Information
Enables the authentication of OSPF neighbor before routing information is received from the neighbor
Rationale:
Enabling the routing protocol authentication prevents against attackers who can send wrong routing information in order to redirect traffic to their network or send malformed packets in order to saturate and to exhaust the control plane.
Solution
* Step 1: Acquire the interface <interface_name> used by the firewall to receive OSPF routing updates and the area ID <area_id>
* Step 2: Agree with the neighbor device on the authencation key <key_value> and determine an authentication key ID <key_id>
* Step 3: Run the following to enable OSPF authentication
HOSTNAME(CONFIG)#INTERFACE <_interface_name_>
HOSTNAME(CONFIG-IF)# OSPF AUTHENTICATION MESSAGE-DIGEST
HOSTNAME(CONFIG-IF)# OSPF MESSAGE-DIGEST-KEY _<key_id>_ MD5 <key_value>
HOSTNAME(CONFIG-IF)#EXIT
HOSTNAME(CONFIG)#AREA _<area_id>_ AUTHENTICATION MESSAGE-DIGEST