IP ROUTING COMMANDS

ip ospf message-digest-key

Use this command to enable message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key.

Syntax

ip ospf message-digest-key key-idmd5 key no ip ospf message-digest-key key-id

key-id- Index number of an MD5 key. (Range: 1-255)

key - Alphanumeric password used to generate a 128 bit message digest or “fingerprint.” (Range: 1-16 characters)

Command Mode

Interface Configuration (VLAN)

Default Setting

MD5 authentication is disabled.

Command Usage

Normally, only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets. Neighbor routers must use the same key identifier and key value.

When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key. Once all the neighboring routers start sending protocol messages back to this router with the new key, the router will stop using the old key. This rollover process gives the network administrator time to update all the routers on the network without affecting the network connectivity. Once all the network routers have been updated with the new key, the old key should be removed for security reasons.

Example

This example sets a message-digest key identifier and password.

Console(config)#interface vlan 1 Console(config-if)#ip ospf message-digest-key 1 md5 aiebel Console(config-if)#

4-265

Page 551
Image 551
SMC Networks SMC6724L3 manual Ip ospf message-digest-key, 265, MD5 authentication is disabled