Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6149
Views
0
Helpful
18
Replies

OSPF Authentication

munawar.zeeshan
Level 1
Level 1

‎01-21-2008 12:50 AM - edited ‎03-03-2019 08:20 PM

To enable OSPF MD5 authentication, is it necessary to run it under all interfaces of a router.

If I don't enable it under a interface (and enable it under router process and rest of the interfaces)will that interface's network will not be advertised to the rest of the network. e.g; if a LAN switch is connected to an interface on which users are connected and I don't enable authn on that typical interface then ??

Labels:
0 Helpful
18 Replies 18

EA-6901000101
Level 1
Level 1
In response to Georg Pauwen

‎03-26-2018 08:20 AM

Hi I found an issues with BFD, Secure TTL and MD5 if I set MD5 type 7 don't match the Key, if I defined only MD5 "Key-Chain" is working fine, by now I removed the BFD and Secure TTL.

 

Have you any idea how encrypted MD5 7? I use some tools found in the internet but someone is failed.

 

Regards

0 Helpful

Pavel Bykov
Level 5
Level 5

‎01-21-2008 02:01 AM

Yes, the authentication is for ESTABLISHING neighbor relations - i.e. when they see each other, they authenticate before actually exchanging the routes.

Advertising routes is process of already established neighborship relation. After it is established and neighbors are authenticated, inside that relation they exchange information in those relations. In this phase the interface authentication setting is not important and does not play a role.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee

‎01-21-2008 03:27 AM

Hi Munawar,

As per the RFC, there is no area authentication in OSPF. It is Cisco who have implemented the area authentication concept. Typically as per the RFC, the authentication is done per interface and if you dont enable the authentication on an interface connected to the OSPF neighbor, the adjacency will break down. The network under the interface will still be advertised though.

regards,

-amit singh

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎01-21-2008 09:07 AM

You can enable OSPF MD5 under the interface or under the OSPF routing process.

If you were to enable under the routing process, all OSPF speaking devices on that area must also have OSPF MD5 enabled.

If you were to enable under the interface, only the OSPF speaking devices on that segment need to have OSPF MD5 enabled.

Usually, when migrating from non-authenticated OSPF to authenticated OSPF, it's recommend to configure OSPF interface authentication since this migration path is more controlled. Imagine having 100+ OSPF speaking devices in one area and having to enable area authentication in all of them at once.

HTH,

__

Edison.

0 Helpful
Customers Also Viewed These Support Documents