What is Authentication:
Authentication is the mechanism of recognizing the identity of a user. Associating an incoming request with a set of identifying credentials is called Authentication.
The credentials provided are compared to those in the database of the authorized user’s information register on a local operating system or somewhere remote. If the user is on white-list then he/she is allowed the access, otherwise the access is rejected simply.
Types of OSPF Authentication
OSPF supports two types of authentication i.e. Plain Text authentication and Message Digest 5 (MD5) authentication. As a message/packet required authentication for both destinations.
1. Null Authentication (no Authentication at all): Known as Type0 which includes no authentication information in the packet header. It is the default behaviour.
2. Plain Text Authentication: This is Type1 and it represents simple clear-text passwords.
3. MD5 Authentication: This is called Type2 and it uses MD5 cryptographic complex passwords.
Authentication commands
Configuration of OSPF Plain Text authentication
OSPF authentication can be enabled in two ways:
1. Per interface: Authentication is enabled per interface using the “#ip ospf athentication” command
2. Area authentication: Authentication for area is enabled using the “#area authentication” command
In either case, password must be configured at interface using “#ip ospf authentication-key” or “#ip ospf message-digest-key” command.
Example of Plain text Auth configuration:
Consider a simple topology of two routers as in below:
Both routers are running OSPF. On R1, we need to enter the following commands:
Now verify that clear-text authentication is indeed turned on, use show ip ospf interface INTERFACE_NUMBER/INTERFACE_TYPE command on either router:
Configuration of OSPF MD5 authentication
For configuring MD5 authentication, first we need to configure the MD5 value on an interface by using the #ip ospf message-digest-key 1 md5 interface command.
In the next step, we need to configure the interface to use MD5 authentication by using the #ip ospf authentication message-digest interface command
Example of MD5 Auth configuration:
Consider the same topology again:
To verify, use the #show ip ospf INTERFACE/INTERFACE_TYPE command. R1 will show OSPF MD5 authentication as in below:
I’m facing a problem related to Auth:
If I enable OSPF MD5 authentication before the adjacency, it doesn’t form the adjacency.
If I remove all the authentication & then re-create it then it works fine. Any thoughts?
Can you please run the debug & send me the logs at waqas@aurumme.com #debug ip ospf adj
Thanks for all the help Waqas. I must thank you for all the support for last few days.
Thanks again!!!!
Nice Post
Are all OSPF routing protocol exchanges authenticated by default?
No, the default behaviour is ‘No-Authentication’.
But OSPF can authenticate all packets exchanged between two routers. Authentication may be through simple passwords or through MD5 cryptographic checksums.
Thanks! That really requires to be attentive!
Thanks