OSPF MD5 authentication

The OSPF MD5 authentication is more secure than the plain text authentication. This method uses the MD5 algorithm to compute a hash value from the contents of the OSPF packet and a password. This hash value is transmitted in the packet. The receiver, which knows the same password, calculates its own hash value. If the message is unchanged, the hash value of the receiver should match the hash value of the sender which is transmitted with the message.

Configuring OSPF MD5 authentication is very similar to configuring clear-text authentication. Two commands are required:

  • configure the MD5 value on an interface using the ip ospf message-digest-key 1 md5 VALUE interface command
  • to configure the interface to use MD5 authentication by using the ip ospf authentication message-digest interface command

Here is our example network:

ospf authentication topology

As you can see in the picture above, we have a simple network of two routers. Both routers are running OSPF. To enable the MD5 authentication and set up the password of secret, we need to enter the following commands on R1:

ospf md5 authentication configuration

The same commands need to be entered on the neighboring router as well. We can verify that R1 is using OSPF MD5 authentication by using the show ip ospf INTERFACE command:

show ip ospf interface md5

 

OSPF authentication type can also be enabled on an area basis, instead of configuring OSPF authentication type per interface basis. This can be done by using the area AREA_ID authentication [message-digest] command under the OSPF configuration mode. If you omit the message-digest keyword, a clear-text authentication will be used for that area. All interfaces inside the area will use OSPF authentication.

CCNA course

Geek University 2022