[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Enabling Authentication for OSPF Exchanges

All OSPFv2 protocol exchanges can be authenticated to guarantee that only trusted routers participate in the AS's routing. By default, OSPF authentication is disabled.

Note: OSPFv3 does not support authentication.

You can enable either of two authentication types:

Simple authentication—Authenticates by means of a plain-text password (key) included in the transmitted packet.
MD5 authentication—Authenticates by means of an MD5 checksum included in the transmitted packet.

Because OSPF performs authentication at the area level, all routers within the area must have the same authentication and corresponding password (key) configured. For MD5 authentication to work, both the receiving and transmitting routers must have the same MD5 key.

To enable OSPF authentication on the stub area:

Navigate to the top of the configuration hierarchy in either the J-Web or the CLI configuration editor.
Perform the configuration tasks described in Table 119.

Table 119: Enabling OSPF Authentication

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the 0.0.0.0 level in the configuration hierarchy.	In the J-Web interface, select Configuration>View and Edit>Edit Configuration. Next to Protocols, click Edit. Next to Ospf, click Edit. Under Area id, click 0.0.0.0.	From the [edit] hierarchy level, enter edit protocols ospf area 0.0.0.0
Set the authentication type for the stub area to either simple or MD5—for example, MD5.	From the Authentication type list, select md5. Click OK.	Set the authentication type: set authentication-type md5
Navigate to the interface-name level in the configuration hierarchy.	On the main Configuration page next to Protocols, click Edit. Next to Ospf, click Edit. Under Area id, click 0.0.0.0. Under Interface name, click an interface name.	From the [edit] hierarchy level, enter edit protocols ospf area 0.0.0.0 interface interface-name
Set the authentication password (key) and, for MD5 authentication only, the key identifier to associate with the MD5 password: For simple authentication, set a password of from 1 through 8 ASCII characters—for example, Chey3nne. For MD5 authentication: Set a password of from 1 through 16 ASCII characters—for example, Chey3nne. Set a key identifier between 0 (the default) and 255—for example, 2.	In the Key name box, type Chey3nne. For MD5 authentication only, in the Key ID box, type 2. Click OK. Repeat Step 1 through Step 3 for each interface in the stub area for which you are enabling authentication.	Set the authentication password and, for MD5 authentication only, set the key identifier: set authentication-key Chey3nne key-id 2 Repeat Step 1 for each interface in the stub area for which you are enabling authentication.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]