OSPF can be configured to authenticate every OSPF message. This is usually done to prevent a rogue router from injecting false routing information and therefore causing a Denial-of-Service attack.
Two types of authentication can be used:
1. clear text authentication – clear text passwords are used
2. MD5 authentication – MD5 authentication is used. This type of authentication is more secure because the password doesn’t go in clear-text over the network.
To configure clear text authentication, the following steps are required:
- configure the OSPF password on the interface by using the ip ospf authentication-key PASSWORD interface command
- configure the interface to use OSPF clear-text authentication by using the ip ospf authentication interface command
In the following example, we will configure OSPF clear-text authentication.
Both routers are running OSPF. On R1, we need to enter the following commands:
The same commands have to be entered on R2:
Configuring OSPF MD5 authentication is very similar to configuring clear-text authentication. Two commands are also used:
- First you need to configure the MD5 value on an interface by using the ip ospf message-digest-key 1 md5 VALUE interface command
- Next, you need to configure the interface to use MD5 authentication by using the ip ospf authentication message-digest interface command
Here is an example configuration on R1:
You can verify that R1 is using OSPF MD5 authentication by typing the show ip ospf INTERFACE/INTERFACE_TYPE command: