Ip ospf message-digest-key – Allied Telesis AT-S83 User Manual

Chapter 15: Open Shortest Path First (OSPF) Commands

326

IP OSPF MESSAGE-DIGEST-KEY

Syntax

ip ospf A.B.C.D message-digest-key KEYID <1-255> md5
LINE

no ip ospf A.B.C.D message-digest-key KEYID

Parameters

A.B.C.D

Specifies the IP address of the interface.

KEYID

Specifies a key ID. Enter a value between 1 and 255.

MD5

Specifies the MD5 algorithm.

LINE

Specifies the OSPF password. String by the end of the line
is taken. Enter a value between 1 and 16 characters.

Description

Use the IP OSPF MESSAGE-DIGEST-KEY command to register an MD5
key for OSPF MD5 authentication. By default, this command is disabled.

Message Digest Authentication is a cryptographic authentication. A key
(password) and key-id are configured on each router. The router uses an
algorithm based on the OSPF packet, the key, and the key-id to generate
a message digest that is appended to the packet.

Use this command for uninterrupted transitions between passwords. This
is helpful for administrators who want to change the OSPF password
without disrupting communication. The system begins a rollover process
until all the neighbors have adopted the new password. This allows
neighboring routers to continue communication while the network
administrator is updating them with a new password. The router stops
sending duplicate packets once it detects that all of its neighbors have
adopted the new password.

Maintain only one password per interface, removing the old password
when you add a new one. This prevents the local system from continuing
to communicate with the system that is using the old password. Removing
the old password also reduces overhead during rollover.

All neighboring routers on the same network must have the same
password value to enable exchange of OSPF routing data.