Manuals / Nortel Networks / Computer Equipment / Switch

Nortel Networks NN47200-503 manual IP Routing Configuration and Management

Models: NN47200-503

1 318
Download 318 pages 644 b
Page 136
Image 136

136IP Routing Configuration and Management

Simple password mechanism The simple password security mechanism transmits a text password in the OSPF headers. Only routers that contain the same authentication ID in their OSPF headers can communicate with each other.

Note: Nortel recommends not using this security mechanism because the password is stored in plain text and can be read from the configuration file or from the OSPF packet.

To configure this authentication type on an OSPF interface of VLAN 2 using the password test1234, use the following commands:

5530-24TFD(config)# interface vlan 2

5530-24TFD(config-if)# ip ospf authentication-type simple 5530-24TFD(config-if)# ip ospf authentication-key test1234

Message Digest 5 The Message Digest 5 (MD5) mechanism provides 128-bit encrypted authentication based on the RFC 1321 standard. MD5 authentication for OSPF security, makes it very hard for a malicious user to compute or extrapolate the decrypting codes from the OSPF packets.

Basically, each OSPF packet has a message digest appended to it, which needs to be matched between sending and receiving routers. The message digest is calculated on either side, based on the MD5 Key and any padding, then compared for a match. If the message digest does not meet the match criteria, the packet is rejected.

Each OSPF interface supports up to 2 keys, identifiable by key ID, to facilitate a smooth key transition during the rollover process. Only the selected primary key is used to encrypt the OSPF transmit packets.

The process of key change is as follows:

Note: Assume that all routers already use the same key for authentication and a new key is required.

1.Add the second key to all routers. The routers will continue to send OSPF packets encrypted with the old key.

2.Activate the second key on all routers by setting it as the primary key. Routers will send OSPF packets encrypted with the new key while still accepting packets using the old key. This is necessary as some routers will not have activated the new key.

3.Remove the old key when all routers activate the new key.

MD5 configuration example In the configuration example illustrated below, MD5 is configured between router R1 and R2.

Nortel Ethernet Routing Switch 5500 Series

Configuration-IP Routing Protocols

NN47200-503 03.01 Standard

5.127 August 2007

Copyright © 2005-2007, Nortel Networks

Page 135 Page 137
Page 136
Image 136
Nortel Networks NN47200-503 manual IP Routing Configuration and Management
Page 135 Page 137