fbpx

OSPF MD5 Authentication Step-by-Step Configuration

· >
OSPF MD5 Authentication

In our previous article on OSPF multi-area configuration, I showed you how to configure OSPF in multi-area OSPF topology. In this article, we shall use below topology for demonstrating OSPF MD5 authentication. So lets get started.

OSPF MD5 AUTHENTICATION
OSPF MD5 AUTHENTICATION

In above topology we have only two router R1 and R2 directly connected in same OSPF area (area 0). There are two ways you can enable OSPF MD5 authentication on Cisco routers, One way is to configure OSPF authentication on OSPF interfaces while the other way is to enable OSPF on entire area this way you don’t need to enable OSPF on interfaces. Please note that we have already configured OSPF between R1 and R2 and have FULL neighborship between each other.

#R1 OSPF MD5 Configuration
interface GigabitEthernet0/0/0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TECHACAD

For MD5 authentication you need different commands. First use “ip ospf message-digestkey X md5” to specify the key number and a password. It doesn’t matter which key number you choose but it has to be the same on both ends. To enable OSPF authentication you need to type in ip ospf authentication message-digest. When we enable OSPF MD5 authentication on R1, neighborship between R1 and R2 goes down and following message appear on console.

R2(config)#
00:21:05: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

00:21:05: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on GigabitEthernet0/0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

Now we need to enable OSPF MD5 authentication on R2 as well to bring our neighborship back UP.

#R2 OSPF MD5 Configuration
interface GigabitEthernet0/0/0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TECHACAD

As mentioned earlier that the md5 password / key must match at both ends for neighborship to be successful, so lets verify OSPF neighborships.

R2#show ip ospf neighbor 

Neighbor ID     Pri   State        Dead Time   Address         Interface
1.1.1.1           1   FULL/BDR     00:00:30    192.168.200.1   GigabitEthernet0/0/0

ALSO READ

We have FULL neighborship with R1, lets verify whether we have MD5 authentication enabled. We verify this by using command “show ip ospf interface gig0/0/0”

R2#show ip ospf interface gig0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
  Internet address is 192.168.200.2/24, Area 0
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.200.2
  Backup Designated Router (ID) 1.1.1.1, Interface address 192.168.200.1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:01
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

One last thing, as mentioned earlier that we can enable OSPF authentication on whole OSPF area, It is also possible to enable authentication for the entire area, this way you don’t have to use the ip ospf authentication message-digest command on all of your interfaces to activate it. Here’s the command to enable MD5 authentication for the entire area:

R1(config)#router ospf 1
R1(config-router)#area 0 authentication message-digest
R2(config)#router ospf 1
R2(config-router)#area 0 authentication message-digest

If you want to practice OSPF MD5 Authentication in your own lab, i have pasted below configurations for your reference.

#R1 Configuration
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
 ip address 192.168.200.1 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TECHACAD
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 192.168.200.0 0.0.0.255 area 0
 network 1.1.1.1 0.0.0.0 area 0
#R2 Configuration
hostname R2
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0/0
 ip address 192.168.200.2 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TECHACAD
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 192.168.200.0 0.0.0.255 area 0
 network 2.2.2.2 0.0.0.0 area 0

Conclusion

In this article we have configured OSPF MD5 authentication, also verified OSPF neighborship to verify our work.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments