Configuring Authentication

The router supports the following authentication capabilities:

The MD5 algorithm takes as input a message of arbitrary length and produces a 128-bit fingerprint or message digest of the input. MD5 is used to create digital signatures. It is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, called a message digest.

When using a one-way hash function, you can compare a calculated message digest with the message digest that is decrypted by using a public key (password). The key verifies that the message has not been tampered with. This comparison process is called a hashcheck.

Note: You must first issue the address area command before issuing any other address command.

Authentication Requirements

If you configure either simple password or MD5 authentication, the password or authentication key must be the same on both sides of an adjacency. When you change the password or key on one side of an established adjacency, you must also change it on the other side within the dead interval. Doing this enables a hello packet that has the latest authentication information to be sent before the dead interval expires. If the packet is not sent within the dead interval, the adjacency breaks down and is not reestablished until both sides of the adjacency have the same password or key.

address authentication-key

address authentication message-digest

address authentication-none

address message-digest-key md5

area virtual-link authentication-key

area virtual-link authentication message-digest

area virtual-link authentication-none

area virtual-link message-digest-key md5

ip ospf authentication-key

ip ospf authentication message-digest

ip ospf authentication-none

ip ospf message-digest-key md5