The ip ospf message-digest-key command configures the key that will be inserted in all OSPF
packet headers. As a result, if the keys are inconsistent, the OSPF neighboring relationship cannot be
established between two devices directly connected, and thus route information exchange is
impossible.
The keys can be different for different interfaces, but the devices that are connected to the same
physical network segment must be configured with the same key. For neighbors, the same key
identifier must correspond to the same key.
To enable OSPF area authentication, execute the area authentication command in routing process
configuration mode. The authentication can be enabled separately on an interface by executing the ip
ospf authentication command in interface configuration mode. When both the interface and the area
are configured with authentication, the one for the interface takes precedence.
The RGOS software supports smooth modification of MD5 authentication keys, which shall be added
before deleted. When an MD5 authentication key of the device is added, the device will regard other
devices have not had new keys and thus send multiple OSPF packets by using different keys, till it
confirms that the neighbors have been configured with new keys. When all devices have been
configured with new keys, it is possible to delete the old key.
The following example adds a new OSPF authentication key "hello5" with key ID 5 for fastEthernet
0/1.
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-if-FastEthernet 0/1)# ip address 172.16.24.2 255.255.255.0
Ruijie(config-if-FastEthernet 0/1)# ip ospf authentication message-digest
Ruijie(config-if-FastEthernet 0/1)# ip ospf message-digest-key 10 md5 hello10
Ruijie(config-if-FastEthernet 0/1)# ip ospf message-digest-key 5md5 hello5
When all neighbors are added with new keys, the old keys shall be deleted for all devices.
To Next Page
Loading...
Need help?
General