Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring MD5 Authentication for OSPFv2 Exchanges

Requirements

Before you begin:

• Configure the device interfaces. See the Router Interfaces or the Junos OS Interfaces Configuration Guide for Security Devices.
• Configure the router identifiers for the devices in your OSPF network. See Example: Configuring an OSPF Router Identifier.
• Control OSPF designated router election. See Example: Controlling OSPF Designated Router Election
• Configure a single-area OSPF network. See Example: Configuring a Single-Area OSPF Network.
• Configure a multiarea OSPF network. See Example: Configuring a Multiarea OSPF Network.

Overview

MD5 authentication uses an encoded MD5 checksum that is included in the transmitted packet. The receiving routing device uses an authentication key (password) to verify the packet.

You define an MD5 key for each interface. If MD5 is enabled on an interface, that interface accepts routing updates only if MD5 authentication succeeds. Otherwise, updates are rejected. The routing device only accepts OSPFv2 packets sent using the same key identifier (ID) that is defined for that interface.

In this example, you create the backbone area (area 0.0.0.0), specify OSPFv2 interface so-0/2/0, set the authentication type to md5, and then define the authentication key ID as 5 and the password as PssWd8.

Configuration

CLI Quick Configuration

To quickly configure MD5 authentication, copy the following command and paste it into the CLI.

Step-by-Step Procedure

1. Create an OSPF area.
   [edit]user@host# edit protocols ospf area 0.0.0.0
2. Specify the interface.
   [edit protocols ospf area 0.0.0.0]user@host# edit interface so-0/2/0
3. Configure MD5 authentication and set a key ID and an authentication password.
   [edit protocols ospf area 0.0.0.0 interface s0-0/2/0.0]user@host# set authentication md5 5 key PssWd8
4. If you are done configuring the device, commit the configuration.
   [edit protocols ospf area 0.0.0.0 interface s0-0/2/0.0]user@host# commit

   Note: Repeat this entire configuration on all peer OSPFv2 routing devices.

Results

Confirm your configuration by entering the show protocols ospf command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Note: After you configure the password, you do not see the password itself. The output displays the encrypted form of the password you configured.

Verification

Confirm that the configuration is working properly.

Verifying the Configured Authentication Method

Purpose

Verify that the authentication method for sending and receiving OSPF protocol packets is configured. When configured for MD5 authentication, the Authentication Type field displays MD5, the Active key ID field displays the unique number you entered that identifies the MD5 key, and the Start time field displays the date as Start time 1970 Jan 01 00:00:00 PST. Do not be alarmed by this start time. This is the default start time that the routing device displays if the MD5 key is effective immediately.

Action

From operational mode, enter the show ospf interface and the show ospf overview commands.