| |
|
|
ip ospf message-digest-key md5
Enables MD5 authentication and configures the key ID and password combination for an interface.
Syntax: ip ospf message-digest-key keyID md5 password
no ip ospf message-digest-key keyID
keyID
Specified by an integer between 1 - 255.
md5 password
Specified by up to 16 alphanumeric characters.
Description: MD5 authentication uses the password to generate a message-digest, which is a 128-bit checksum of the packet and password. The message-digest is sent with the packet along with a key ID associated with the password. The receiving router initially accepts a packet that contains a keyID that corresponds to one of its own keyIDs. The receiving router password associated with the key ID replaces the message-digest in the packet and a new message-digest is generated. If the generated message-digest is identical to the message-digest that came with the packet, the packet is accepted; it is otherwise rejected.
Because the message-digest is a checksum of both the message contents and the password, any change to the message that did not include a regenerated message-digest is rejected by the receiving router. The security of MD5 authentication relies on the inability of a third party to compute the message-digest without access to the password that generated it.
Up to 255 passwords can be defined for each interface. These passwords are associated with a message-digest-key that has a value between 1 - 255. Receiving interfaces will accept any packet that has a keyID and password match between the packet and the interface. The sending interface always uses the latest defined keyID and password combination for the sent packet.
Use the ip ospf message-digest-key keyID md5 password command configure an interface password and key ID for MD5 authentication.
Use the no ip ospf message-digest-key keyID command to delete a key ID and its associated password for this interface.
Factory Default: No authentication key.
Command Mode: Interface configuration.
Example 1: In the following example:
- The network area command enables OSPF on the specified network and assigns the network an OSPF area ID of 1
- The area authentication message-digest command enables MD5 authentication for area 1
- The interface pos command specifies an interface and changes the command mode to Interface configuration
- The ip ospf message-digest key keyID md5 password command enables MD5 authentication and sets the password for the specified interface:
router(config)#router ospf 13
router(config-router)#network 10.1.1.0 0.0.0.255 area 1
router(config-router)#area 1 authentication message-digest
router(config-router)#interface pos 1/1/1
router(config-if)#ip ospf message-digest-key 1 md5 newpassword
Example 2: In the following example, the no ip ospf message-digest key keyID command deletes the MD5 authentication key ID 1 and its associated password from the specified interface:
router(config)#router ospf 13
router(config-router)#network 10.1.1.0 0.0.0.255 area 1
router(config-router)#interface pos 1/1/1
router(config-if)#no ip ospf message-digest-key 1
Related Commands: area authentication message-digest
network area
router ospf
interface
| |
|
|
Copyright © 2004
Avici Systems Inc.
Avici® and TSR®
is a registered trademark of Avici Systems Inc.
IPriori™, Composite Links™, SSR™, QSR, and NSR® are
trademarks of Avici Systems Inc.
Source
File Name: ospf.fm
HTML File Name: ospf11.html
Last Updated: 05/10/04 at 16:34:58