Cisco OSPF Plain Text Authentication

Continuing with our interior routing protocol discussion on authentication we are going to look at Cisco OSPF implementation of plain text authentication. While this isn’t the most widely used model for authentation with OSPF it is a viable option. The topology we are going to use is the same topology from the EIGRP authentication example. The steps may feel familiar as well.

OSPFAuth

A major difference between the OSPF plain text authentication and the EIGRP md5 authentication is the lack of a key chain. This is true for both the OSPF plain text and the OSPF implementation of MD5. The downside to this is the inability to prepare multiple keys for a life cycle process without impacting the established neighbors. The only configuration we will need to make is on the interfaces themselves as follows.

There are two very simple steps. First, we enable ospf authentication on the interface(s) desired. Second, we configure the key and it’s passphrase for authentication. These are the only two steps and are required on connecting interfaces for the OSPF neighbors selected to support authentication.

interface FastEthernet1/0
 ip address 10.0.42.1 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
!

As you can see the configuration is rather simple and quick. The downsides that need to be remembered is the key must be changed in an invasive way whenever the lifecycle comes up. Also, as a side affect of not using md5 authentication, the keys passphrase is also send in clear text leaving this solution susceptible to a sniffing attack.

Full router configurations follow:

R1

!
hostname R1
!
interface FastEthernet0/0
 ip address 192.168.42.1 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.42.1 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 1.1.1.1
 network 172.16.42.0 0.0.0.3 area 0
 network 192.168.42.0 0.0.0.3 area 0
!
end
R2

!
hostname R2
!
interface FastEthernet0/0
 ip address 10.0.42.2 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 172.16.42.2 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 2.2.2.2
 network 10.0.42.0 0.0.0.3 area 0
 network 172.16.42.0 0.0.0.3 area 0
!
end
R3

!
hostname R3
!
interface FastEthernet0/0
 ip address 192.168.42.2 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.0.42.1 255.255.255.252
 ip ospf authentication
 ip ospf authentication-key OSPFKEY
 duplex auto
 speed auto
!
router ospf 42
 router-id 3.3.3.3
 network 10.0.42.0 0.0.0.3 area 0
 network 192.168.42.0 0.0.0.3 area 0
!
end

Matt Ouellette is a certified information technology professional residing in Southwest Michigan. His technology findings and advice can be found on his PacketPilot blog. Mr. Ouellette spent 4 years as an I.T. Technician before stepping into a Network Engineer role at Bronson Health Group. Since completing his Associates Degree in Network Administration Matt has taken a head on approach to career enrichment through obtaining credentials such as CCNP, CCNA Voice, MCSA: Server 2008, and VCP5. This passion for continued learning allows him to deliver up to date quality technical solutions.

Permanent link to this article: http://www.packetpilot.com/cisco-ospf-plain-text-authentication/

Leave a Reply