Cisco CCNP BSCI 642-901 Tutorial: Clear Text OSPF Neighbor Authentication
An OSPF adjacency can be authenticated with MD5 (Message Digest 5) or with a clear-text password. Im not much on clear-text passwords, and hopefully you arent either! Whether youre working in the real world or the certification exam room, though, its always a good idea to know more than one way to do things. Lets take a look at how to configure clear-text authentication of an OSPF neighbor relationship.
The commands well use are ip ospf authentication-key and ip ospf authentication. In this example, we have preexisting adjacencies between three routers in an OSPF NBMA network. The hub router (R1) has an adjacency with two spoke routers, R2 and R3.
The password is set by the interface-level command ip ospf authentication-key. While Cisco routers will usually tell you when youre about to try to do something that you cant do, this password is a rare exception to the rule. Lets set a password of passbscitest and then check the router config.
R1(config-if)#ip ospf authentication-key ?
Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE The OSPF password (key)
R1(config-if)#ip ospf authentication-key passbscitest
R1#show config
interface Serial0
ip address 172.12.123.1 255.255.255.0
encapsulation frame-relay
ip ospf authentication-key passbsci
I entered a 12-character password, but only the first eight are showing in the router configuration. The router failed to warn us that this particular password has a limit of eight characters. As of IOS 12.4, the router now warns the admin about this, but there are plenty of routers out there that arent running that recent a release!
Clear-text authentication is enabled with the ip ospf authentication command. IOS Help shows there is no specific command for clear-text authentication. (Null and clear-text authentication are not the same thing.)
R1(config)#int serial0
R1(config-if)#ip ospf authentication ?
message-digest Use message-digest authentication
null Use no authentication
To set clear-text authentication, just use the basic command with no options.
R1(config-if)#ip ospf authentication
About two minutes after entering that configuration, the preexisting adjacencies go down:
R1#
00:25:38: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.2 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1#
00:25:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.3 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1#
Until we configure the spoke routers with the same config, the adjacencies will stay down so lets get those spokes configured!
R2(config)#interface serial0
R2(config-if)#ip ospf authentication-key passbsci
R2(config-if)#ip ospf authentication
R3(config)#interface serial0
R3(config-if)#ip ospf authentication-key passbsci
R3(config-if)#ip ospf authentication
On R1, show ip ospf neighbor verifies that the adjacencies are back up.
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.12.123.3 0 FULL/DROTHER 00:01:58 172.12.123.3 Serial0
172.12.123.2 0 FULL/DROTHER 00:01:37 172.12.123.2 Serial0
Now that you know how to configure OSPF neighbor authentication in clear text, you need to learn how to use MD5 authentication, and that just happens to be the subject of my next CCNP BSCI 642-901 exam tutorial! See you then!
The commands well use are ip ospf authentication-key and ip ospf authentication. In this example, we have preexisting adjacencies between three routers in an OSPF NBMA network. The hub router (R1) has an adjacency with two spoke routers, R2 and R3.
The password is set by the interface-level command ip ospf authentication-key. While Cisco routers will usually tell you when youre about to try to do something that you cant do, this password is a rare exception to the rule. Lets set a password of passbscitest and then check the router config.
R1(config-if)#ip ospf authentication-key ?
Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE The OSPF password (key)
R1(config-if)#ip ospf authentication-key passbscitest
R1#show config
interface Serial0
ip address 172.12.123.1 255.255.255.0
encapsulation frame-relay
ip ospf authentication-key passbsci
I entered a 12-character password, but only the first eight are showing in the router configuration. The router failed to warn us that this particular password has a limit of eight characters. As of IOS 12.4, the router now warns the admin about this, but there are plenty of routers out there that arent running that recent a release!
Clear-text authentication is enabled with the ip ospf authentication command. IOS Help shows there is no specific command for clear-text authentication. (Null and clear-text authentication are not the same thing.)
R1(config)#int serial0
R1(config-if)#ip ospf authentication ?
message-digest Use message-digest authentication
null Use no authentication
To set clear-text authentication, just use the basic command with no options.
R1(config-if)#ip ospf authentication
About two minutes after entering that configuration, the preexisting adjacencies go down:
R1#
00:25:38: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.2 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1#
00:25:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.12.123.3 on Serial0 from FULL to DOWN, Neighbor Down: Dead timer expired
R1#
Until we configure the spoke routers with the same config, the adjacencies will stay down so lets get those spokes configured!
R2(config)#interface serial0
R2(config-if)#ip ospf authentication-key passbsci
R2(config-if)#ip ospf authentication
R3(config)#interface serial0
R3(config-if)#ip ospf authentication-key passbsci
R3(config-if)#ip ospf authentication
On R1, show ip ospf neighbor verifies that the adjacencies are back up.
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.12.123.3 0 FULL/DROTHER 00:01:58 172.12.123.3 Serial0
172.12.123.2 0 FULL/DROTHER 00:01:37 172.12.123.2 Serial0
Now that you know how to configure OSPF neighbor authentication in clear text, you need to learn how to use MD5 authentication, and that just happens to be the subject of my next CCNP BSCI 642-901 exam tutorial! See you then!
