ip ospf authentication message-digest
Enables MD5 authentication for OSPF on an interface to ensure routing updates are authenticated and secure.
ip ospf authentication message-digestWhen to Use This Command
- Securing OSPF routing updates between routers in a corporate network to prevent unauthorized route injection.
- Complying with security policies that require authentication for all routing protocols.
- Preventing accidental or malicious OSPF neighbor formation from unauthorized routers.
- Configuring OSPF authentication in a multi-vendor environment where MD5 is supported.
Command Examples
Enable MD5 authentication with a key ID
interface GigabitEthernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 MySecretKeyGigabitEthernet0/0 is up, line protocol is up Internet address is 192.168.1.1/30 OSPF authentication is enabled (message-digest) OSPF message-digest key 1 is set
The first command enables MD5 authentication. The second sets the key ID (1) and the password (MySecretKey). The output confirms authentication is enabled and the key is configured.
Verify OSPF authentication on an interface
show ip ospf interface GigabitEthernet0/0GigabitEthernet0/0 is up, line protocol is up
Internet Address 192.168.1.1/30, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 192.168.1.1
Backup Designated router (ID) 2.2.2.2, Interface address 192.168.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1The output shows OSPF interface details. The line 'Message digest authentication enabled' confirms MD5 authentication is active. 'Youngest key id is 1' indicates the key ID in use.
Understanding the Output
When you run 'show ip ospf interface', look for the line 'Message digest authentication enabled' to confirm MD5 authentication is active. The 'Youngest key id' shows the key ID being used for authentication. If authentication is misconfigured, the neighbor state may show 'DOWN' or 'INIT' instead of 'FULL'. A missing or mismatched key will prevent OSPF adjacency from forming. In production, ensure all routers on the same link have identical key IDs and passwords.
CCNA Exam Tips
CCNA exam tip: Remember that 'ip ospf authentication message-digest' enables MD5 authentication, but you must also configure a key with 'ip ospf message-digest-key'.
CCNA exam tip: The key ID must match on both routers; otherwise, authentication fails and neighbor adjacency will not form.
CCNA exam tip: OSPF authentication is configured per interface, not globally. You must enter interface configuration mode.
CCNA exam tip: The password is sent as an MD5 hash, not in plaintext, but it is stored in the running config as plaintext unless you enable service password-encryption.
Common Mistakes
Mistake 1: Forgetting to configure the message-digest-key after enabling authentication, causing OSPF to reject all packets and neighbor adjacency to fail.
Mistake 2: Using different key IDs or passwords on neighboring routers, leading to authentication mismatch and no OSPF adjacency.
Mistake 3: Applying authentication only on one side of the link; both sides must have matching authentication configuration.
Related Commands
ip ospf message-digest-key 1 md5 [key]
Configures OSPF MD5 authentication on an interface by defining a key ID and password to authenticate OSPF packets.
show ip ospf interface
Displays OSPF interface parameters and status, used to verify OSPF configuration and troubleshoot neighbor relationships.
show ip ospf neighbor
Displays OSPF neighbor information to verify adjacency formation and troubleshoot OSPF neighbor relationships.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions