Courseiva
OSPFRouter Config

area [id] authentication message-digest

Enables OSPF MD5 authentication on a specific area to ensure that only trusted routers participate in OSPF routing updates within that area.

Syntax·Router Config
area [id] authentication message-digest

When to Use This Command

  • Securing OSPF routing in a corporate network to prevent unauthorized routers from injecting false routes.
  • Configuring OSPF authentication in a multi-tenant environment where different areas are managed by different teams.
  • Meeting compliance requirements that mandate authentication for all routing protocols.
  • Troubleshooting OSPF neighbor issues caused by authentication mismatch between routers.

Command Examples

Enable MD5 authentication on area 0

area 0 authentication message-digest
Router(config-router)# area 0 authentication message-digest
Router(config-router)#

The command is entered without any output; it simply enables MD5 authentication for area 0. After this, each interface in area 0 must have an 'ip ospf message-digest-key' command configured.

Verify OSPF authentication configuration

show ip ospf interface gigabitethernet0/0
GigabitEthernet0/0 is up, line protocol is up
  Internet Address 192.168.1.1/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 1.1.1.1, Interface address 192.168.1.1
  Backup Designated router (ID) 2.2.2.2, Interface address 192.168.1.2
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Can be protected by per-prefix Loop-Free Fast Reroute
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

The output shows OSPF interface details. The line 'Message digest authentication enabled' confirms that MD5 authentication is active. 'Youngest key id is 1' indicates the key ID being used. If authentication is not configured, this line would be absent or show 'No authentication'.

Understanding the Output

The 'show ip ospf interface' command is used to verify OSPF authentication. Look for the line 'Message digest authentication enabled' to confirm that MD5 authentication is active on the interface. If authentication is missing, the line will not appear or will state 'No authentication'. The 'Youngest key id' field shows the key ID currently in use; all routers in the same area must have matching key IDs and passwords. A mismatch will prevent OSPF neighbor adjacency from forming. In a real network, you should also check that all interfaces in the area have the same authentication configuration to avoid partial connectivity.

CCNA Exam Tips

1.

CCNA exam tip: Remember that 'area [id] authentication message-digest' is configured in router config mode, not interface mode.

2.

CCNA exam tip: After enabling area authentication, you must configure 'ip ospf message-digest-key [key-id] md5 [password]' on each interface in that area.

3.

CCNA exam tip: The key ID must match between neighbors; otherwise, authentication fails and OSPF adjacency does not form.

4.

CCNA exam tip: Use 'show ip ospf interface' to verify authentication status; look for 'Message digest authentication enabled'.

Common Mistakes

Mistake 1: Forgetting to configure the 'ip ospf message-digest-key' on interfaces after enabling area authentication, causing OSPF neighbors to fail to form.

Mistake 2: Using different key IDs or passwords on routers in the same area, leading to authentication mismatches and neighbor flapping.

Mistake 3: Applying the 'area authentication' command to the wrong area ID, which can cause authentication to be enabled on unintended areas.

Related Commands

ip ospf message-digest-key 1 md5 [key]

Configures OSPF MD5 authentication on an interface by defining a key ID and password to authenticate OSPF packets.

show ip ospf interface

Displays OSPF interface parameters and status, used to verify OSPF configuration and troubleshoot neighbor relationships.

show ip ospf neighbor

Displays OSPF neighbor information to verify adjacency formation and troubleshoot OSPF neighbor relationships.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions