This tutorial explains how to configure OSPF Routing protocol step by step with practical example in packet tracer. For demonstration we will use packet tracer network simulator software. You can use real Cisco devices or any other network simulator software for following this guide. You can read other parts of this article here. This tutorial is the first part of this article. This tutorial is the second part of this article.
|Published (Last):||15 September 2006|
|PDF File Size:||3.97 Mb|
|ePub File Size:||1.17 Mb|
|Price:||Free* [*Free Regsitration Required]|
You can enable authentication in OSPF in order to exchange routing update information in a secure manner. The authentication method "none" means that no authentication is used for OSPF and it is the default method. With simple authentication, the password goes in clear-text over the network. With MD5 authentication, the password does not pass over the network.
MD5 is a message-digest algorithm specified in RFC When you configure authentication, you must configure an entire area with the same type of authentication. Readers of this document should be familiar with basic concepts of OSPF routing protocol.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared default configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions. Null Authentication —This is also called Type 0 and it means no authentication information is included in the packet header. It is the default. Plain Text Authentication —This is also called Type 1 and it uses simple clear-text passwords.
Authentication does not need to be set. However, if it is set, all peer routers on the same segment must have the same password and authentication method. The examples in this document demonstrate configurations for both plain text and MD5 authentication. This section presents you with the information to configure the features this document describes. Plain text authentication is used when devices within an area cannot support the more secure MD5 authentication.
Plain text authentication leaves the internetwork vulnerable to a "sniffer attack," in which packets are captured by a protocol analyzer and the passwords can be read. However, it is useful when you perform OSPF reconfiguration, rather than for security. For example, separate passwords can be used on older and newer OSPF routers that share a common broadcast network to prevent them from talking to each other.
Plain text authentication passwords do not have to be the same throughout an area, but they must be the same between neighbors. You can also use the ip ospf authentication command under the interface to configure plain text authentication for the interface. This command can be used if a different authentication method or no authentication method is configured under the area to which the interface belongs. It overrides the authentication method configured for the area. This is useful if different interfaces that belong to the same area need to use different authentication methods.
MD5 authentication provides higher security than plain text authentication. This method uses the MD5 algorithm to compute a hash value from the contents of the OSPF packet and a password or key.
This hash value is transmitted in the packet, along with a key ID and a non-decreasing sequence number. The receiver, which knows the same password, calculates its own hash value. If nothing in the message changes, the hash value of the receiver should match the hash value of the sender which is transmitted with the message.
The key ID allows the routers to reference multiple passwords. This makes password migration easier and more secure. For example, to migrate from one password to another, configure a password under a different key ID and remove the first key. The sequence number prevents replay attacks, in which OSPF packets are captured, modified, and retransmitted to a router. As with plain text authentication, MD5 authentication passwords do not have to be the same throughout an area. However, they do need to be the same between neighbors.
This causes the router to encrypt the passwords in any display of the configuration file and guards against the password being learned by observing the text copy of the configuration of the router. You can also use the ip ospf authentication message-digest command under the interface to configure MD5 authentication for the specific interface.
Certain show commands are supported by the Output Interpreter Tool registered customers only , which allows you to view an analysis of show command output. Use the show ip ospf interface command to view the authentication type configured for an interface, as this output shows. Here, the Serial 0 interface is configured for Plain text authentication. The show ip ospf neighbor command displays the neighbor table that consists of the neighbor details, as this output shows.
The show ip route command displays the routing table, as this output shows. These sections provide information you can use to troubleshoot your configurations.
Issue the debug ip ospf adj command in order to capture the authentication process. This debug command should be issued before the neighbor relationship is established. The deb ip ospf adj output for R shows when plain text authentication is successful.
This is the output of the debug ip ospf adj command when there is a mismatch in the type of authentication configured on the routers. This output shows that Router R uses type 1 authentication whereas router R is configured for type 0 authentication.
This means that Router R is configured for plain text authentication Type 1 whereas Router R is configured for null authentication Type 0. This is the output of the debug ip ospf adj command when there is a mismatch in the authentication key password values.
In this case, both routers are configured for plain text authentication Type 1 but there is a mismatch in the key password values. This is the debug ip ospf adj command output for R when MD5 authentication is successful. This output shows that the router R uses type 2 MD5 authentication whereas Router R uses type 1 authentication plain text authentication. This is the output of the debug ip ospf adj command when there is a mismatch in the key IDs that are used for authentication.
This debug ip ospf adj command output for R shows when both Key 1 and Key 2 for MD5 authentication are configured as part of migration. Contents Introduction.
OSPF with Multi-Area Adjacency Configuration Example
Configuration du routage ospf - routeur Cisco
Cisco also recommends that these requirements be met before you attempt the configuration that is described in this document:. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared default configuration. If your network is live, make sure that you understand the potential impact of any command. A router within an Area maintains the complete topology information of that Area. This can not only cause sub-optimal routing in the network, but it can also lead to other issues if the network is not designed correctly. The system requires that traffic from Router 5 R5 to R1
Lab Routage OSPF Multi-Area
- JOHN CHEEVER BULLET PARK PDF
- IVAR JACOBSON OOSE EBOOK PDF
- DATASHEET SRF04 PDF
- MANUAL DE DISEO GEOMETRICO DE CARRETERAS SCT PDF
- GLYCEMIC DURABILITY OF ROSIGLITAZONE METFORMIN OR GLYBURIDE MONOTHERAPY PDF
- BP ENERGEAR HT 75W-90 PDF
- LUXACION DE RODILLA PDF
- CAPSULITE ADESIVA EM PDF
- AKTA MEMBAHARUI UNDANG-UNDANG PERKAHWINAN DAN PERCERAIAN 1976 PDF