We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 581 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

295 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Jason,

    If you enable those two commands on the interface then MD5 authentication will be used, but only if the interface is running OSPF. You need to make sure you have a network command that covers the subnet of the interface. Otherwise...the interface won't run OSPF so we also won't have any authentication :slight_smile:

    Rene

  2. Hi Shanmugasiva,

    Authentication methods change often throughout the years. Plain text isn't very secure since (as the name implies) everything is clear text. If you use a sniffer like wireshark then you can see the password in the packet capture. MD5 is a bit more secure since it uses hashing.

    On IOS XE, OSPF also supports SHA256 for authentication which is even more secure than MD5.

    You can find the output of the running configuration at the bottom of each lesson:

    How to configure OSPF MD5 Authentication

    OSPF Plain Text Authentication
    OSPF MD5 Authentication

    Rene

  3. Hello Stephane Carlos

    You can either enable MD5 authentication globally in an area, or individually on specific interfaces. So you either enter the command area X authentication message-digest under the OSPF configuration or the ip ospf authentication message-digest command under each interface you want to enable it for.

    It's not quite clear in Rene's lesson. I'll let him know to clarify that.

    Thanks!

    Laz

  4. Hi Rene

    Still i am confused about the same ? if i configure MD5 or plain text on interface then why we need to configure authentication on area ? could you please explain me briefly

  5. In regards to what Rene was saying if you use GNS3 it has that built in wireshark which is very nice. to check out see pic below where you can see clear text password with wireshark in the OSPF header.

    Also you have to understand I am no wireshark expert I am just starting to learn and play around with it more since starting my network studies. So if a novice could find it just think what pros could do and find!

8 more replies! Ask a question or join the discussion by visiting our Community Forum