9 ospf authentication – CANOGA PERKINS CanogaOS Configuration Guide User Manual

CanogaOS Configuration Guide

Proprietary & Confidential Canoga Perkins Metro Ethernet Switches

Page 132 of 350

17.9 OSPF Authentication

In our implementation there are three types of OSPF authentications--Null authentication (Type
0), Simple Text (Type 1) authentication and MD5 (Type 2) authentication. With null
authentication, routing exchanges over the network are not authenticated. In Simple Text
authentication, the authentication type is the same for all routers that communicate using OSPF
in a network. For MD5 authentication, you configure a key and a key-id on each router. The
router generates a message digest on the basis of the key, key ID and the OSPF packet and adds
it to the OSPF packet.
The Authentication type can be configured on a per-interface basis or a per-area basis.
Additionally, Interface and Area authentication can be used together. Area authentication is used
for an area and interface authentication is used for a specific interface in the area. If the Interface
authentication type is different from Area authentication type, Interface authentication type
overrides the Area authentication type. If the Authentication type is not specified for an interface,
the Authentication type for the area is used. The authentication command descriptions contain
details of each type of authentication. Refer to the OSPF Command Reference for OSPF
authentication commands.
In the example below, R1 and R2 are configured for both the interface and area authentications.
The authentication type of interface eth1 on R1 and interface eth0 on R2 is md5 mode and is
defined by the area authentication command; however, the authentication type of interface eth2
on R1 and interface eth1 on R2 is plain text mode and is defined by the ip ospf authentication
command. This interface command overrides the area authentication command.

17.9.1 Terminology