HostedDB - Dedicated UNIX Servers
index_90
Router Security Configuration Guide UNCLASSIFIED 90 UNCLASSIFIED Version 1.0g OSPF MD5 Authentication The example below illustrates an example of using MD5 for OSPF router neighbor authentication. The example transcripts below show routers North and East receiving the key r0utes-4-all.  In practice, all the routes connected to a given network must be configured in the same way, using the same key.  Using the example network shown in Figure 4-1, router Central would also have to be configured with MD5 authentication and the same shared key shown below. North# config t Enter configuration commands, one per line.  End with CNTL/Z. North(config)# router ospf 1 North(config-router)# network 14.1.0.0 0.0.255.255 area 0 North(config-router)# area 0 authentication message-digest North(config-router)# exit North(config)# int eth0/1 North(config-if)# ip ospf message-digest-key 1 md5 r0utes-4-all North(config-if)# end North# East# config t Enter configuration commands, one per line.  End with CNTL/Z. East(config)# router ospf 1 East(config-router)# area 0 authentication message-digest East(config-router)# network 14.1.0.0 0.0.255.255 area 0 East(config-router)# network 14.2.6.0 0.0.0.255 area 0 East(config-router)# exit East(config)# int eth0 East(config-if)# ip ospf message-digest-key 1 md5 r0utes-4-all East(config-if)# end East# RIP Authentication The RIP routing protocol also supports authentication to prevent routing attacks. RIP’s method of authentication is very similar to that of OSPF. In this case, the neighboring RIP routers use shared secret keys. Each sending router uses these keys to sign each RIP update packet. The receiving router then uses the shared secret to check the signature and determine whether the message should be accepted. RIP Plaintext Authentication This method is not recommended, use the superior MD5 method, below. RIP MD5 Authentication The example below illustrates an example of using MD5 for RIP router neighbor authentication. The example transcripts below show routers from Figure 4-3, Central and South, receiving the key my-supersecret-key, contained in their respective