< Free Open Study > |
OSPF AuthenticationOSPF uses two forms of authentication, Type I and Type II. Both forms are fairly easy and straightforward to configure. When configuring passwords, do not enter an encryption type for the password on the interface. Instead, use the global command service password-encryption to enable all password protection after all the configuration is complete. Type 1 AuthenticationType 1 authentication is clear-text authentication. If a sniffer is placed on a network, the password still can be captured, so this is less secure than Type 2. To configure Type 1 authentication, follow this two-step process:
Type 2 AuthenticationType 2 authentication is Message Digest 5 (MD5) cryptographic checksums. OSPF builds a hash value from the OSPF key and password. The hash is the only value sent across the link; no passwords are sent, making MD5 authentication secure. To configure Type 2 (MD5), authentication, follow this two-step process:
Type 1/Type 2 Authentication ExampleFigure 12-12 shows a portion of a network in Area 10. Example 12-29 and Example 12-30 show Type 1 and Type 2 authentication options for OSPF in this network. Figure 12-12. OSPF Authentication
Example 12-29 Example 12-29 OSPF Type 1 Authentication on Area 10! hostname peter ! interface Ethernet0 ip address 172.16.100.8 255.255.255.0 ip ospf authentication-key cisco Cisco is the password ! router ospf 7 network 172.16.100.8 0.0.0.0 area 10 area 10 authentication Type 1 authentication enabled in area 10 _______________________________________________________________________________ hostname mark ! interface Ethernet0 ip address 172.16.100.6 255.255.255.0 no ip directed-broadcast ip ospf authentication-key cisco ! router ospf 7 router-id 192.168.250.6 area 10 authentication network 172.16.6.0 0.0.0.255 area 10 network 172.16.100.6 0.0.0.0 area 10 ! Example 12-30 is the same configuration for Figure 12-11 using MD5 authentication. Example 12-30 OSPF Type 2 Authentication on Area 10! hostname peter ! interface Ethernet0 ip address 172.16.100.8 255.255.255.0 ip ospf message-digest-key 1 md5 cisco Cisco is the password, key=1 ! router ospf 7 network 172.16.100.8 0.0.0.0 area 10 area 10 authentication message-digest Type 2 authentication enabled in area 10 _______________________________________________________________________________ hostname mark ! interface Ethernet0 ip address 172.16.100.6 255.255.255.0 no ip directed-broadcast ip ospf message-digest-key 1 md5 cisco ! router ospf 7 router-id 192.168.250.6 area 10 authentication message-digest network 172.16.6.0 0.0.0.255 area 10 network 172.16.100.6 0.0.0.0 area 10 ! |
< Free Open Study > |