Categories R&S

OSPF – Implement and troubleshoot authentication – Clear text authentication

Let’s move on to OSPF authentication.

First, basic clear text authentication.

 

Theory:

OSPFv2 supports three types of authentication:

Type 0= null authentication (no authentication)

Type 1= clear text authentication

Type 2= MD5 authentication or HMAC-SHA authentication.

 

Requirements:

Configure OSPF clear text authentication between R6 and R7.

 

Diagram:

Not-so-totally-stubby area

 

Configuration and verification:

 

There is two way to configure clear text authentication.

First way, at the process level but we still have to configure the password at the interface level:

R6(config)#router ospf 10
R6(config-router)#area 10 authentication
R6(config-router)#int Eth 0/2
R6(config-if)#ip ospf authentication-key CISCO

 

Second way, at the interface level:

R7(config)#int Eth 0/0
R7(config-if)#ip ospf authentication
R7(config-if)#ip ospf authentication-key CISCO

 

To verify that authentication is correctly configure we can use the following:

R6#sh ip ospf
 Routing Process "ospf 10" with ID 66.66.66.66
 Start time: 00:00:26.660, Time elapsed: 01:47:57.451
SNIP
    Area 10
        Number of interfaces in this area is 1
        Area has simple password authentication

 

On R7, because authentication is not set at the process level, we don’t see it when using the “show ip ospf” command:

R7#sh ip ospf
 Routing Process "ospf 10" with ID 77.77.77.77
 Start time: 00:00:26.764, Time elapsed: 01:48:37.673
SNIP
    Area 10
        Number of interfaces in this area is 4 (1 loopback)
        Area has no authentication

We need to verify that with the following command:

R7#sh ip ospf int Eth 0/0
Ethernet0/0 is up, line protocol is up
  Internet Address 10.10.67.2/30, Area 10, Attached via Interface Enable
  Process ID 10, Router ID 77.77.77.77, Network Type POINT_TO_POINT, Cost: 10
SNIP
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 66.66.66.66
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

 

Neighbor adjacency is UP so it is working fine:

R7#sh ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
66.66.66.66       0   FULL/  -        00:00:34    10.10.67.1      Ethernet0/0

 

Let’s now see the type 2 authentication.

 

 

Thank you for reading.

 

OSPF – Implement and troubleshoot authentication – Clear text authentication