Alcatel Carrier Internetworking Solutions 060187-10 REV D manual Interface Authentication

Page 33

Configuring OSPF	Configuring OSPF

Interface Authentication

OSPF allows for the use of authentication on configured interfaces. When authentication is enabled, only neighbors using the same type of authentication and the matching passwords or keys can communicate.

There are two types of authentication: simple and MD5. Simple authentication requires only a text string as a password, while MD5 is a form of encrypted authentication that requires a key and a password. Both types of authentication require the use of more than one command.

Simple Authentication

To enable simple authentication on an interface, enter the ip ospf interface auth-typecommand with the interface IP address or interface name, as shown:

-> ip ospf interface 120.5.80.1 auth-type simple

Once simple authentication is enabled, the password must be set with the ip ospf interface auth-keycommand, as shown:

-> ip ospf interface 120.5.80.1 auth-key test

In the above instance, only other interfaces with simple authentication and a password of “test” will be able to use the configured interface.

MD5 Encryption

To configure the same interface for MD5 encryption, enter the ip ospf interface auth-typeas shown:

-> ip ospf interface 120.5.80.1 auth-type md5

Once MD5 authentication is set, a key identification and key string must be set with the ip ospf interface md5 key command. For example to set interface 120.5.80.1 to use MD5 authentication with a key identifi- cation of 7 and key string of “test”, enter:

-> ip ospf interface 120.5.80.1 md5 7

and

-> ip ospf interface 120.5.80.1 md5 7 key "test"

Note that setting the key ID and key string must be done in two separate commands. Once the key ID and key string have been set, MD5 authentication is enabled. To disable it, use the ip ospf interface md5 command, as shown:

-> ip ospf interface 120.5.80.1 md5 7 disable

To remove all authentication, enter the ip ospf interface auth-typeas follows:

-> ip ospf interface 120.5.80.1 auth-type none

OmniSwitch 6600 Family Advanced Routing Configuration Guide March 2005

page 1-23

Image 33

Contents OmniSwitch 6600 Family Advanced Routing Configuration Guide Page Contents Alcatel INTERNETWORKING, INC. AII Unsupported Platforms Supported PlatformsWhat is in this Manual? When Should I Read this Manual?What is Not in this Manual? Who Should Read this Manual?Stage 1 Using the Switch for the First Time How is the Information Organized?Documentation Roadmap Stage 2 Gaining Familiarity with Basic Switch Functions Stage 3 Integrating the Switch Into a NetworkAnytime Related Documentation OmniSwitch 6600 Family Getting Started GuideTechnical Support This Chapter Configuring OspfOspf Specifications Parameter Description Command Default Value/Comments Ospf Defaults TableOspf Quick Steps Router ID Admin Status = Enabled Admin Status = Enabled Operational Status = UpShow ip ospf area Area Identifier Area Type = normalOspf Hello Protocol Ospf OverviewOspf Intra-Area and Inter-Area Routing Ospf AreasClassification of Routers Ospf Routers Connected with a Virtual Link Virtual LinksOspf Stub Area Stub AreasTotally Stubby Area Example Not-So-Stubby-AreasEqual Cost Multi-Path Ecmp Routing Graceful Restart on Stacks with Redundant SwitchesNon Broadcast Ospf Routing Multiple Equal Cost PathsOspf Graceful Restart Helping and Restarting Router Example Configuring Ospf Preparing the Network for Ospf Loading the Software Activating OspfEnabling Ospf Removing Ospf from MemoryCreating an Area Creating an Ospf AreaEnabling an Area Specifying an Area TypeEnabling and Disabling Summarization Displaying Area StatusDeleting an Area Setting Area Ranges Configuring Stub Area Default MetricsConfiguring a Totally Stubby Area No ip ospf area 1.1.1.1 default-metricEnter the following commands on Router B Creating an Interface Creating Ospf InterfacesAssigning an Interface to an Area Activating an InterfaceInterface Authentication Simple AuthenticationMD5 Encryption Ip ospf interface 120.5.80.1 dead-interval 50 cost Modifying Interface ParametersIp ospf interface 120.5.80.1 hello-interval Ip ospf interface 120.5.80.1 dead-intervalCreating Virtual Links Creating a Virtual LinkModifying Virtual Link Parameters Creating Redistribution Policies and Filters Specifying an Autonomous System Boundary RouterEnabling Redistribution Creating a Redistribution Filter Creating a Redistribution PolicyShow ip ospf redist-filter rip Show ip ospf redist-filterShow ip ospf redist-filter rip 1.1.0.0 No ip ospf redist-filter rip 1.1.0.0Configuring Router Capabilities Configuring Static Neighbors Ip ospf interface 1.1.1.1 type non-broadcastIp ospf neighbor 1.1.1.8 eligible No ip ospf restart-support Ip ospf restart-support planned-onlyThree Area Ospf Network Ospf Application ExamplePrepare the Routers Ospf Application ExampleConfiguring Ospf Router Enable OspfOspf Application Example Examine the Network Verifying Ospf Configuration Alcatel License Agreement Software License and Copyright StatementsAlcatel License Agreement Software License and Copyright Statements Booting and Debugging Non-Proprietary Software Third Party Licenses and NoticesOpenLDAP Public License Version 2.4, 8 December Linux GNU General Public License Version 2, JunePreamble Third Party Licenses and Notices Software License and Copyright Statements Third Party Licenses and Notices Appendix How to Apply These Terms to Your New Programs University of California Carnegie-Mellon UniversityRandom.c Agranat Apptitude, IncRSA Security Inc Sun Microsystems, IncNetwork Time Protocol Version Wind River Systems, IncIndex Index