0 évaluation0% ont trouvé ce document utile (0 vote)
137 vues2 pages
- The document discusses how to configure MD5 authentication for OSPF. It provides the commands needed to specify an MD5 key and password on each router interface and enable MD5 authentication for OSPF or a specific OSPF area.
- The commands ip ospf message-digest-key and ip ospf authentication message-digest are used to set the MD5 key and enable MD5 authentication on each interface. Debugging commands are also provided to verify MD5 authentication is working properly.
- Debugging output shows when MD5 authentication fails due to a mismatched password, helping troubleshoot authentication issues. The document provides an overview of configuring and troubleshooting MD5 authentication for OSPF.
- The document discusses how to configure MD5 authentication for OSPF. It provides the commands needed to specify an MD5 key and password on each router interface and enable MD5 authentication for OSPF or a specific OSPF area.
- The commands ip ospf message-digest-key and ip ospf authentication message-digest are used to set the MD5 key and enable MD5 authentication on each interface. Debugging commands are also provided to verify MD5 authentication is working properly.
- Debugging output shows when MD5 authentication fails due to a mismatched password, helping troubleshoot authentication issues. The document provides an overview of configuring and troubleshooting MD5 authentication for OSPF.
- The document discusses how to configure MD5 authentication for OSPF. It provides the commands needed to specify an MD5 key and password on each router interface and enable MD5 authentication for OSPF or a specific OSPF area.
- The commands ip ospf message-digest-key and ip ospf authentication message-digest are used to set the MD5 key and enable MD5 authentication on each interface. Debugging commands are also provided to verify MD5 authentication is working properly.
- Debugging output shows when MD5 authentication fails due to a mismatched password, helping troubleshoot authentication issues. The document provides an overview of configuring and troubleshooting MD5 authentication for OSPF.
by Rene Molenaar in CCNA R&S, CCNP R&S, Cisco, OSPF In a re!ious article I de"onstrated #o$ to con%i&ure lain te't aut#entication %or OSPF( )#is ti"e $e*ll loo+ at M,- aut#entication( )#e idea is t#e sa"e but so"e o% t#e co""ands are di%%erent( Any$ay #ere is t#e toolo&y t#at $e $ill use. /ust t$o routers in t#e sa"e area, not#in& secial( 0ere is t#e con%i&uration to enable M,- aut#entication. Donna(config)#interface fastEthernet 0/0 Donna(config-if)#ip ospf message-digest-key 1 md5 MYPASS Donna(config-if)#ip ospf authentication message-digest Mary(config)#interface fastEthernet 0/0 Mary(config-if)#ip ospf message-digest-key 1 md5 MYPASS Mary(config-if)#ip ospf authentication message-digest For M,- aut#entication you need di%%erent co""ands( First use ip ospf message-digest-key md5 to seci%y t#e +ey nu"ber and a ass$ord( It doesn*t "atter $#ic# +ey nu"ber you c#oose but it #as to be t#e sa"e on bot# ends( )o enable OSPF aut#entication you need to tye in ip ospf authentication message-digest! Donna(config)#router ospf 1 Donna(config-router)#area 0 authentication message-digest I% you don*t $ant to enable OSPF aut#entication er inter%ace you can use t#e area authentication message-digest co""and( Donna#show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address !"#$%#"#/"&, Area 0 'rocess ID , (outer ID !"#$%#"#, )et*or+ ,ype -(.AD/A0,, /ost1 ,rans2it Delay is sec, 0tate -D(, 'riority Designated (outer (ID) !"#$%#"#", Interface address !"#$%#"#" -ac+up Designated router (ID) !"#$%#"#, Interface address !"#$%#"# Flush ti2er for old D( 30A due in 0010145 ,i2er inter6als configured, 7ello 0, Dead &0, 8ait &0, (etrans2it 4 oo9-resync ti2eout &0 7ello due in 00100104 0upports 3in+-local 0ignaling (330) Inde: /, flood ;ueue length 0 )e:t 0:0(0)/0:0(0) 3ast flood scan length is , 2a:i2u2 is 3ast flood scan ti2e is 0 2sec, 2a:i2u2 is 0 2sec eigh!or "ount is 1# Ad$acent neigh!or count is 1 Ad<acent *ith neigh9or !"#$%#"#" (Designated (outer) 0uppress hello for 0 neigh9or(s) Message digest authentication ena!%ed Youngest key id is 1 1sin& show ip ospf interface $e see M,- aut#entication is enabled and $e are usin& +ey I, 1( 2e #a!e a nei&#bor so it see"s to be $or+in&( Donna#de!ug ip ospf packet &SP' packet de!ugging is on .0'F1 rc6# 61" t1 l1&% rid1!"#$%#"#" aid10#0#0#0 ch+10 aut() keyid(1 se;10:5/=E/$45 fro2 FastEthernet0/0 ,ebu& s#o$s us t#at M,- aut#entication is enabled 3aut.24 and $e are usin& +ey I, 1( ,ebu& is also &reat to %i' aut#entication errors, #ere*s $#y. Donna(config)#interface fastEthernet 0/0 Donna(config-if)#no ip ospf message-digest-key 1 md5 MYPASS Donna(config-if)#ip ospf message-digest-key 1 md5 MY*+&,PASS First $e*ll enter a $ron& ass$ord5 Donna#de!ug ip ospf ad$ &SP' ad$acency e-ents de!ugging is on Donna#c%ear ip ospf process +eset A.. &SP' processes/ 0no1( yes I*ll debu& t#e OSPF nei&#bor ad6acency and reset t#e OSPF nei&#bors( Donna# .0'F1 +c- pkt from 12)314531)3)# 'astEthernet0/0 ( Mismatch Authentication 6ey - Message 7igest 6ey 1 So"e$#ere in t#e debu& you*ll see t#e "essa&e abo!e( )#is "eans t#at $e are usin& M,- +ey I, 1 on bot# sides but t#at t#e ass$ord is incorrect( )#at*s all t#ere is %or no$( I #oe t#is $as use%ul %or you7 I% you #a!e any 8uestions lease lea!e a co""ent( Read "ore. #tt.99net$or+lessons(co"9os%9#o$:to:con%i&ure:os%:"d-: aut#entication9;i'<<3-$!A$=>)