Foundry Networks Switch and Router Installation And Configuration Manual page 599

The MD5 method of authentication encrypts the authentication key you define. The authentication is included in
each OSPF packet transmitted.
MD5 Authentication Key: When simple authentication is enabled, the key is an alphanumeric password of up to
eight characters. When MD5 is enabled, the key is an alphanumeric password of up to 16 characters that is later
encrypted and included in each OSPF packet transmitted. You must enter a password in this field when the
system is configured to operate with either simple or MD5 authentication.
MD5 Authentication Key ID: The Key ID is a number from 1 – 255 and identifies the MD5 key that is being used.
This parameter is required to differentiate among multiple keys defined on a router.
MD5 Authentication Wait Time: This parameter determines when a newly configured MD5 authentication key is
valid. This parameter provides a graceful transition from one MD5 key to another without disturbing the network.
All new packets transmitted after the key activation wait time interval use the newly configured MD5 Key. OSPF
packets that contain the old MD5 key are accepted for up to five minutes after the new MD5 key is in operation.
The range for the key activation wait time is from 0 – 14400 seconds. The default value is 300 seconds.
Hello Interval: The length of time between the transmission of hello packets. The range is 1 – 65535 seconds.
The default is 10 seconds.
Retransmit Interval: The interval between the re-transmission of link state advertisements to router adjacencies
for this interface. The range is 0 – 3600 seconds. The default is 5 seconds.
Transmit Delay: The period of time it takes to transmit Link State Update packets on the interface. The range is
0 – 3600 seconds. The default is 1 second.
Dead Interval: The number of seconds that a neighbor router waits for a hello packet from the current router
before declaring the router down. The range is 1 – 65535 seconds. The default is 40 seconds.
Encrypted Display of the Authentication String or MD5 Authentication Key
The optional 0 | 1 parameter with the authentication-key and md5-authentication key-id parameters affects
encryption.
For added security, software release 07.1.10 and later encrypts display of the password or authentication string.
Encryption is enabled by default. The software also provides an optional parameter to disable encryption of a
password or authentication string, on an individual OSPF area or OSPF interface basis.
When encryption of the passwords or authentication strings is enabled, they are encrypted in the CLI regardless of
the access level you are using. In the Web management interface, the passwords or authentication strings are
encrypted at the read-only access level but are visible at the read-write access level.
The encryption option can be omitted (the default) or can be one of the following.
• 0 – Disables encryption for the password or authentication string you specify with the command. The
password or string is shown as clear text in the running-config and the startup-config file. Use this option of
you do not want display of the password or string to be encrypted.
• 1 – Assumes that the password or authentication string you enter is the encrypted form, and decrypts the
value before using it.
NOTE: If you want the software to assume that the value you enter is the clear-text form, and to encrypt display
of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software to use the default
behavior.
If you specify encryption option 1, the software assumes that you are entering the encrypted form of the password
or authentication string. In this case, the software decrypts the password or string you enter before using the
value for authentication. If you accidentally enter option 1 followed by the clear-text version of the password or
string, authentication will fail because the value used by the software will not match the value you intended to use.
December 2000
Configuring OSPF
17 - 25