Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Configuring OSPF MD5 Authentication - Question

Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27838

  • Damien610
  • Damien610's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
OK, am slowly setting up OSPF MD5 authentication using the online help command, I choose encryption type 7, after this when I entered my password (baker) I got the OSPF Invalid
encrypted pasword error see below..

Dublin(config-if)#ip ospf message-digest-key 1 ?
md5 Use MD5 algorithm

Dublin(config-if)#ip ospf message-digest-key 1 md5 ?
<0-7> Encryption type (0 for not yet encrypted, 7 for proprietary)
LINE The OSPF password (key)

Dublin(config-if)#ip ospf message-digest-key 1 md5 7 ?
LINE The OSPF password (key)

Dublin(config-if)#ip ospf message-digest-key 1 md5 7 baker
OSPF: Invalid encrypted password: baker

I erased the invalid line using the

Dublin(config-if)#no ip ospf message-digest-key 1 md5 7 baker

Then entered without the Encryption type as below

Dublin(config-if)#ip ospf message-digest-key 1 md5 baker

This worked and after configuring the neighbouring router, MD5 authentication was configured.

My questions are....

What is the purpose of the <0-7> Encryption type :?:

Why did I get the error :?:
The administrator has disabled public write access.

Re: Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27849

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
Are you using real routers or Packet Tracer? I recall an inconsistency in the commands when I used Packet Tracer for authentication. I assumed that there was a bug in the software but didn't investigate further.
The administrator has disabled public write access.

Re: Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27851

  • novembre
  • novembre's Avatar
  • Offline
  • Frequent Member
  • Posts: 58
  • Karma: 0
0 tells the router that a plaintext password follow (default)
7 tells the router that a type 7 Cisco password will follow

Thats why you got the error, "OSPF: Invalid encrypted password: baker" Because you entered a plaintext password.

If you setup one neighbour with "ip ospf message-digest-key 1 md5 cisco" and the other with "ip ospf message-digest-key 1 md5 7 110A1016141D" they will form an adjacency because "110A1016141D" is the type 7 password for "cisco"

BTW if you enable password encryption (service password-encryption) then the running config will change itself to the type 7 password and setup as above.. I'm not about the why of this, it will probably be on cisco's command reference guide. Maybe the command was added before password-encryption was standard or maybe its so you don't have to give you password out to everyone working on the network - I dunno, either way type 7 passwords are very easily broken...
The administrator has disabled public write access.

Re: Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27854

  • SteveP
  • SteveP's Avatar
  • Offline
  • Distinguished Member
  • Posts: 161
  • Karma: 0
Hey novembre, that's a nice answer ... and I'd not even considered that interpretation, having waded through plenty of Cisco material! I don't think it's intuitive. I'll make sure that I play around with this at the next opportunity.

As a side shoot - I realise that "baker" couldn't possibly be anything other than plain text, but what if the password happened to be ABCDEF (OK, not a strong password, but you get the point). It *could* be plain text or it *could* be encrypted. If a netadmin happened to configure two adjacent routers and, mistakenly, configured "0" on one router and "7" on the other (both passwords "ABCDEF"), it could be a very difficult error to pick up. I suspect that clues would be seen in the debug output.
The administrator has disabled public write access.

Re: Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27855

  • Damien610
  • Damien610's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
If you setup one neighbour with "ip ospf message-digest-key 1 md5 cisco" and the other with "ip ospf message-digest-key 1 md5 7 110A1016141D" they will form an adjacency because "110A1016141D" is the type 7 password for "cisco"

shouldnt that be

ip ospf message-digest-key 1 md5 0 cisco - which will denote clear text ?

also, how do you know that 110A1016141D is the type 7 password for cisco :?:
The administrator has disabled public write access.

Re: Configuring OSPF MD5 Authentication - Question 7 years 11 months ago #27858

  • novembre
  • novembre's Avatar
  • Offline
  • Frequent Member
  • Posts: 58
  • Karma: 0
Damien610:

either or, 0 is the default - if you type "ip ospf message-digest-key 1 md5 0 cisco" it will look like "ip ospf message-digest-key 1 md5 cisco" in your config. I knew the encrypted version of "cisco" because I configured the password in plaintext and then enabled password-encryption for my router.


SteveP:

yah I dunno, there must be an algorithm to check, they look suspiciously hexadecimal so that could be a start. I only know the difference because I misconfigured OSPF on a Juniper ERX by doing something similar (in a previous lifetime ERX's belonged to a different vendor who borrowed a lot of CLI from Cisco).

Regardless, you'd be mad to configure your router this way, you get the same effect by configuring a sane plaintext password then enabling password-encryption.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup