Cisco ASA 5505 User Manual

24-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 24 Configuring OSPF

Customizing OSPF

ospf authentication-key

key

Example:

hostname(config-interface)# ospf

authentication-key cisco

Allows you to assign a password to be used by neighboring OSPF
routers on a network segment that is using the OSPF simple
password authentication.

The key argument can be any continuous string of characters up to
8 bytes in length.

The password created by this command is used as a key that is
inserted directly into the OSPF header when the ASA software
originates routing protocol packets. A separate password can be
assigned to each network on a per-interface basis. All neighboring
routers on the same network must have the same password to be
able to exchange OSPF information.

ospf cost

cost

Example:

hostname(config-interface)# ospf cost 20

Allows you to explicitly specify the cost of sending a packet on
an OSPF interface. The cost is an integer from 1 to 65535.

In this example, the cost is set to 20.

ospf dead-interval

seconds

Example:

hostname(config-interface)# ospf

dead-interval 40

Allows you to set the number of seconds that a device must wait
before it declares a neighbor OSPF router down because it has not
received a hello packet. The value must be the same for all nodes
on the network.

In this example, the dead interval is set to 40.

ospf hello-interval

seconds

Example:

hostname(config-interface)# ospf

hello-interval 10

Allows you to specify the length of time between the hello
packets that the ASA sends on an OSPF interface. The value must
be the same for all nodes on the network.

In this example, the hello interval is set to 10.

ospf message-digest-key

key_id md5 key

Example:

hostname(config-interface)# ospf

message-digest-key 1 md5 cisco

Enables OSPF MD5 authentication.

The following argument values can be set:

•

key_id—An identifier in the range from 1 to 255.

•

key—An alphanumeric password of up to 16 bytes.

Usually, one key per interface is used to generate authentication
information when sending packets and to authenticate incoming
packets. The same key identifier on the neighbor router must have
the same key value.

We recommend that you not keep more than one key per interface.
Every time you add a new key, you should remove the old key to
prevent the local system from continuing to communicate with a
hostile system that knows the old key. Removing the old key also
reduces overhead during rollover.

ospf priority

number_value

Example:

hostname(config-interface)# ospf priority

20

Allows you to set the priority to help determine the OSPF
designated router for a network.

The number_value argument ranges from 0 to 255.

In this example, the priority number value is set to 20.

Command

Purpose