OSPF clear text authentication
OSPF can authenticate all messages exchanged between neighbors. Messages are authenticated to prevent a rogue router from injecting false routing information and possibly causing a Denial-of-service attack. Note that with the OSPF authentication turned on, routers must pass the authentication process in order to become OSPF neighbors.
Two types of authentication can be used in OSPF:
- clear text authentication – clear text passwords are used.
- MD5 authentication – MD5 authentication is used. This type of authentication of more secure.
To configure the clear text authentication, the following commands are required:
- configure the OSPF password on the interface using the ip ospf authentication-key PASSWORD interface command.
- configure the interface to use the OSPF clear text authentication by using the ip ospf authentication interface command.
Here is an example network:
We have a simple network of two routers. Both routers are running OSPF. To enable the clear text authentication and set up the password of secret, we need to enter the following commands on R1:
The same commands have to be entered on R2:
To verify that the clear text authentication is indeed enabled, we can use the show ip ospf interface INTERFACE command on either router: