Ip ospf message-digest-key – LevelOne GTL-2690 User Manual

IP Routing Commands

42-34

42

Example
This example sets a password for the specified interface.

Related Commands

ip ospf authentication (42-32)

ip ospf message-digest-key

This command enables message-digest (MD5) authentication on the specified
interface and to assign a key-id and key to be used by neighboring routers. Use the
no form to remove an existing key.

Syntax

ip ospf message-digest-key key-id md5 key
no ip ospf message-digest-key key-id

• key-id - Index number of an MD5 key. (Range: 1-255)
• key - Alphanumeric password used to generate a 128 bit message digest

or “fingerprint.” (Range: 1-16 characters)

Command Mode

Interface Configuration (VLAN)

Default Setting

MD5 authentication is disabled.

Command Usage

• Before specifying MD5 authentication for an interface with the ip ospf

authentication command, configure the message-digest key-id and key with
this command.

• Normally, only one key is used per interface to generate authentication

information for outbound packets and to authenticate incoming packets.
Neighbor routers must use the same key identifier and key value.

• When changing to a new key, the router will send multiple copies of all

protocol messages, one with the old key and another with the new key. Once
all the neighboring routers start sending protocol messages back to this router
with the new key, the router will stop using the old key. This rollover process
gives the network administrator time to update all the routers on the network
without affecting the network connectivity. Once all the network routers have
been updated with the new key, the old key should be removed for security
reasons.

Console(config)#interface vlan 1
Console(config-if)#ip ospf authentication-key badboy
Console(config-if)#