Related Documentation
- M, MX, PTX, T Series
- Example: Configuring the BGP and IS-IS Routing Protocols
- M, MX, PTX, QFX, T Series
- Special Requirements for Junos OS Plain-Text Passwords
Junos OS Authentication Methods for Routing Protocols
Some interior gateway protocols (IGPs)—Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), and Routing Information Protocol (RIP)—and Resource Reservation Protocol (RSVP) allow you to configure an authentication method and password. Neighboring routers use the password to verify the authenticity of packets sent by the protocol from the router or from a router interface. The following authentication methods are supported:
- Simple authentication (IS-IS, OSPF, and RIP)—Uses a simple text password. The receiving router uses an authentication key (password) to verify the packet. Because the password is included in the transmitted packet, this method of authentication is relatively insecure. We recommend that you not use this authentication method.
- MD5 and HMAC-MD5 (IS-IS, OSPF, RIP, and RSVP)—Message Digest 5 (MD5) creates an encoded checksum that is included in the transmitted packet. HMAC-MD5, which combines HMAC authentication with MD5, adds the use of an iterated cryptographic hash function. With both types of authentication, the receiving router uses an authentication key (password) to verify the packet. HMAC-MD5 authentication is defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.
In general, authentication passwords are text strings consisting of a maximum of 16 or 255 letters and digits. Characters can include any ASCII strings. If you include spaces in a password, enclose all characters in quotation marks (“ ”).
Junos-FIPS has special password requirements. FIPS passwords must be between 10 and 20 characters in length. Passwords must use at least three of the five defined character sets (uppercase letters, lowercase letters, digits, punctuation marks, and other special characters). If Junos-FIPS is installed on the router, you cannot configure passwords unless they meet this standard.
Related Documentation
- M, MX, PTX, T Series
- Example: Configuring the BGP and IS-IS Routing Protocols
- M, MX, PTX, QFX, T Series
- Special Requirements for Junos OS Plain-Text Passwords
Published: 2013-02-22
Related Documentation
- M, MX, PTX, T Series
- Example: Configuring the BGP and IS-IS Routing Protocols
- M, MX, PTX, QFX, T Series
- Special Requirements for Junos OS Plain-Text Passwords
