If you have done your CCNA,you already familiar with the term OSPF and you also know how to configure it,but if you are new to networking you can learn about ospf along with it’s configuration from my blog.Today here i am going to discuss about how to configure ospf authentication on routers.OSPF can authenticate every OSPF message. This is usually done to prevent a rogue router from injecting false routing information and therefore causing a Denial-of-Service attack.
Two types of authentication method that can be used are:
1. clear text authentication – clear text passwords are used,which is not more secure.
2. MD5 authentication – MD5 authentication is used. This type of authentication of more secure.
IMPORTANT NOTE – with OSPF authentication turned on, routers must pass the authentication process in order to become OSPF neighbors.
Here in this Lab we will learn how to configure clear text authentication method to secure ospf messages.
Configuration on R1:
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int fa0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#no shut
OSPF ROUTING ON R1:
R1(config)#router ospf 1
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0
CLEAR TEXT AUTHENTICATION CONFIGURATION ON ROUTER R1:
R1(config)#int fa0/0
R1(config-if)#ip ospf authentication-key redhat123
%OSPF: Warning: The password/key will be truncated to 8 characters
R1(config-if)#ip ospf authentication
Configuartion on R2:
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#int fa0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shut
Configure OSPF Routing on Router R2:
R1(config)#router ospf 1
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0
R1(config-router)#
CONFIGURE CLEAR TEXT BASED AUTHENTICATION ON ROUTER R2:
R2(config-if)#ip ospf authentication-key redhat123
%OSPF: Warning: The password/key will be truncated to 8 characters
R2(config-if)#ip ospf authentication
Verify clear text authentication on Router R1 using below command:
R1#show ip ospf int fa0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 20.0.0.1/8, Area 0
Process ID 1, Router ID 20.0.0.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 20.0.0.2, Interface address 20.0.0.2
Backup Designated Router (ID) 20.0.0.1, Interface address 20.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 20.0.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
Verify clear text authentication on Router R2 using below command:
R2#show ip ospf int fa0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 20.0.0.2/8, Area 0
Process ID 2, Router ID 20.0.0.2, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 20.0.0.2, Interface address 20.0.0.2
Backup Designated Router (ID) 20.0.0.1, Interface address 20.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 20.0.0.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
Learn Linux CCNA CEH IPv6 Cyber-Security Online 