Microsoft ES4612 User Manual

Command Line Interface

4-274

ip ospf message-digest-key

This command enables message-digest (MD5) authentication on the specified
interface and to assign a key-id and key to be used by neighboring routers. Use the
no form to remove an existing key.

Syntax

ip ospf message-digest-key key-id md5 key
no ip ospf message-digest-key key-id

• key-id - Index number of an MD5 key. (Range: 1-255)
• key - Alphanumeric password used to generate a 128 bit message digest

or “fingerprint.” (Range: 1-16 characters)

Command Mode

Interface Configuration (VLAN)

Default Setting

MD5 authentication is disabled.

Command Usage

• Normally, only one key is used per interface to generate authentication

information for outbound packets and to authenticate incoming packets.
Neighbor routers must use the same key identifier and key value.

• When changing to a new key, the router will send multiple copies of all

protocol messages, one with the old key and another with the new key. Once
all the neighboring routers start sending protocol messages back to this router
with the new key, the router will stop using the old key. This rollover process
gives the network administrator time to update all the routers on the network
without affecting the network connectivity. Once all the network routers have
been updated with the new key, the old key should be removed for security
reasons.

Example
This example sets a message-digest key identifier and password.

Related Commands

ip ospf authentication (4-272)

Console(config)#interface vlan 1
Console(config-if)#ip ospf message-digest-key 1 md5 aiebel
Console(config-if)#