Configuring Ospf Authentication - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring OSPF
13-60
Configuring OSPF Authentication
If you enable authentication on your OSPF network, then routers will not
exchange their databases to achieve adjacency until they have authenti-
cated each other with a password. OSPF authentication prevents network
devices from inadvertently joining the wrong area. In addition, hackers and
malware can send pseudo-OSPF packets to establish a neighbor relation-
ship with the routers on your private network. After this relationship is
established, the hackers and the malware writers would receive LSAs and
learn valuable information about your network. OSPF authentication
ensures that routers on your private network do not accept unauthorized
packets.
The ProCurve Secure Router supports two types of OSPF authentication:
OSPF simple password authentication
authentication with MD5
With OSPF simple password authentication, routers simply add a password
to the 64-bit authentication field in the OSPF header.
With MD5 authentication, a router uses a secret key and the MD5 algorithm
to generate a message digest for a packet. Routers that receive the packet
dehash the message digest using the same key. If the dehashed message digest
matches the packet, the packet is authentic.
Authentication with MD5 is more secure than simple password authentica-
tion. Attackers can intercept a valid OSPF packet and read the simple pass-
word. However, message digests are unique to each packet and impossible to
generate without the secret key.
Simple password authentication is most useful for ensuring routers do not
send messages into networks in the wrong area. Simply configure a different
simple password for each network. MD5 authentication, on the other hand,
also protects against hackers.
You first enable authentication from the logical interface configuration mode
context:
Syntax: ip ospf authentication [message-digest | null]
If you simply enter ip ospf authentication without any keywords, you enable
simple password authentication. The message-digest option enables MD5
encrypted authentication. The default setting is null, which turns off authen-
tication.
After enabling authentication, set the interface's password or key.
Advertisement
Chapters
Table of Contents
Troubleshooting
