OSPF IPv6 - Authentication
Authentication
OSPF (Open Shortest Path First) for IPv6 authentication is a critical security feature designed to verify the legitimacy of OSPF routing information exchanged between routers within an IPv6 network. Authentication mechanisms, such as simple password-based authentication or more secure options like MD5 or SHA-256 cryptographic authentication, can be implemented at various levels, including the OSPF interface level, and at the area and AS levels. By configuring OSPF IPv6 authentication, network administrators ensure that routers only accept routing updates from trusted OSPF neighbors, mitigating the risk of unauthorized routing information injection. This security measure is essential for maintaining the integrity of OSPF routing tables and protecting against potential attacks that might attempt to compromise the accuracy and reliability of the routing information within the OSPF domain. Proper implementation of OSPF IPv6 authentication adds a crucial layer of security, enhancing the overall robustness and trustworthiness of the OSPF routing infrastructure.
Lab:
Disclaimer
This Configuration Guide is designed to assist members to enhance their skills in particular technology area. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an Dzas isdz basis. Neither the authors nor Forum assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this guide. This configuration guide was developed by Forum. Any similarities between material presented in this configuration guide and any other material is completely coincidental.
Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.2(4)M1, DEVELOPMENT TEST SOFTWARE
Task 1: Configure IPv6 OSPF Authentication
Step 1: Enter the interface where authentication is required and select the encryption mode
R1:
interface s2/0
ipv6 ospf authentication ipsec spi 256 md5 0123456789ABCDEF0123456789ABCDEF
exit
Step 2: Enable IPv6 OSPF authentication on both the neighbors
R2:
interface s2/0
ipv6 ospf authentication ipsec spi 256 md5 0123456789ABCDEF0123456789ABCDEF
exit
Task 2: Verification:
Step 1: Verification of authentication by following command:
External Type 2:
R1#show run
// to display the contents of the currently running configuration file or the configuration the show running-config command in privileged EXEC mode.
interface Serial2/0
ip address 12.0.0.1 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key cisco
ipv6 address 12::/64 eui-64
ipv6 ospf authentication ipsec spi 256 md5 0123456789ABCDEF0123456789ABCDEF
ipv6 ospf 1 area 1
serial restart-delay 0
R2#show run
interface Serial2/0
ip address 12.0.0.2 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key cisco
ipv6 address 12::/64 eui-64
ipv6 enable
ipv6 ospf authentication ipsec spi 256 md5 0123456789ABCDEF0123456789ABCDEF
ipv6 ospf 2 area 1
serial restart-delay 0
Step 2: Verify OSPF neighborship by following command:
R1#clear ipv6 ospf process
R2#clear ipv6 ospf process
//will flush current IPv6 OSPF process and initiate fresh OSPF process.
R1#show ipv6 ospf neighbors
OSPFv3 Router with ID (11.0.3.1) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
22.0.3.2 0 FULL/- 00:00:35 11 Serial2/0
R2#show ipv6 ospf neighbors
OSPFv3 Router with ID (22.0.3.2) (Process ID 2)
Neighbor ID Pri State Dead Time Interface ID Interface
33.0.3.3 1 FULL/DR 00:00:37 3 Ethernet0/0
11.0.3.1 0 FULL/ - 00:00:31 11 Serial2/0
OSPF neighbors will authenticate the key and if key matches, OSPF neighborship will be formed. Fresh IPv6 OSPF neighborship can be verified in IPv6 OSPF neighbor table.