Linking Keychain to ospf process

a.irizarry4738 · ‎11-14-2018

Is there any way that we can link the Key Chain to the OSPF process? I wanted to know if you can add a statement and the router sends it out to its OSPF neighbors?Routing

mkazam001 · ‎11-14-2018

you can't configure key chains for ospf authentication, only below options allowed:

plain text
router ospf 1
area 0 authentication enables on all ints in area
or per int
int *
ip ospf authentication
ip ospf authentication-key CISCO

md5
router ospf 1
area 0 authentication message-digest
or per int
int *
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 CISCO

regards, mk

please rate if helpful or solved :)

mmanthe · ‎11-14-2018

Actually you can use key chains with OSPF with later code releases (I think 15.4 and up). In fact it’s the only way to use SHA with OSPF. Define key chain as normal then implement under the interface

see here: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ospfv2-crypto-authen-xe.html#reference_0BFE4845A5E141DEB412864B95B6C57C

Deepak Kumar · ‎11-14-2018

Hi,

As I am aware of the Key chain-linking is not possible directly yo OSPF process. You must define under the interface.

You can make authentication compulsory for all routers in the area using the OSPF process but again key must type under the per interface.

router ospf 1

area 0 authentication message-digest

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!