[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Authentication Requirements
If you configure either simple password or MD5
authentication, the password or authentication key must be the same
on both sides of an adjacency. When you change the password or key
on one side of an established adjacency, you must also change it on
the other side within the dead interval. Doing this enables a hello
packet that has the latest authentication information to be sent before
the dead interval expires. If the packet is not sent within the dead
interval, the adjacency breaks down and is not reestablished until
both sides of the adjacency have the same password or key.
address authentication-key
- Use to assign a password used by neighboring routers for
OSPF simple password authentication.
- The interface can have an IP address, or it can be unnumbered.
- You can specify whether the key is entered in unencrypted
or encrypted format. If you do not specify which, the string is assumed
to be unencrypted.
- The password, or key, is a character string up to 8 characters
long.
- Example
- host1(config-router)#address 10.12.10.2 authentication-key
9rdf7
- Use the no version to delete
the password from the specified interface.
- See address authentication-key
address authentication message-digest
- Use to specify that MD5 authenticaion is used for the
OSPF interface.
- You must configure the MD5 key ID and password with the address message-digest-key md5 command.
- Switching between authentication types does not delete
a configured MD5 key ID or password; only using the no version of that configuration command can delete the MD5 key ID
and password.
- Example
- host1(config-router)#address 10.12.10.2 authentication
message-digest
- Use the no version to set authentication
for the interface to none without removing any configured MD5 key.
You can subsequently apply MD5 authentication to the interface without
having to reconfigure the key.
- See address authentication message-digest
address authentication-none
- Use to disable authentication on the interface.
- The interface can have an IP address, or it can be unnumbered.
- Example
- host1(config-router)#address 192.168.10.32 authentication-none
- The no version has no effect.
- See address authentication-none
address message-digest-key md5
- Use to enable OSPF MD5 authentication and configure the
MD5 key.
- The MD5 key is a character string up to 16 characters
long. You must also specify a key identifier and whether the key is
entered in unencrypted or encrypted format. If you do not specify
which, the string is assumed to be unencrypted.
- Configures an interface already created, or creates a
new OSPF interface and configures the MD5 key. The interface can have
an IP address, or it can be unnumbered.
- Example
- host1(config-router)#address 10.1.1.1 message-digest-key
1 md5 0 9mwk6gdr76
- Use the no version to delete
the MD5 key.
- See address message-digest-key md5
area virtual-link authentication-key
- Use to configure a simple password for a virtual link.
- You can specify whether the key is entered in unencrypted
or encrypted format. If you do not specify which, the string is assumed
to be unencrypted.
- The password can be up to eight characters long.
- Example
- host1(config-router)#area 27.0.0.0 virtual-link
27.3.4.5 authentication-key sadsa29c
- Use the no version to remove
the password.
- See area virtual-link authentication-key
area virtual-link authentication message-digest
- Use to specify that MD5 authentication is used for the
particular virtual link.
- You must configure the MD5 key ID and password with the area virtual-link message-digest-key
md5 command.
- Switching between authentication types does not delete
a configured MD5 key ID or password; only using the no version of that configuration command can delete the MD5 key ID
and password.
- Example
- host1(config-router)#area 27.0.0.0 virtual-link
27.2.3.4 authentication message-digest
- Use the no version to set authentication
for the virtual link to none without removing any configured MD5 key.
You can subsequently apply MD5 authentication to the virtual link
without having to reconfigure the key.
- See area virtual-link authentication message-digest
area virtual-link authentication-none
- Use to specify that no authentication is used for the
particular virtual link.
- Example
- host1(config-router)#area 27.0.0.0 virtual-link
27.2.3.4 authentication-none
- The no version has no effect.
- See area virtual-link authentication-none
area virtual-link message-digest-key md5
- Use to enable MD5 authentication and to configure MD5
keys for virtual links.
- The MD5 key is a character string up to 16 characters
long. You must also specify a key identifier and whether the key is
entered in unencrypted or encrypted format. If you do not specify
which, the string is assumed to be unencrypted.
- Example
- host1(config-router)#area 27.0.0.0 virtual-link
327.3.4.5 message-digest-key 2 md5 rc45lsm2c
- Use the no version to remove
the password.
- See area virtual-link message-digest-key md5
ip ospf authentication-key
- Use to configure a type 1 authentication (a simple password)
on the interface.
- Neighboring OSPF routers use the password to access the
router’s interface.
- Use the same password on all neighboring routers on the
same network.
- Use this password only when you enable authentication
for the interface.
- You can specify whether the key is entered in unencrypted
or encrypted format. If you do not specify which, the string is assumed
to be unencrypted.
- Use a password that is a continuous string up to 8 characters
long.
- Example
- host1(config-if)#ip ospf authentication-key
yourpwd
- Use the no version to remove
the password on the interface.
- See ip ospf authentication-key
ip ospf authentication message-digest
- Use to specify the authentication method for the interface
as MD5.
- You must configure the MD5 key ID and password with the ip ospf message-digest-key md5 command.
- Switching between authentication types does not delete
a configured MD5 key ID or password; only using the no version of that configuration command can delete the MD5 key ID
and password.
- Example
- host1(config-if)#ip ospf authentication message-digest
- Use the no version to set authentication
for the interface to none without removing any configured MD5 key.
You can subsequently apply MD5 authentication to the interface without
having to reconfigure the key.
- See ip ospf authentication message-digest
ip ospf authentication-none
- Use to specify that no authentication is used for the
OSPF interface.
- Example
- host1(config-if)#ip ospf authentication-none
- The no version has no effect.
- See ip ospf authentication-none
ip ospf message-digest-key md5
- Use to enable MD5 authentication on the OSPF interface
and configure the MD5 key.
 |
Note:
If all the MD5 keys have been deleted, the authentication type
is still MD5, but you need to configure MD5 keys.
|
- The MD5 key is a character string up to 16 characters
long. You must also specify a key identifier and whether the key is
entered in unencrypted or encrypted format. If you do not specify
which, the string is assumed to be unencrypted.
|
Note:
To display the password only in encrypted text, use the service password-encryption command.
|
- Example
- host1(config-if)#ip ospf message-digest-key
3 md5 0 tre987is
- Use the no version to delete
an MD5 key from the OSPF interface.
|
Note:
To disable MD5 authentication for the interface, use the ip ospf authentication-none command.
|
- See ip ospf message-digest-key md5
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
