When neighbor authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives. This is accomplished by the exchange of an authenticating key (sometimes referred to as a password) that is known to both the sending and the receiving router.
To exchange routing update information in a secure manner, enable OSPF authentication. OSPF authentication can either be none (or null), simple, or Message Digest 5 (MD5).
OSPF supports 3 types of authentication:
- Null - This is the default method and means that no authentication is used for OSPF.
- Simple password authentication - This is also referred to as plaintext authentication because the password in the update is sent in plaintext over the network. This is considered to be a legacy method of OSPF authentication.
- MD5 authentication - This is the most secure and recommended method of authentication. MD5 authentication provides higher security because the password is never exchanged between peers. Instead it is calculated using the MD5 algorithm. Matching results authenticate the sender.
Click the Play button in the animation to see how MD5 authentication is used to authenticate neighboring peer messages.
Note: RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various forms of MD5 authentication.