OSPFv2 supports two authentication methods: MD5 and plaintext/simple.
Configuring plaintext authentication in OSPFv2:
Note: make sure the service password-encryption is enabled or the plaintext key will be stored in plain text.
Configuring OSPFv2 MD5 authentication:
OSPFv3 Details:
- OSPFv3 uses IPsec for authentication and encryption of the router updates. It uses AH (authentication header) for the authentication and ESP (encapsulated security protocol) for encryption.
- A security policy must be identified on the router, including the key and an SPI value.
- Authentication headers are removed from the OSPFv3 protocol. It uses the native IPsec mechanisms inherent in the IPv6 extension headers instead.
- You can configure authentication alone using the ipv6 ospf authentication command, or with ESP using the ipv6 ospf encryption command (whose syntax contains the authentication key configuration).
To configure per area, simply replace the interface command syntax ipv6 ospf with area <area#> under the routing process. The remaining syntax remains the same.
To validate IPsec security associations, use the show crypto ipsec sa interface <interface> command.