Skip to content

All the information you need—in one place.

Want to read our latest whitepapers or Tech Tips? Or check out our library of data sheets and case studies? Netcordia's resource center is constantly updated with new materials, so you can always stay on top of our products, solutions, and services.

Ball State University Uses NetMRI

"NetMRI is a functional, cost-effective way to manage a variety of network issues in one place. Every morning I can go to the Issues page and see what is on the horizon for the day...it is critical that we have a solution like NetMRI to ensure that our policies are uniformly enforced throughout the network."

—Daniel Fortreide, Senior Network Engineer

Read Case Study

Tech Tips

Take the Next Step:

Related Information

Network Analysis Tip: Configuring OSPF Authentication

Why is this important?

It is good network practice to use OSPF authentication to improve network reliability and security. Let’s take the case where a corporate partner needs a connection into your network and due to a configuration error within your network, the interface connecting to that router is set to run OSPF. Matching only a couple of incidental parameters would allow that router to inject routing information into your network. Since many sites use private addresses internally, the chances of an overlap of some subnets is pretty high, potentially creating what looks like a routing black hole (the packets for your subnet are routed to the corporate partner’s router).

On the security front, a router equipped with an unauthorized connection can be used to create a man-in-the-middle vulnerability where packets to a specific destination are forced through the rogue router.

Authentication of routing protocol exchanges helps to mitigate these threats.

Manual determination

OSPF authentication is pretty simple to configure. The Cisco IOS configuration fragment below shows the basic commands you need. Note the use of the interface subcommand options to enable authentication on the interface and within the OSPF area. This example is for one interface on one router. The same keyid and key (the number 1 and the text secret-password in the third line) must exist on all interfaces of all routers on the same subnet.

interface ethernet 0
ip address 10.1.1.1 255.255.255.0
ip ospf message-digest-key 1 md5 secret-password

router ospf 1
network 10.1.1.1 0.0.0.0 area 0
area 0 authentication message-digest

To verify that OSPF authentication is set on all router interfaces, you must check the configurations of each router.

Automatic determination

NetMRI reports routers running OSPF without authentication enabled. In addition, NetMRI can be used to create a Configuration Policy Definition file to automatically check that the correct configuration has been implemented on the interfaces of each router.

Further reference:

The configuration of OSPF authentication for different vendors is slightly different. Check your vendor documentation for the correct syntax to use.

Cisco search: "Sample Configuration for Authentication in OSPF"

Cisco search: “Configuring OSPF Authentication on a Virtual Link”

Back to Tech Tips