Configuring OSPF interface authentication

Optional: For more information, see Configuring OSPF interface authentication.

Configuring OSPF password authentication

Syntax:

ip ospf [ip-address] authentication-key key-string

no ip ospf [ip-address] authentication

Used in the VLAN interface context to configure password authentication for all interfaces in the VLAN or for a specific subnet. The password takes effect immediately, and all OSPF packets transmitted on the interface contain this password. All OSPF packets received on the interface are also checked for the password. If it is not present, the packet is dropped.

To disable password authentication on an interface, use the no form of the command.

For the 5400zl switches, when the switch is in enhanced secure mode, commands that take a secret key as a parameter have the echo of the secret typing replaced with asterisks. The input for key-string is prompted for interactively. For more information, see the access security guide for your switch.

ip-address

Used in subnetted VLAN contexts where you want to assign or remove a password associated with a specific subnet.

Omit this option when you want the command to apply to all interfaces configured in the VLAN.

key-string

An alphanumeric string of one to eight characters. (Spaces are not allowed.)

To change the password, re-execute the command with the new password.

Use show ip ospf interface ip-address to view the current authentication setting.

NOTE: To replace the password method with the MD5 method on a given interface, overwrite the password configuration by using the MD5 form of the command shown in the next syntax description. (It is not necessary to disable the currently configured OSPF password.)

Default: Disabled

Configuring OSPF MD5 authentication

Syntax:

ip ospf md5-auth-key-chain chainname-string

no ip ospf [ip-address] authentication

Used in the VLAN interface context to configure MD5 authentication for all interfaces in the VLAN or for a specific subnet. The MD5 authentication takes effect immediately, and all OSPF packets transmitted on the interface contain the designated key. All OSPF packets received on the interface are also checked for the key. If it is not present, the packet is dropped.

To disable MD5 authentication on an interface, use the no form of the command.

NOTE: Before using this authentication option, you must configure one or more key chains on the routing switch by using the Key Management System (KMS). See the access security guide for your switch.

Default: Disabled

ip-address

Used in subnetted VLAN contexts where you want to assign or remove MD5 authentication associated with a specific subnet.

Omit this option when you want the command to apply to all interfaces configured in the VLAN.

chain-name-string

The name of a key generated using the key-chain chain_name key key_id.

To change the MD5 authentication configured on an interface, re-execute the command with the new MD5 key.

Use show ip ospf interface ip-address to view the current authentication setting.


	NOTE: To replace the MD5 method with the password method on a given interface, overwrite the MD5 configuration by using the password form of the command shown in the next syntax description. (It is not necessary to disable the currently configured OSPF MD5 authentication.)

Default: Disabled

prev	up	next
Adjusting performance by changing the VLAN or subnet interface settings	home	Configuring a virtual link


	NOTE: To replace the password method with the MD5 method on a given interface, overwrite the password configuration by using the MD5 form of the command shown in the next syntax description. (It is not necessary to disable the currently configured OSPF password.)


	NOTE: Before using this authentication option, you must configure one or more key chains on the routing switch by using the Key Management System (KMS). See the access security guide for your switch.