configure clear text authentication on routers to secure ospf messages

Posted: July 23, 2015 in CCNP
Tags: , , , ,

If you have done your CCNA,you already familiar with the term OSPF and you also know how to configure it,but if you are new to networking you can learn about ospf along with it’s configuration from my blog.Today here i am going to discuss about how to configure ospf authentication on routers.OSPF can authenticate every OSPF message. This is usually done to prevent a rogue router from injecting false routing information and therefore causing a Denial-of-Service attack.

 

Two types of authentication method that can be used are:

1. clear text authentication clear text passwords are used,which is not more secure.

2. MD5 authenticationMD5 authentication is used. This type of authentication of more secure.

IMPORTANT NOTEwith OSPF authentication turned on, routers must pass the authentication process in order to become OSPF neighbors.

Here in this Lab we will learn how to configure clear text authentication method to secure ospf messages.

 

 

ospf authentication

Configuration on R1:

Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int fa0/0
R1(config-if)#ip address 20.0.0.1 255.0.0.0
R1(config-if)#no shut

 

OSPF ROUTING ON R1:

R1(config)#router ospf 1

R1(config-router)#network 20.0.0.0 0.255.255.255 area 0

 

CLEAR TEXT AUTHENTICATION CONFIGURATION ON ROUTER R1:

R1(config)#int fa0/0

R1(config-if)#ip ospf authentication-key redhat123

%OSPF: Warning: The password/key will be truncated to 8 characters

R1(config-if)#ip ospf authentication

 

Configuartion on R2:

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R2

R2(config)#int fa0/0

R2(config-if)#ip address 20.0.0.2 255.0.0.0

R2(config-if)#no shut

 

Configure OSPF Routing on Router R2:

R1(config)#router ospf 1

R1(config-router)#network 20.0.0.0 0.255.255.255 area 0

R1(config-router)#

 

CONFIGURE CLEAR TEXT BASED AUTHENTICATION ON ROUTER R2:

R2(config-if)#ip ospf authentication-key redhat123

%OSPF: Warning: The password/key will be truncated to 8 characters

R2(config-if)#ip ospf authentication

 

Verify clear text authentication on Router R1 using below command:

R1#show ip ospf int fa0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 20.0.0.1/8, Area 0

Process ID 1, Router ID 20.0.0.1, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State BDR, Priority 1

Designated Router (ID) 20.0.0.2, Interface address 20.0.0.2

Backup Designated Router (ID) 20.0.0.1, Interface address 20.0.0.1

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:07

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 20.0.0.2 (Designated Router)

Suppress hello for 0 neighbor(s)

Simple password authentication enabled

 

Verify clear text authentication on Router R2 using below command:

R2#show ip ospf int fa0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 20.0.0.2/8, Area 0

Process ID 2, Router ID 20.0.0.2, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 20.0.0.2, Interface address 20.0.0.2

Backup Designated Router (ID) 20.0.0.1, Interface address 20.0.0.1

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:07

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 20.0.0.1 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

Simple password authentication enabled

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s