Cisco OSPF MD5 Authentication

Continuing with our OSPF and interior gateway protocols we will not look at an MD5 implementation utilizing OSPF on a Cisco router. We will again continue with our 3 router topology as used in both the EIGRP MD5 example and the OSPF plain text example. There are very few changes that will need to be made to our earlier OSPF example using plain text. The topology is as follows.

OSPFAuth

The main reason to utilize MD5 authentication on your OSPF instance is to protect the keys being passed across the active interfaces in OSPF. To start this example we will remove the existing ip ospf commands underneath each interface. We will then re-add the modified commands to establish the MD5 connected neighbors.

interface FastEthernet0/0
 ip address 192.168.42.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
!

By expanding our interface configuration commands to state their message-digest options we are establishing a more secure authentication to our OSPF instance. We still have the existing downside to OSPF authentication in the fact that changing the keys requires the neighbors to temporarily go down. This leaves a change to the OSPF authentication to be initiated during an established downtime.

Full router configurations follows:

R1

!
hostname R1
!
interface FastEthernet0/0
 ip address 192.168.42.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.42.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 1.1.1.1
 network 172.16.42.0 0.0.0.3 area 0
 network 192.168.42.0 0.0.0.3 area 0
!
end
R2

!
hostname R2
!
interface FastEthernet0/0
 ip address 10.0.42.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.42.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 2.2.2.2
 network 10.0.42.0 0.0.0.3 area 0
 network 172.16.42.0 0.0.0.3 area 0
!
end
R3

!
hostname R3
!
interface FastEthernet0/0
 ip address 192.168.42.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.0.42.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 3.3.3.3
 network 10.0.42.0 0.0.0.3 area 0
 network 192.168.42.0 0.0.0.3 area 0
!
end

Matt Ouellette is a certified information technology professional residing in Southwest Michigan. His technology findings and advice can be found on his PacketPilot blog. Mr. Ouellette spent 4 years as an I.T. Technician before stepping into a Network Engineer role at Bronson Health Group. Since completing his Associates Degree in Network Administration Matt has taken a head on approach to career enrichment through obtaining credentials such as CCNP, CCNA Voice, MCSA: Server 2008, and VCP5. This passion for continued learning allows him to deliver up to date quality technical solutions.

Permanent link to this article: http://www.packetpilot.com/cisco-ospf-md5-authentication/

Leave a Reply