OSPF can be configured to authenticate every OSPF message. This is usually done to prevent a rogue router from injecting false routing information and therefore causing a Denial-of-Service attack.
Two types of authentication can be used:
1. clear text authentication – clear text passwords are used
2. MD5 authentication – MD5 authentication is used. This type of authentication is more secure because the password doesn’t go in clear-text over the network.
To configure clear text authentication, the following steps are required:
- configure the OSPF password on the interface by using the ip ospf authentication-key PASSWORD interface command
- configure the interface to use OSPF clear-text authentication by using the ip ospf authentication interface command
In the following example, we will configure OSPF clear-text authentication.
Both routers are running OSPF. On R1, we need to enter the following commands:
The same commands have to be entered on R2:
Configuring OSPF MD5 authentication is very similar to configuring clear-text authentication. Two commands are also used:
- First you need to configure the MD5 value on an interface by using the ip ospf message-digest-key 1 md5 VALUE interface command
- Next, you need to configure the interface to use MD5 authentication by using the ip ospf authentication message-digest interface command
Here is an example configuration on R1:
You can verify that R1 is using OSPF MD5 authentication by typing the show ip ospf INTERFACE/INTERFACE_TYPE command:
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: