21 ip ospf message-digest-key md5 – CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 258 of 855

Examples

The following example sets the interval between hello packets to 15 seconds:
interface eth-0-1
ip ospf hello-interval 15

Related Commands

ip ospf dead-interval

15.21 ip ospf message-digest-key md5

To enable Open Shortest Path First (OSPF) Message Digest 5 (MD5) authentication, use the ip ospf
message-digest-key command in interface configuration mode. To remove an old MD5 key, use the
no form of this command.

Command Syntax

ip ospf message-digest-key key-id md5 key
no ip ospf message-digest-key key-id

key-id

An identifier in the range from 1 to 255.

key

Alphanumeric password of up to 16 bytes.

Default

OSPF MD5 authentication is disabled.

Command Mode

Interface configuration

Usage

Usually, one key per interface is used to generate authentication information when sending packets
and to authenticate incoming packets. The same key identifier on the neighbor router must have the
same key value.
The process of changing keys is as follows. Suppose the current configuration is as follows:
interface eth-0-11
ip ospf message-digest-key 100 md5 OLD
You change the configuration to the following:
interface eth-0-1
ip ospf message-digest-key 101 md5 NEW
The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example, the
system sends out two copies of the same packet—the first one authenticated by key 100 and the
second one authenticated by key 101.
Rollover allows neighboring routers to continue communication while the network administrator is