by Rene Molenaar in CCNA R&S, CCNP R&S, Cisco, OSPF In a re!ious article I de"onstrated #o$ to con%i&ure lain te't aut#entication %or OSPF( )#is ti"e $e*ll loo+ at M,- aut#entication( )#e idea is t#e sa"e but so"e o% t#e co""ands are di%%erent( Any$ay #ere is t#e toolo&y t#at $e $ill use. /ust t$o routers in t#e sa"e area, not#in& secial( 0ere is t#e con%i&uration to enable M,- aut#entication. Donna(config)#interface fastEthernet 0/0 Donna(config-if)#ip ospf message-digest-key 1 md5 MYPASS Donna(config-if)#ip ospf authentication message-digest Mary(config)#interface fastEthernet 0/0 Mary(config-if)#ip ospf message-digest-key 1 md5 MYPASS Mary(config-if)#ip ospf authentication message-digest For M,- aut#entication you need di%%erent co""ands( First use ip ospf message-digest-key md5 to seci%y t#e +ey nu"ber and a ass$ord( It doesn*t "atter $#ic# +ey nu"ber you c#oose but it #as to be t#e sa"e on bot# ends( )o enable OSPF aut#entication you need to tye in ip ospf authentication message-digest! Donna(config)#router ospf 1 Donna(config-router)#area 0 authentication message-digest I% you don*t $ant to enable OSPF aut#entication er inter%ace you can use t#e area authentication message-digest co""and( Donna#show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address !"#$%#"#/"&, Area 0 'rocess ID , (outer ID !"#$%#"#, )et*or+ ,ype -(.AD/A0,, /ost1 ,rans2it Delay is sec, 0tate -D(, 'riority Designated (outer (ID) !"#$%#"#", Interface address !"#$%#"#" -ac+up Designated router (ID) !"#$%#"#, Interface address !"#$%#"# Flush ti2er for old D( 30A due in 0010145 ,i2er inter6als configured, 7ello 0, Dead &0, 8ait &0, (etrans2it 4 oo9-resync ti2eout &0 7ello due in 00100104 0upports 3in+-local 0ignaling (330) Inde: /, flood ;ueue length 0 )e:t 0:0(0)/0:0(0) 3ast flood scan length is , 2a:i2u2 is 3ast flood scan ti2e is 0 2sec, 2a:i2u2 is 0 2sec eigh!or "ount is 1# Ad$acent neigh!or count is 1 Ad<acent *ith neigh9or !"#$%#"#" (Designated (outer) 0uppress hello for 0 neigh9or(s) Message digest authentication ena!%ed Youngest key id is 1 1sin& show ip ospf interface $e see M,- aut#entication is enabled and $e are usin& +ey I, 1( 2e #a!e a nei&#bor so it see"s to be $or+in&( Donna#de!ug ip ospf packet &SP' packet de!ugging is on .0'F1 rc6# 61" t1 l1&% rid1!"#$%#"#" aid10#0#0#0 ch+10 aut() keyid(1 se;10:5/=E/$45 fro2 FastEthernet0/0 ,ebu& s#o$s us t#at M,- aut#entication is enabled 3aut.24 and $e are usin& +ey I, 1( ,ebu& is also &reat to %i' aut#entication errors, #ere*s $#y. Donna(config)#interface fastEthernet 0/0 Donna(config-if)#no ip ospf message-digest-key 1 md5 MYPASS Donna(config-if)#ip ospf message-digest-key 1 md5 MY*+&,PASS First $e*ll enter a $ron& ass$ord5 Donna#de!ug ip ospf ad$ &SP' ad$acency e-ents de!ugging is on Donna#c%ear ip ospf process +eset A.. &SP' processes/ 0no1( yes I*ll debu& t#e OSPF nei&#bor ad6acency and reset t#e OSPF nei&#bors( Donna# .0'F1 +c- pkt from 12)314531)3)# 'astEthernet0/0 ( Mismatch Authentication 6ey - Message 7igest 6ey 1 So"e$#ere in t#e debu& you*ll see t#e "essa&e abo!e( )#is "eans t#at $e are usin& M,- +ey I, 1 on bot# sides but t#at t#e ass$ord is incorrect( )#at*s all t#ere is %or no$( I #oe t#is $as use%ul %or you7 I% you #a!e any 8uestions lease lea!e a co""ent( Read "ore. #tt.99net$or+lessons(co"9os%9#o$:to:con%i&ure:os%:"d-: aut#entication9;i'<<3-$!A$=>)