OSPF IPv4 - Authentication

Download

Authentication

OSPF (Open Shortest Path First) for IPv4 authentication is a security feature designed to verify the legitimacy of OSPF routing information exchanged between routers within a network. OSPF supports several authentication methods, including simple password-based authentication and more secure mechanisms like MD5 or SHA-256 cryptographic authentication. Authentication can be applied at different levels, including the OSPF interface level or at the area and AS levels. By configuring OSPF authentication, network administrators ensure that routers only accept routing updates from trusted OSPF neighbors, preventing the inadvertent acceptance of false or malicious routing information. This security measure is crucial in maintaining the integrity of OSPF routing tables and protecting against potential attacks that might attempt to inject unauthorized routing information into the OSPF domain. Proper implementation of OSPF IPv4 authentication adds an essential layer of security to OSPF networks, enhancing the reliability and trustworthiness of the routing infrastructure.

Lab:

Disclaimer

This Configuration Guide is designed to assist members to enhance their skills in particular technology area. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an Dzas isdz basis. Neither the authors nor Forum assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this guide. This configuration guide was developed by Forum. Any similarities between material presented in this configuration guide and any other material is completely coincidental.

Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.2(4)M1, DEVELOPMENT TEST SOFTWARE

Task 1: Configure IPv4 OSPF Authentication

Step 1: Enter the interface where authentication is required and select the encryption mode

R1:
interface s2/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
exit

Step 2: Enable OSPF authentication on both the neighbors

R2:
interface serial 2/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
exit

Task 2: Verification:

Step 1: Verification of authentication by following command:

R1#show run
// to display the contents of the currently running configuration file
!
interface Serial 2/0
 ip address 12.0.0.1 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 serial restart-delay 0
!

R2#show run
!
interface Serial 2/0
ip address 12.0.0.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco 
serial restart-delay 0
!

Step 2: Verify OSPF neighborship by following command:

R1#clear ip ospf process
R2#clear ip ospf process
//will flush current OSPF process and initiate fresh OSPF process.

R1#show ip ospf neighbors
Neighbor ID     Pri    State           Dead Time        Address         Interface
22.0.3.2        0      FULL/ -         00:00:36         12.0.0.2        Serial2/0

R2#show ip ospf neighbors
Neighbor ID     Pri     State          Dead Time        Address         Interface
33.0.3.3        1       FULL/DR        00:00:31         23.0.0.3        Ethernet0/0
11.0.3.1        0       FULL/ -        00:00:37         12.0.0.1        Serial2/0

OSPF neighbors will authenticate the key and if key matches, OSPF neighborship will be formed. Fresh OSPF neighborship can be verified in OSPF neighbor table.