication
COMMAND USAGE
â—† Use authentication to prevent routers from inadvertently joining an
unauthorized area. Configure routers in the same area with the same
password or key. All neighboring routers on the same network with the
same password will exchange routing data.
â—† This command creates a password (key) that is inserted into the OSPF
header when routing protocol packets are originated by this device.
Assign a separate password to each network for different interfaces.
â—† When using simple password authentication, a password is included in
the packet. If it does not match the password configured on the
receiving router, the packet is discarded. This method provides very
little security as it is possible to learn the authentication key by
snooping on routing protocol packets.
â—† When using Message-Digest 5 (MD5) authentication, the router uses
the MD5 algorithm to verify data integrity by creating a 128-bit
message digest from the authentication key. Without the proper key
and key-id, it is nearly impossible to produce any message that
matches the pre-specified target message digest.
â—† Before specifying plain-text password authentication for an interface,
configure a password with the ip ospf authentication-key command.
Before specifying MD5 authentication for an interface, configure the
message-digest key-id and key with the ip ospf message-digest-key
command.
â—† The plain-text authentication-key, or the MD5 key-id and key, must be
used consistently throughout the autonomous system.
EXAMPLE
This example enables message-digest authentication for the specified
interface.
Console(config)#interface vlan 1
Console(config-if)#ip ospf authentication message-digest
Console(config-if)#
RELATED COMMANDS
ip ospf authentication-key (1062)
ip ospf message-digest-key (1065)
To Next Page
Loading...
Need help?
General
