Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
0
Helpful
3
Replies

Question on OSPF MD5 Authentication

limtohsoon
Level 1
Level 1

‎09-30-2006 02:52 AM - edited ‎03-03-2019 02:10 PM

Hi Sir,

I have few routers on OSPF Area 0. Currently no OSPF authentication is configured.

I'm going to enable OSPF MD5 authentication on only a few routers and selected interfaces only, with the following interface config commands:

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 testkey

My question is, do I also need to configure the router config command "area 0 authentication message-digest" on the routers? Without this command, OSPF adjacency seems to be successfully established between two neighboring routers enabled with MD5 authentication (on interface-basis).

Please advise.

Thank you.

B.Rgds,

Lim TS

Labels:
0 Helpful
3 Replies 3

ariela
Level 4
Level 4

‎09-30-2006 02:57 AM

Hi,

"The area authentication message-digest command in this configuration enables authentication for all of the router interfaces in a particular area. You can also use the ip ospf authentication message-digest command under the interface to configure MD5 authentication for the specific interface. This command can be used if a different authentication method or no authentication method is configured under the area to which the interface belongs. It overrides the authentication method configured for the area. This is useful if different interfaces that belong to the same area need to use different authentication methods."

See that:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtml

HTH

Andrea

0 Helpful

limtohsoon
Level 1
Level 1
In response to ariela

‎09-30-2006 09:58 PM

Hi Andrea,

Thanks for the reply.

Let's say, a router currently is not configured to do any OSPF authentication and it successfully establishes adjacencies with other neighbor routers.

If I add the router config command "area 0 authentication message-digest" on the above router but have not configured "ip ospf authentication message-digest" and "ip ospf message-digest-key" on interfaces, will existing adjacencies on Area 0 be torn down?

I don't have routers with me now to test it but I need to know in theory.

Thank you.

B.Rgds,

Lim TS

0 Helpful

ariela
Level 4
Level 4
In response to limtohsoon

‎10-01-2006 08:36 AM

Hi,

if you add the 'area 0 authentication message-digest", you have to configure all routers on area 0, or "in theory" the adjacencies with routers no authenticated will go down.

The interface command overrides the area command, that is you could have an area 0 without auth, and a specific link on it with auth plain or MD5, or an area 0 with auth plain/MD5 and a specific link with auth MD5/plain ... It depends on your topology, and your goals.

Pay a special attention with virtual links ;) For a particolar nature of VL, if you have an area 0 authenticated, you have to use authentication on your VLs too.

HTH

Andrea

0 Helpful
Customers Also Viewed These Support Documents