Securing OSPF
Securing OSPF networks will accommodate aegis not alone from awful attacks, but additionally accidental
misconfigurations. The acceptant attributes of OSPF dictates that any router with accommodating configuration
parameters (network mask, accost interval, asleep interval, and the like) can participate in a accustomed OSPF network.
Because of this absence behavior, any cardinal of adventitious factors (misconfigurations, lab machines, test
setups, and so on) accept the abeyant to abnormally affect acquisition in an OSPF environment. Authentication
provides password-based aegis adjoin crooked admission to an area. The Security Appliance supports
OSPF affidavit to defended avenue barter amid the devices. OSPF supports two types of authentication:
simple countersign (clear-text) and MD5 affidavit mechanism. Security Appliance supports both.
Example 6-11 shows how to configure areawide OSPF affidavit on the Security Appliance.
Example 6-11. Configuring Area-Based OSPF Authentication
hostname(config)# router ospf 1
! Enabling area-wide Simple (clear-text) authentication
hostname(config-router)# breadth 0 authentication
! Enabling area-wide MD5 authentication
hostname(config-router)# breadth 0 affidavit message-digest
! Configure OSPF key on the interface
hostname(config-router)# interface inside
! Configuring Simple countersign affidavit key
hostname(config-interface)# ospf authentication-key cisco
! Configuring MD5 affidavit key
hostname(config-interface)# ospf message-digest-key 1 md5 cisco
Alternatively, affidavit can be enabled accurately on a articulation base (per-interface) and not areawide. This
means that both abandon of the articulation on the affiliated accessories charge be configured similarly. Example 6-12 shows
how to configure interface-based OSPF affidavit on the Security Appliance.
Example 6-12. Configuring Interface-Based OSPF Authentication
hostname(config-router)# interface inside
! Configuring Simple countersign affidavit and key
hostname(config-interface)# ospf authentication
hostname(config-interface)# ospf authentication-key cisco
! Configuring MD5 affidavit and key
hostname(config-interface)# ospf affidavit message-digest
hostname(config-interface)# ospf message-digest-key 1 md5 cisco