Di Posting Oleh : Simple Learning
Kategori : HCv1.0 Intermediate OSPF
Pic. 1 - Topology Diagram.
Task 1
Reconfigure OSPF authentication between R1 and R2. Use the password 'G33K' and the most secure option to accomplish this. Do not change Simple Password authentication configured on the remaining routers (configured in the previous lab).
Questions
Questions
- When MD5 authentication is enabled, what should match between routers in order to establish FULL adjacency?
- What is the order of operations if OSPF authentication method is configured in the routing context and on an interface?
Lab Solution
Solution configuration below:
Task 1
Reconfigure OSPF authentication between R1 and R2. Use the password 'G33K' and the most secure option to accomplish this. Do not change Simple Password authentication configured on the remaining routers (configured in the previous lab).
R1 Config:
!
interface FastEthernet0/0
no ip ospf authentication-key
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 G33K
ip ospf message-digest-key 1 md5 G33K
!
R2 Config:
!
interface FastEthernet0/0
no ip ospf authentication
no ip ospf authentication-key
no ip ospf authentication-key
ip ospf message-digest-key 1 md
ip ospf message-digest-key 1 md5 G33K
ip ospf message-digest-key 1 md5 G33K
!
What You Should See
Pic. 2.
Notice, that R1 shows as FULL state OSPF neighbor and R2's routing table has been populated again. Also, take a look at pic. 3. The last two line show that key 1 and MD5 method has been used.
Pic. 3.
In OSPF MD5 authentication method, you can change passwords by adding an extra key with the new password. If you do so, there is no interruption in the service (you will see it in the next lab).
While using OSPF MD5 authentication, both 'key number' and the 'password' between routers must be identical in order to establish FULL state between neighbors.
Experiment by changing the 'key number' on R2 (and leaving key=1 on R1). Use 'debug ip ospf adj' to see the result of that change. Then, configure the key=1 on R2 back again, but change the password instead. Observe the output of the debug. Find the differences between the two dubug output.
� Jarek Rek 2013
0 Response to "OSPF MD5 Authentication"
Post a Comment