OSPF: CONCEPT: AUTHENTICATION


TOPICS

HOW TO CONFIGURE OSPF AUTHENTICATION ?

REAL WORLD EXAMPLES TO VERIFY OSPF AUTHENTICATION

LINK TO ENCRYPT/ DECRYPT MD5 AUTHENTICATION

*****************

 

HOW TO CONFIGURE OSPF AUTHENTICATION ?

 

” Reference Link “

http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13697-25.html

 

” Authentication Types “

Null Authentication—This is also called Type 0 and it means no authentication information is included in the packet header. It is the default.

Plain Text Authentication—This is also called Type 1 and it uses simple clear-text passwords.

MD5 Authentication—This is also called Type 2 and it uses MD5 cryptographic passwords.

 

” Sample Config for Plain Text “

router ospf 10
area 0 authentication

interface Serial0

ip ospf authentication-key c1$c0

The Key value is set as “c1$c0 “. !— It is the password that is sent across the network

 

” Sample Config for MD5 Authentication “

router ospf 10

area 0 authentication message-digest

interface Serial0

ip ospf message-digest-key 1 md5 c1$c0

Message digest key with ID “1” and Key value (password) is set as “c1$c0 “.

 

” Note “

In Plain Text, simply passwords are matched to become neighbors

In MD5 authentication, This method uses the MD5 algorithm to compute a hash value from the contents of the OSPF packet and a password .

This hash value is transmitted in the packet, along with a key ID and a non-decreasing sequence number

The receiver, which knows the same password, calculates its own hash value. If nothing in the message changes, the hash value of the receiver should match the hash value of the sender which is transmitted with the message.

Benefit Of Key ID: The key ID allows the routers to reference multiple passwords. This makes password migration easier and more secure. For example, to migrate from one password to another, configure a password under a different key ID and remove the first key


 

REAL WORLD EXAMPLES TO VERIFY OSPF AUTHENTICATION

Rtr1#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface

10.151.254.4    128   FULL/DROTHER    00:00:39    10.151.254.4    GigabitEthernet0/1

/ Use the concerned interface in next command/

Rtr1#sh ip ospf int g0/1

Message digest authentication enabled
Youngest key id is 1

/ Now,  MD5 authentication is used,  this is confirmed/

Rtr1#sh running-config int g0/1

ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7  < Key Value >


LINK TO ENCRYPT/ DECRYPT MD5 AUTHENTICATION

REFERENCE LINK

http://www.md5online.org/

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s