beautypg.com

Interface configuration, Ip ospf authentication – LevelOne GTL-2691 User Manual

Page 1494

background image

C

HAPTER

49

| IP Routing Commands

Open Shortest Path First (OSPFv2)

– 1494 –

Interface Configuration

ip ospf

authentication

This command specifies the authentication type used for an interface.

Enter this command without any optional parameters to specify plain text

(or simple password) authentication. Use the no form to restore the

default of no authentication.

S

YNTAX

ip ospf [ip-address] authentication [message-digest | null]
no ip ospf [ip-address] authentication

ip-address - IP address of the interface. Enter this parameter to

specify a unique authentication type for a primary or secondary IP

address associated with the current VLAN. If not specified, the

command applies to all networks connected to the current interface.
message-digest - Specifies message-digest (MD5) authentication.
null - Indicates that no authentication is used.

C

OMMAND

M

ODE

Interface Configuration (VLAN)

D

EFAULT

S

ETTING

No authentication

C

OMMAND

U

SAGE

Use authentication to prevent routers from inadvertently joining an

unauthorized area. Configure routers in the same area with the same

password or key. All neighboring routers on the same network with the

same password will exchange routing data.

This command creates a password (key) that is inserted into the OSPF

header when routing protocol packets are originated by this device.

Assign a separate password to each network for different interfaces.

When using simple password authentication, a password is included in

the packet. If it does not match the password configured on the

receiving router, the packet is discarded. This method provides very

little security as it is possible to learn the authentication key by

snooping on routing protocol packets.

When using Message-Digest 5 (MD5) authentication, the router uses

the MD5 algorithm to verify data integrity by creating a 128-bit

message digest from the authentication key. Without the proper key

and key-id, it is nearly impossible to produce any message that

matches the pre-specified target message digest.

Before specifying plain-text password authentication for an interface,

configure a password with the

ip ospf authentication-key

command.

Before specifying MD5 authentication for an interface, configure the

message-digest key-id and key with the

ip ospf message-digest-key

command.

See also other documents in the category LevelOne Routers: