OSPF authentication can be configured on OSPF routers to prevent rogue routers from injecting false routing information and causing a Denial-of-Service attack.
There are two types of OSPF authentication: Plain Text authentication and MD5 authentication. Plain text authentication uses clear text passwords, while MD5 authentication provides a more secure method. In this post, we will demonstrate how to configure OSPF Plain Text Authentication.
Network Topology
The network topology we will be making use of in this post is shown below. As you can see, it consists of two routers. In this post, we will configure OSPF on the two routers and configure OSPF authentication on the two routers.
How to Configure OSPF Plain Text Authentication
Here are steps to configure OSPF Plain Text Authentication using the network topology shown above.
Step 1: Configure OSPF on the routers
Configure OSPF on R1 and R2 and then advertise the connected network.
Router 1
R1(config)#interface ethernet0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#exit
Router 2
R2(config)#interface ethernet0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-router)#router
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#exit
Step 2: Check if both routers formed neighborship in OSPF
By default, there is no OSPF authentication, so the two OSPF routers will form a neighborship.
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:37 192.168.12.2 Ethernet0/0
Router 2
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:00:31 192.168.12.1 Ethernet0/0
Step 3: Configure OSPF authentication
Router 2
Change the authentication in R2 from none to plain-text and put a password of 123456.
R2(config)#interface ethernet0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key 123456
R2(config-if)#exit
Did R1 and R2 lose neighborship?
R2#show ip ospf neighbor
----> Empty <----
R1#show ip ospf neighbor
----> Empty <----
Router 1
Change the authentication in R1 from none to plain-text and put a password of 123456
R1(config)#interface ethernet0/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key 123456
R1(config-if)#exit
Step 4: Verify that the OSFP neighbor is formed again
Router 1
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:34 192.168.12.2 Ethernet0/0
Router 2
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/BDR 00:00:32 192.168.12.1 Ethernet0/0
Related Content;
- How to Configure OSPF Default Route on a Cisco Router
- How to Configure OSPF DR and BDR
- How to Configure OSPF Passive Interface on Cisco Router
- How to Configure OSPF Backbone Area | How to Configure OSPF Area 0
- How to Configure OSPF Multi-Area
- How To Configure OSPF on Layer 3 Switch In Packet Tracer
- Redistributing Static Routes into OSPF: Explained With Example
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below