OSPF MD5 authentication
The OSPF MD5 authentication is more secure than the plain text authentication. This method uses the MD5 algorithm to compute a hash value from the contents of the OSPF packet and a password. This hash value is transmitted in the packet. The receiver, which knows the same password, calculates its own hash value. If the message is unchanged, the hash value of the receiver should match the hash value of the sender which is transmitted with the message.
Configuring OSPF MD5 authentication is very similar to configuring clear-text authentication. Two commands are required:
- configure the MD5 value on an interface using the ip ospf message-digest-key 1 md5 VALUE interface command
- to configure the interface to use MD5 authentication by using the ip ospf authentication message-digest interface command
Here is our example network:
As you can see in the picture above, we have a simple network of two routers. Both routers are running OSPF. To enable the MD5 authentication and set up the password of secret, we need to enter the following commands on R1:
The same commands need to be entered on the neighboring router as well. We can verify that R1 is using OSPF MD5 authentication by using the show ip ospf INTERFACE command: