Mikrotik: OSPF Authentication

From OnnoWiki
Revision as of 14:45, 1 January 2019 by Onnowpurbo (talk | contribs) (Created page with "It is possible to secure OSPF packets exchange, MikroTik RouterOS provides two authentication methods, simple and MD5. OSPF authentication is disabled by default. Authenticat...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

It is possible to secure OSPF packets exchange, MikroTik RouterOS provides two authentication methods, simple and MD5. OSPF authentication is disabled by default.

Authentication is configured per interface. Add static ospf interface entry and specify authentication properties to secure OSPF information exchange. md5 authentication configuration on ether1 is shown below: 

/routing ospf interface 
  add interface=ether1 authentication=md5 authentication-key=mySampleKey authentication-key-id=2

Simple authentication is plain text authentication method. Method is vulnerable to passive attacks, anybody with packet sniffer can easily get password. Method should be used only to protect OSPF from mis-configurations.

MD5 is a cryptographic authentication and is more preferred. Authentication-key, key-id and OSPF packet content is used to generate message digest that is added to the packet. Unlike the simple authentication method, key is not exchanged over the network.

Authentication-key-id value is 1, when authentication is not set (even for router that do not allow to set key id at all).


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Mikrotik:_OSPF_Authentication&oldid=53906"