12 Mar 2011 - Lab-Rat
OSPF authentication must be declared with TWO statements. Either one areawide statement under router configuration to activate authentication, and an interface statement, or two statements under the interface.
Under the Router Configuration:
Cleartext:
area area-id authentication
MD5
area area-id authentication message-digest
Under the Interface Configuration:
Cleartext:
ip ospf authentication ! (Required if not already covered with area authentication under router configuration).
ip ospf authentication-key cleartxt
MD5
ip ospf authentication message-digest ! (Required if not already covered with area authentication under router configuration).
ip ospf message-digest-key keyid md5 secret
Under the Router Configuration:
Cleartext
area area-id virtual-link router-id authentication-key cleartxt
MD5
area area-id virtual-link router-id message-digest-key keyid md5 secret
Note: Remember that by default, Virtual Links belong to Area 0. So you if turn on Area 0 authentication, don’t forget to add authentication to your virtual links!
show ip ospf interface s0/0/0
- Look for the line near the end- it should either be:
Message digest authentication enabled
or
Simple password authentication enabled
Additional Reading:
OSPF Virtual Link Authentication
OSPF Configuration
OSPF Authentication Sample Configuration