cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
566
Views
20
Helpful
5
Replies
Highlighted
Beginner

What is OSPF Authentication used for

Hello,

 

I am studying for my CCNA Security and just came across a video talking about OSPF Authentication, but didn't really explain why it would be used.

 

I know the purpose behind it is to send the routing updates securely, but why would you need this, if all other aspects of your network are secured?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: What is OSPF Authentication used for

Hi 

A good best practice is use specific /32 networks into the routing protocols to create adjacencies but imagine some network administrator have the following config:

 

interface g0/0

description TO-HQ

ip address 10.0.10.2 255.255.255.0

no shutdown

 

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

or

network 0.0.0.0 255.255.255.255 area 0

 

All the network could be receive routing information or create adjacency with rogue devices (not authorized devices) over some network 10.x.x.x. From my point of view good practices are: 

- Configure as passive LAN interfaces

- Set up the specific IP address to create adjacency, for example use: 10.0.10.2 0.0.0.0 

- Authentication creates a protection layer to avoid any misconfiguration,  So not all the device will be able to participate into the routing domain without a password. 

 

Hope it is useful

:-)

 

5 REPLIES
Beginner

Re: What is OSPF Authentication used for

Essentially, authentication is used to recognize which router can participate exchanging OSPF messages. For instance, a company has 4 routers and for security reasons, they are going to use OSPF authentication. Every router will have the same password and key id, so they are going to form a OSPF neighborhood. Let's say a fifth router is connected to the network with no good intention (it is connected to inject fake routes to fake sites.) If that router does not have the same password and same key id, it will never participate into the OSPF messages and obviously, it will never modify the routes.

VIP Advisor

Re: What is OSPF Authentication used for

Hi 

A good best practice is use specific /32 networks into the routing protocols to create adjacencies but imagine some network administrator have the following config:

 

interface g0/0

description TO-HQ

ip address 10.0.10.2 255.255.255.0

no shutdown

 

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

or

network 0.0.0.0 255.255.255.255 area 0

 

All the network could be receive routing information or create adjacency with rogue devices (not authorized devices) over some network 10.x.x.x. From my point of view good practices are: 

- Configure as passive LAN interfaces

- Set up the specific IP address to create adjacency, for example use: 10.0.10.2 0.0.0.0 

- Authentication creates a protection layer to avoid any misconfiguration,  So not all the device will be able to participate into the routing domain without a password. 

 

Hope it is useful

:-)

 

Re: What is OSPF Authentication used for

BTW, later Cisco OSPFv2 implementations also support the OSPFv3 syntax, where you can place an interface into OSPF using an interface command rather than an OSPF process network statement.
VIP Advisor

Re: What is OSPF Authentication used for

Hello

 


@rdanieldrew1 wrote:

Hello,

 

I am studying for my CCNA Security and just came across a video talking about OSPF Authentication, but didn't really explain why it would be used.

 

I know the purpose behind it is to send the routing updates securely, but why would you need this, if all other aspects of your network are secured?


Basically to protect unwarranted ospf adjacencies from from forming within your ospf processes/domain and also protect these rtrs from exchanging routing updates to unwarranted ospf peers

res
Paul

 

 

 



kind regards
Paul

Please don't forget to rate any posts that have been helpful.

Re: What is OSPF Authentication used for

By default, an OSPF device will form an adjacency with any other OSPF device as long as they have common attributes, such as network and area parameter (which can be determined by watching what an OSPF device is transmitting in its hello packets).

Also by default, OSPF edge networks (e.g. user networks) will allow an OSPF adjacency.

OSPF authentication helps insure an OSPF adjacent device is authorized to exchange routing information with your device.
CreatePlease to create content
Ask the Expert- MPLS troubleshooting