Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure the OSPF Network Authentication

To prevent information leakage or malicious attacks to OSPF devices, all packet interaction between OSPF neighbors has the authentication capability. The authentication types include: NULL (no authentication), simple text authentication, MD5 authentication, SM3 authentication, and key-chain authentication.

If authentication is configured, an OSPF interface requires authentication before receiving OSPF protocol packets. The OSPF interface receives only packets that have passed authentication. Therefore, the OSPF interfaces through which neighbor relations are set up, their authentication modes, Key IDs, and authentication passwords must be the same.

An authentication mode and an authentication password are configured independently. If an authentication password has been configured but no authentication mode is configured, the authentication mode corresponding to the authentication password will be automatically configured.

An OSPF authentication mode can be configured on an area, interface, or interface address. The priorities that are sorted from low to high include: area authentication, interface authentication, and interface address authentication. That is, the interface address authentication is first used, and then the interface authentication, and finally the area authentication.

Configuration Condition

Before configuring OSPF authentication, ensure that:

  • Interface IP addresses have been configured so that neighbor nodes are reachable at the network layer.
  • Enable OSPF.

Configure OSPF Area Authentication

To validate OSPF area authentication, you must configure not only the area authentication mode but also the corresponding authentication password on the interface.

Table 7-10 Configuring OSPF Area Authentication

Step

Command

Description

Enter the global configuration mode.

configure terminal

-

Enter the OSPF configuration mode.

router ospf process-id [ vrf vrf-name ]

-

Configure the area authentication mode.

area area-id authentication [ message-digest | key-chain]

Mandatory.

By default, area authentication is not configured.

The keyword message-digest in the command indicates MD5 authentication; the key word key-chain indicates the key-chain authentication; otherwise, plain text authentication is configured.

Enter the interface configuration mode.

interface interface-name

-

Configure a password for plain text authentication.

ip ospf [ ip-address ] authentication-key { 0 | 7 } password

Mandatory.

By default, no password is configured for plain text authentication.

Configure a password for MD5/SM3 authentication.

ip ospf [ ip-address ] message-digest-key key-id { md5 | sm3} { 0 | 7 } password

Mandatory.

By default, no password is configured for MD5/SM3

authentication.

Configure the key-chain authentication

ip ospf [ ip-address ] key-chain

key-chain name

Mandatory

By default, do not configure the key-chain authentication.

Configure OSPF Interface Authentication

If an OSPF interface has multiple IP addresses, you can set an authentication mode or authentication password for one IP address of the interface. If you do not specify an interface address, all addresses of the interface use the specified authentication mode or authentication password.

Table 7-11 Configuring OSPF Interface Authentication

Step

Command

Description

Enter the global configuration mode.

configure terminal

-

Enter the interface configuration mode.

interface interface-name

-

Configure the interface authentication mode.

ip ospf [ ip-address ] authentication [ key-chain | message-digest | null ]

Mandatory.

By default, interface authentication mode is not configured.

The keyword message-digest in the command indicates MD5 authentication, and the keyword null indicates no authentication; the key word key-chain indicates the key-chain authentication; otherwise, plain text authentication is configured.

Configure a password for plain text authentication.

ip ospf [ ip-address ] authentication-key { 0 | 7 } password

Mandatory.

By default, no password is configured for plain text authentication.

Configure a password for MD5/SM3 authentication.

ip ospf [ ip-address ] message-digest-key key-id {md5 | sm3} { 0 | 7 } password

Mandatory.

By default, no password is configured for MD5/SM3 authentication.

Configure the key-chain authentication

ip ospf [ ip-address ] key-chain key-chain name

Mandatory

By default, do not configure the key-chain authentication.