4.3.2 Packet Tracer – Configuring OSPF Authentication Answers

4.3.2 Packet Tracer – Configuring OSPF Authentication Answers

Topology

Addressing Table

Device Interface IP Address Subnet Mask
R1 Fa0/1 192.168.10.1 255.255.255.0
S0/0/0 10.1.1.1 255.255.255.252
R2 S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 10.2.2.1 255.255.255.252
R3 Fa0/1 192.168.30.1 255.255.255.0
S0/0/1 10.2.2.2 255.255.255.252
PC1 NIC 192.168.10.10 255.255.255.0
PC3 NIC 192.168.30.10 255.255.255.0

Learning Objectives

  • Configure OSPF simple authentication.
  • Configure OSPF MD5 authentication.
  • Test connectivity.

Introduction

This activity covers both OSPF simple authentication and OSPF MD5 (message digest 5) authentication. You can enable authentication in OSPF to exchange routing update information in a secure manner. With simple authentication, the password is sent in clear-text over the network. Simple authentication is used when devices within an area cannot support the more secure MD5 authentication. With MD5 authentication, the password is not sent over the network. MD5 is considered the most secure OSPF authentication mode. When you configure authentication, you must configure an entire area with the same type of authentication. In this activity, you will configure simple authentication between R1 and R2, and MD5 authentication between R2 and R3. Use the passwords cisco and class to access EXEC modes of the CLI for routers.

Task 1: Configure OSPF Simple Authentication

Step 1. Configure R1 with OSPF simple authentication.

To enable simple authentication on R1, enter router configuration mode using the router ospf 1 command at the global configuration prompt. Then issue the area 0 authentication command to enable authentication.

R1(config)# router ospf 1
R1(config-router)# area 0 authentication
00:02:30: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.1 on Serial0/0/0 from FULL to 
DOWN, Neighbor Down: Dead timer expired
00:02:30: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.1 on Serial0/0/0 from FULL to 
Down: Interface down or detached

The area 0 authentication command enables authentication for all the interfaces in area 0. Using only this command works for R1, because it does not have to support any other types of authentication.

Eventually, you will see a console message that adjacency with R2 is down. R1 loses all OSPF routes from its routing table until it is able to authenticate routes with R2. Even though you have not yet configured a password, R1 is requiring any neighbors to use authentication in OSPF routing messages and updates.

To configure R1 with a simple authentication password, enter interface configuration mode for the link that connects to R2. Then issue the ip ospf authentication-key cisco123 command. This command sets the authentication password to cisco123.

R1(config-router)# interface S0/0/0
R1(config-if)# ip ospf authentication-key cisco123

Step 2. Configure R2 with OSPF simple authentication.

You configured authentication on R1 for the entire area. Because R2 will support both simple and MD5 authentication, the commands are entered at the interface level.

Enter the interface configuration mode for S0/0/0. Specify that you are using simple authentication with the ip ospf authentication command. Then issue the ip ospf authentication-key cisco123 command to set the authentication password to cisco123.

R2(config)# interface S0/0/0
R2(config-if)# ip ospf authentication
R2(config-if)# ip ospf authentication-key cisco123

When you have completed these configuration tasks, you should eventually see a console message indicating that adjacency is reestablished between R1 and R2. The OSPF routes are reinstalled into the routing table.

Step 3. Check results.

Your completion percentage should be 50%. If not, click Check Results to see which required components are not yet completed.

Task 2: Configure OSPF MD5 Authentication

Step 1. Configure R3 with OSPF MD5 authentication.

To enable MD5 authentication on R3, enter router configuration mode using the router ospf 1 command at the global configuration prompt. Then issue the area 0 authentication message-digest command to enable authentication.

R3(config)# router ospf 1
R3(config-router)# area 0 authentication message-digest
00:10:00: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.1 on Serial0/0/1 from FULL to 
DOWN, Neighbor Down: Dead timer expired
00:10:00: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.1 on Serial0/0/1 from FULL to 
Down: Interface down or detached

Eventually, you will see a console message that adjacency with R2 is down. R3 loses all OSPF routes from its routing table until it is able to authenticate routes with R2.

To configure R3 will the MD5 authentication password, enter interface configuration mode for the link that connects to R2. Then issue the ip ospf message-digest-key 1 md5 cisco123 command. This command sets the OSPF authentication password to cisco123, protected with the MD5 algorithm.

R3(config-router)# interface S0/0/1
R3(config-if)# ip ospf message-digest-key 1 md5 cisco123

Step 2. Configure R2 with OSPF MD5 authentication.

Enter the serial 0/0/1 interface and issue the ip ospf authentication message-digest command to enable MD5 authentication.

Issue the ip ospf message-digest-key 1 md5 cisco123 command to set up the authentication password.

R2(config)# interface S0/0/1
R2(config-if)# ip ospf authentication message-digest
R2(config-if)# ip ospf message-digest-key 1 md5 cisco123
00:13:51: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.30.1 on Serial0/0/1 from 
EXCHANGE to FULL, Exchange Done

After entering this command, give the routers a moment to converge. You should see a console message on both R2 and R3 indicating that neighbor adjacency is reestablished. You can confirm that R2 has reinstalled the OSPF routes and that R2 has R3 as an OSPF neighbor.

R2# show ip route
<output omitted>
Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 2 subnets
C       10.1.1.0 is directly connected, Serial0/0/0
C       10.2.2.0 is directly connected, Serial0/0/1
O    192.168.10.0/24 [110/65] via 10.1.1.1, 00:06:13, Serial0/0/0
O    192.168.30.0/24 [110/65] via 10.2.2.2, 00:00:07, Serial0/0/1

R2# show ip ospf neighbor
Neighbor ID      Pri   State          Dead Time    Address      Interface
192.168.10.1       1   FULL/-         00:00:32     10.1.1.1     Serial0/0/0
192.168.30.1       1   FULL/-         00:00:37     10.2.2.2     Serial0/0/1

Step 3. Check results.

Your completion percentage should be 100%. If not, click Check Results to see which required components are not yet completed.

Task 3: Test Connectivity

Authentication should now be configured correctly on all three routers, so PC1 should have no trouble pinging PC3. Click Check Results, and then Connectivity Tests to see if it is successful.

Download Packet Tracer (.pka) file:

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments