Ok, getting back to where I left of in April (gasp!) –  with OSPF Router ID , lets continue with OSPF Authentication.
Keep in mind that these posts actually build off the previous posts, so you may need to review the others again.
First up, our topology for this lab:

OSPF Authentication

Ok, time for some OSPF Authentication.  First up, link authentication!

We will configure authentication on the link between J1 and R4.


R4 up first!


R4(config-if)#int e0

R4(config-if)#ip ospf authentication message-digest

R4(config-if)# ip ospf message-digest-key 1 md5 JtoC1234


Then across the console comes a message that OSPF Adjacency changed:

*Mar  1 10:05:56.757: %OSPF-5-ADJCHG: Process 1, Nbr on Ethernet0 from FULL to DOWN, Neighbor Down: Dead timer expired


Ok, time to check J1 and see if the R4 neighbor is down



jfry@J1> show ospf neighbor

Address          Interface              State     ID               Pri  Dead     fe-0/0/2.0             Full      128    37     ge-0/0/0.0             Full      128    31


Good, time to configured J1 for OSPF link authentication


jfry@J1# set protocols ospf area 0 interface fe-0/0/7 authentication md5 1 key JtoC1234



jfry@J1# commit and-quit


Ok, we should be back up.

jfry@J1> show ospf neighbor

Address          Interface              State     ID               Pri  Dead     fe-0/0/2.0             Full      128    37     fe-0/0/7.0             Full        1    38     ge-0/0/0.0             Full      128    39




We have neighbors, now to check to make sure they are MD5 authenticated

jfry@J1> show ospf interface fe-0/0/7.0 detail

Interface           State   Area            DR ID           BDR ID          Nbrs

fe-0/0/7.0          DR        1

  Type: LAN, Address:, Mask:, MTU: 1500, Cost: 1

  DR addr:, BDR addr:, Priority: 128

  Adj count: 1

  Hello: 10, Dead: 40, ReXmit: 5, Not Stub

  Auth type: MD5, Active key ID: 1, Start time: 1970 Jan  1 00:00:00 UTC

  Protection type: None

  Topology default (ID 0) -> Cost: 1




Good, auth type is MD5 and Active Key is 1!


Time to ping R3 from R4 loopback to test!

R4#ping so l0


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms


Now time to configure Area authentication!