Featured Resource Centers
NTP Server Systems The Network Time Protocol
Lan: Local Area Network
Install Heat Sink and Fan ... Step 6 of 21 in Building Your Own Computer.
Install the CPU
Develop your Intranet with SharePoint
Lan: Local Area Network
Install Heat Sink and Fan ... Step 6 of 21 in Building Your Own Computer.
Install the CPU
Develop your Intranet with SharePoint
How To Tap Into Massive Sources of Traffic With Virtually No Competition!
There Is Such A Thing As Perfect Prints
4 Steps To Prepare For Web Traffic
How to Beat Pop-Ups: Gain Back the Home Court Advantage
Using Google Adwords to Sell Products
There Is Such A Thing As Perfect Prints
4 Steps To Prepare For Web Traffic
How to Beat Pop-Ups: Gain Back the Home Court Advantage
Using Google Adwords to Sell Products
Site Security
Google: Web sites slow to fix serious Flash flaws
What Everybody Should Know... About How To Remove The Virus
What are SSL Certificates?
Clean up sensitive information in a secure way!
Computer and Internet Security
What Everybody Should Know... About How To Remove The Virus
What are SSL Certificates?
Clean up sensitive information in a secure way!
Computer and Internet Security
Web Hosting
Microsoft SharePoint taking business by storm
Microsoft's SharePoint Server is on a billion-dollar quest to potentially become the next must-have technology, offering companies tools for building everything
Researcher: Apple to weather recession better than rivals
Even though economic uncertainty is pulling U.S. computer buying plans into a nose dive, Apple's prospects remain brighter than some of its PC rivals, a researc
The company's triple-core Phenom X3 8000 series processors provide an option to
The past few years have seen some major changes in Sun hardware. The return of Andy Bechtolsheim has brought forth an impressive array of new server hardware, a
AMD introduces new Phenom chips
Advanced Micro Devices on Thursday announced new Phenom chips, including quad-core chips and its first triple-core processors for desktop PCs. The company's tri
Sun ships servers open to attack
Sunconfirmed that it has shipped some servers in its SPARC Enterprise T5120 and T5220 lines with disk images that contain unsafe configurations that could allow
Microsoft's SharePoint Server is on a billion-dollar quest to potentially become the next must-have technology, offering companies tools for building everything
Researcher: Apple to weather recession better than rivals
Even though economic uncertainty is pulling U.S. computer buying plans into a nose dive, Apple's prospects remain brighter than some of its PC rivals, a researc
The company's triple-core Phenom X3 8000 series processors provide an option to
The past few years have seen some major changes in Sun hardware. The return of Andy Bechtolsheim has brought forth an impressive array of new server hardware, a
AMD introduces new Phenom chips
Advanced Micro Devices on Thursday announced new Phenom chips, including quad-core chips and its first triple-core processors for desktop PCs. The company's tri
Sun ships servers open to attack
Sunconfirmed that it has shipped some servers in its SPARC Enterprise T5120 and T5220 lines with disk images that contain unsafe configurations that could allow
Microsoft Eyes Development for Apple's iPhone
Microsoft is among the developers interested in Apple's software development kit (SDK) for the iPhone . The software giant has told news media that it is consid
Software turns smart phone into hotspot
NEW YORK - Here's a cool use for a phone that has both cellular broadband and Wi-Fi: Turn it into a mobile Wi-Fi hotspot so your friends can surf the Internet o
Who Patches Bugs Faster, Apple or Microsoft?
Apple 's teasing commercials that imply its software is safer than Microsoft 's may not quite match the facts, according to new research revealed at the Black H
Palm Adds Voice Commands For Smartphone Messaging, Browsing
Palm is adding new hands-free capabilities to its smartphones as a result of an agreement with Nuance Communications . Palm will use VSuite applications from Nu
Waste Management sues SAP over software failure
BOSTON/NEW YORK (Reuters) - Waste Management Inc (WMI.N) said it spent more than $100 million on a computer system that was supposed to help it save money, but
Microsoft is among the developers interested in Apple's software development kit (SDK) for the iPhone . The software giant has told news media that it is consid
Software turns smart phone into hotspot
NEW YORK - Here's a cool use for a phone that has both cellular broadband and Wi-Fi: Turn it into a mobile Wi-Fi hotspot so your friends can surf the Internet o
Who Patches Bugs Faster, Apple or Microsoft?
Apple 's teasing commercials that imply its software is safer than Microsoft 's may not quite match the facts, according to new research revealed at the Black H
Palm Adds Voice Commands For Smartphone Messaging, Browsing
Palm is adding new hands-free capabilities to its smartphones as a result of an agreement with Nuance Communications . Palm will use VSuite applications from Nu
Waste Management sues SAP over software failure
BOSTON/NEW YORK (Reuters) - Waste Management Inc (WMI.N) said it spent more than $100 million on a computer system that was supposed to help it save money, but
