Understand Open Shortest Path First (ospf) Design Guide

same area that want to participate in the routing domain has to be configured with the same key.
The drawback of this method is that it is vulnerable to passive attacks. Anybody with a link
analyzer could easily get the password off the wire.
To enable password authentication, use these commands:
ip ospf authentication-key key 
(this goes under the specific interface)
●
area area-id authentication
(this goes under 
router ospf
)
●
Here is an example:
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
ip ospf authentication-key mypassword
router ospf 10
network 10.0.0.0 0.0.255.255 area 0
area 0 authentication
Message Digest Authentication
Message Digest authentication is a cryptographic authentication. A key (password) and key-id are
configured on each router.
The router uses an algorithm based on the OSPF packet, the key, and the key-id to generate a
"message digest" that gets appended to the packet.
Unlike the simple authentication, the key is not exchanged over the wire. A non-decreasing
sequence number is also included in each OSPF packet to protect against replay attacks.
This method also allows for uninterrupted transitions between keys. This is helpful for
administrators who wish to change the OSPF password without communication disruption.
If an interface is configured with a new key, the router sends multiple copies of the same packet,
each authenticated by different keys.
The router does not send duplicate packets when it detects that all of its neighbors have adopted
the new key.
These are the commands used for message digest authentication:

Download 0,62 Mb.

Do'stlaringiz bilan baham: