DES-3326S Layer 3 Fast Ethernet Switch User’s Guide
Switch Management and Operating Concepts 135
OSPF Authentication
OSPF packets can be authenticated as coming from trusted
routers by the use of predefined passwords. The default for
routers is to use not authentication.
There are two other authentication methods − simple password
authentication (key) and Message Digest authentication (MD-5).
Simple Password Authentication
A password (or key) can be configured on a per-area basis.
Routers in the same area that participate in the routing domain
must be configured with the same key. This method is possibly
vulnerable to passive attacks where a link analyzer is used to
obtain the password.
Message Digest Authentication (MD-5)
MD-5 authentication is a cryptographic method. A key and a
key-ID are configured on each router. The router then uses an
algorithm to generate a mathematical “message digest” that is
derived from the OSPF packet, the key and the key-ID. This
message digest (a number) is then appended to the packet.
The key is not exchanged over the wire and a non-decreasing
sequence number is included to prevent replay attacks.
The Backbone and Area 0
OSPF limits the number of link-state updates required between
routers by defining areas within which a given router operates.
When more than one area is configured, one area is designated
as area 0 − also called the backbone.
The backbone is at the center of all other areas − all areas of
the network have a physical (or virtual) connection to the