Free Cisco GNS3 Lab OSPF MD5 Authentication

Posted by: admin  :  Category: CCIE, CCNA, CCNP, EIGRP, GNS3 Dynamips, OSPF



In This Free Cisco Lab we will configure Open Shortest Path First (OSPF) authentication using MD5 authentication to allow the authenticate OSPF neighbors. You can enable authentication in OSPF in order to exchange routing update information in a secure manner. OSPF authentication can be implemented in one of three methods. The following are the three different types of authentication supported by OSPF:

  • Null Authentication: This is also called Type 0 and it means no authentication information is included in the packet header. It is the default.
  • Plain Text Authentication: This is also called Type 1 and it uses simple clear−text passwords.
  • MD5 Authentication: This is also called Type 2 and it uses MD5 cryptographic passwords.

Authentication does not need to be set. However, if it is set, all peer routers on the same segment must have the same password and authentication method.

When you configure authentication, you must configure an entire area with the same type of authentication.

Plain Text Authentication:

Plain text authentication is used when devices within an area cannot support the more secure MD5 authentication. Plain text authentication leaves the internetwork vulnerable to a “sniffer attack,” in which packets are captured by a protocol analyzer and the passwords can be read. However, it is useful when you perform OSPF reconfiguration, rather than for security. For example, separate passwords can be used on older and newer OSPF routers that share a common broadcast network to prevent them from talking to each other. Plain text authentication passwords do not have to be the same throughout an area, but they must be the same between neighbors.

MD5 Authentication:

MD5 authentication provides higher security than plain text authentication. This method uses the MD5 algorithm to compute a hash value from the contents of the OSPF packet and a password (or key). This hash value is transmitted in the packet, along with a key ID and a non−decreasing sequence number. The receiver, which knows the same password, calculates its own hash value. If nothing in the message changes, the hash value of the receiver should match the hash value of the sender which is transmitted with the message.

The key ID allows the routers to reference multiple passwords. This makes password migration easier and more secure. For example, to migrate from one password to another, configure a password under a different key ID and remove the first key. The sequence number prevents replay attacks, in which OSPF packets are captured, modified, and retransmitted to a router. As with plain text authentication, MD5 authentication passwords do not have to be the same throughout an area. However, they do need to be the same between neighbors.

Note: Cisco recommends that you configure the service password−encryption command on all of the routers. This causes the router to encrypt the passwords in any display of the configuration file and guards against the password being learned by observing the text copy of the configuration of the router.

Search for Additional Labs: [adsense_id=”6″]

  OSPF-MD5-Authentication (3,931 hits)

  Packet Tracer 5-3-3 by Cisco (48.3 MiB, 3,580 hits)
You do not have permission to download this file.

Also check out these other assume training resources:

One Response to “Free Cisco GNS3 Lab OSPF MD5 Authentication”

  1. mohamedmanseri Says:

    ccielab i like it

Leave a Reply

What is 13 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

* Site Meter