We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

451 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hi Jason,

    If you enable those two commands on the interface then MD5 authentication will be used, but only if the interface is running OSPF. You need to make sure you have a network command that covers the subnet of the interface. Otherwise…the interface won’t run OSPF so we also won’t have any authentication :slight_smile:


  2. Hi Shanmugasiva,

    Authentication methods change often throughout the years. Plain text isn’t very secure since (as the name implies) everything is clear text. If you use a sniffer like wireshark then you can see the password in the packet capture. MD5 is a bit more secure since it uses hashing.

    On IOS XE, OSPF also supports SHA256 for authentication which is even more secure than MD5.

    You can find the output of the running configuration at the bottom of each lesson:

    How to configure OSPF MD5 Authentication

    OSPF Plain Text Authentication
    OSPF MD5 Authentication


  3. Hello Stephane Carlos

    You can either enable MD5 authentication globally in an area, or individually on specific interfaces. So you either enter the command area X authentication message-digest under the OSPF configuration or the ip ospf authentication message-digest command under each interface you want to enable it for.

    It’s not quite clear in Rene’s lesson. I’ll let him know to clarify that.



  4. Hello Aniket

    There are essentially two parts to the configuration of MD5 authentication for OSPF. One is the configuration of the parameters themselves such as key number and password. This is performed on the interface in question with the command ip ospf message-digest-key X md5 password.

    The second part to the configuration has to do with the actual activation of the functionality. This can be done in two ways:

    One is to activate the authentication functionality on a per interface basis. This involves implementing the ip ospf authentication message-dige

    ... Continue reading in our forum

  5. In regards to what Rene was saying if you use GNS3 it has that built in wireshark which is very nice. to check out see pic below where you can see clear text password with wireshark in the OSPF header.


    Also you have to understand I am no wireshark expert I am just starting to learn and play around with it more since starting my network studies. So if a novice could find it just think what pros could do and find!

10 more replies! Ask a question or join the discussion by visiting our Community Forum