How to Configure OSPF Plain Text Authentication

This topic is to discuss the following lesson:

1 Like

If you run a Wireshark cap you can see the plain-text passphrase of MYPASS in one of the OSPF header packets

why you didn’t configure a password under area 0 authentication command?

The password is configured on the interface, not under the OSPF process.

So you have to enter a authentication-key on every interface?

Hi Chris,

That’s right, the key is always per interface.

Rene

Thanks for the quick response, great lesson again!

Can we use either one for plain text authentication under interfaces or ospf process, Lets say we dont configure authentication under interfaces and configure authentication under area only then what should be the authentication credentials.

1 Like

Hi Sudej,

If you enable authentication for the entire area then you still have to configure the password on the interface.

Rene

1 Like

Hi Rene,

if we configure plain text authentication does that mean that the key is send with the hello packet and then compared to the key configured on the other routers interface, and if we use MD5 authentication that with the key a MD5 hash is created and on the other site the router tries to create the same hash value with its key, but the key itself is not send??

so with plain text key is send and with MD5 no key is send?

thanks

florian

Florian,
You are correct. Plain text = key sent, MD5 = hash sent.

1 Like

Hi Andrew,

thanks for your reply!

Regards

Florian

HI Rene,

This seems like bad design by Cisco or ignorance on my part. Why enable authentication at the area to save work but still have to go into each interface to add the key?

I can only think they know something I don’t or they would have made it where you can do both at the global level… anyway thanks for clarifying!

Hello Brian

The reason the key must be configured on the interface is because each link between two OSPF routers can have a different key. The keys are not global but are specific to the interfaces being connected.

I hope this has been helpful!

Laz

2 Likes

There is very short theory concept about this topic, but practically very explained, you configured many few things on the router, i want to know this is completely configuration of ospf plain text authantiction in CCNP Ospf ?

please do reply , i m waiting for your valuable response.

Hello Faraz

Sorry for the late reply. Yes, this lesson covers everything that has to do with OSPF plain text authentication. There is nothing more concerning plain text authentication in the CCNP exam. The only other issues with authentication for OSPF has to do with MD5 authentication, SHA-HMAC authentication and TTL security check.

I hope this has been helpful!

Laz

1 Like

Hi Laz,

If we are configuring authentication area wise then is need to configure password if yes then where and how b/c it is not given in this post?

Hello Pradyumna

The following command will enable authentication on all interfaces participating in Area 0 of the OSPF instance:

R1(config)#router ospf 1
R1(config-router)#area 0 authentication

This command simply replaces the ip ospf authentication command on the interfaces themselves. It does not replace the ip ospf authentication-key interface command. Even when you enable authentication on the whole area, you still have to implement the password on each interface.

I hope this has been helpful!

Laz

Thanks Laz understood.

1 Like