Tags

,

Junos_sw_logo

Ok, getting back to where I left of in April (gasp!) –  with OSPF Router ID , lets continue with OSPF Authentication.
Keep in mind that these posts actually build off the previous posts, so you may need to review the others again.
First up, our topology for this lab:

OSPF Authentication

Ok, time for some OSPF Authentication.  First up, link authentication!

We will configure authentication on the link between J1 and R4.

 

R4 up first!

 

R4(config-if)#int e0

R4(config-if)#ip ospf authentication message-digest

R4(config-if)# ip ospf message-digest-key 1 md5 JtoC1234

 

Then across the console comes a message that OSPF Adjacency changed:

*Mar  1 10:05:56.757: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Ethernet0 from FULL to DOWN, Neighbor Down: Dead timer expired

               

Ok, time to check J1 and see if the R4 neighbor is down

 

 

jfry@J1> show ospf neighbor

Address          Interface              State     ID               Pri  Dead

192.168.13.3     fe-0/0/2.0             Full      33.33.33.33      128    37

192.168.12.2     ge-0/0/0.0             Full      22.22.22.22      128    31

 

Good, time to configured J1 for OSPF link authentication

[edit]

jfry@J1# set protocols ospf area 0 interface fe-0/0/7 authentication md5 1 key JtoC1234

 

[edit]

jfry@J1# commit and-quit

 

Ok, we should be back up.

jfry@J1> show ospf neighbor

Address          Interface              State     ID               Pri  Dead

192.168.13.3     fe-0/0/2.0             Full      33.33.33.33      128    37

192.168.14.4     fe-0/0/7.0             Full      44.44.44.44        1    38

192.168.12.2     ge-0/0/0.0             Full      22.22.22.22      128    39

 

jfry@J1>

 

We have neighbors, now to check to make sure they are MD5 authenticated

jfry@J1> show ospf interface fe-0/0/7.0 detail

Interface           State   Area            DR ID           BDR ID          Nbrs

fe-0/0/7.0          DR      0.0.0.0         1.1.1.1         44.44.44.44        1

  Type: LAN, Address: 192.168.14.1, Mask: 255.255.255.0, MTU: 1500, Cost: 1

  DR addr: 192.168.14.1, BDR addr: 192.168.14.4, Priority: 128

  Adj count: 1

  Hello: 10, Dead: 40, ReXmit: 5, Not Stub

  Auth type: MD5, Active key ID: 1, Start time: 1970 Jan  1 00:00:00 UTC

  Protection type: None

  Topology default (ID 0) -> Cost: 1

 

jfry@J1>

 

Good, auth type is MD5 and Active Key is 1!

 

Time to ping R3 from R4 loopback to test!

R4#ping 3.3.3.3 so l0

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

R4#

Now time to configure Area authentication!