OSPF supports routing protocol authentication using MD5. MD5 authentication can be enabled globally for all interfaces or on a per-interface basis.
To enable OSPF MD5 authentication globally, configure:
- ip ospf message-digest-key key md5 password interface configuration mode command.
- area area-id authentication message-digest router configuration mode command.
This method forces authentication on all OSPF enabled interfaces. If an interface is not configured with the ip ospf message-digest-key command, it will not be able to form adjacencies with other OSPF neighbors.
To provide more flexibility, authentication is now supported on a per-interface basis. To enable MD5 authentication on a per-interface basis, configure:
- ip ospf message-digest-key key md5 password interface configuration mode command.
- ip ospf authentication message-digest interface configuration mode command.
Global and per-interface OSPF MD5 authentication can be used on the same router. However, the interface setting overrides the global setting. MD5 authentication passwords do not have to be the same throughout an area; however, they do need to be the same between neighbors.
For example, assume that all routers in the figure have converged using OSPF and routing is functioning properly. OSPF authentication will be implemented on all routers.