Authentication

Network Diagnose & Troubleshoot

previous page next page

OSPFv2 Authentication:

IOS / XEPer-Area based Authentication:

R9(config)#router ospf 11
R9(config-router)#area 2 authentication message-digest   =======> For MD5 per-area authentication
R9(config-router)#area 2 authentication   ========> For Clear-text per-area authentication
R9(config-router)#a        
*Apr 11 13:56:06.703: %OSPF-4-NOVALIDKEY: No valid authentication send key is available on interface Ethernet0/2
  /// Error: indicating autentication key missing on router interface
  /// Solution:
For per-area / per-interface authentication approach we need to configure corresponding authentication key on interface.
Fixed Solution per-area:

R9(config-if)#ip ospf message-digest-key 1 md5 0 12345678910   ====> For MD5 authentication
R9(config-if)#ip ospf authentication-key 0 12345678    ======> For Clear text authentication

Per-Interface based Authentication:

For MD5 authentication:
R9(config-if)#ip ospf authentication message-digest
R9(config-if)#ip ospf message-digest-key 1 md5 0 12345678910

For Clear text authentication:
R9(config-if)#ip ospf authentication
R9(config-if)#ip ospf authentication-key 0 12345678

IOS-XR
Per-Area based Authentication:

router ospf 11
 area 2
  authentication message-digest   =======> For MD5 Authentication
  message-digest-key 1 md5 12345678910
 !
!

router ospf 11
 area 2
  authentication-key 12345678910
  authentication  ========> For Clear-text Authentication
 !
!

Per-Interface based Authentication:

router ospf 11
 area 2
  interface GigabitEthernet0/0/0/2
   authentication message-digest     =======> For MD5 Authentication
   message-digest-key 1 md5 12345678910
  !
 !
!

router ospf 11
 area 2
  interface GigabitEthernet0/0/0/2
   authentication         =======> For Clear-text Authentication
   authentication-key 12345678910
  !
 !
!

IMP NOTE: In case of MD5 authentication the key number must be different in different ospf processes, but can be remain same in different areas under same process. Also the md5 key number must match on both ends.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

OSPFv3 Authentication:

Unlike other protocols which either uses plain-text or MD5 for authentication, OSPFv3 uses IPSec for autenticating either per-interface or per-area.

Authentication on interface on one end and authentication on area other end doesn't work in conjunction. Same authentication must be configured on both ends.

Also on both ends SPI, MD5/SHA1 encryption(0/7 for pain-text/ excrypted), and Hex-String values must be same for authentication.

 

previous page start next page