3.3.n Implement and troubleshoot routing protocol authentication

3.3.n [i] MD5

The integrity of routing information inside a network is of the utmost importance as it can influence how traffic reaches specific destinations. Configuring the use of routing protocol authentication is an easy option that ensures that the device on the other side of a connection is who they say they are.

There are two general ways that authentication is implemented by most routing protocols : using a routing protocol centric solution that configures the passwords or keys to use within the routing protocol configuration, or by using a general solution that utilizes separately configured keys that are able to be used by multiple routing protocols. Both OSPF and BGP use the former methods and configure the specific authentication type and passwords/ keys within their specific respective configurations. RIP and EIGRP utilize the latter methods by utilizing a separate authentication key mechanism that is configured and then utilized for either RIP or EIGRP.

OSPF Authentication

The configuration of OSPF requires a couple of different commands; which commands are used is determined by the type of authentication and method of authentication exchange. OSPF supports two different types of authentication that can be configured: authentication limited to a specific interface, or authentication configured over an entire OSPF area. Regardless of which of these options is selected there are also two different methods of authentication exchange that can be configured for each, these include : cleartext simple exchange, or MD5 exchange. When using MD5 the password/ key that is configured is not sent between the exchanging devices, instead a hash is calculated and sent; this hash is then verified by the remote device to ensure identity.

RIP and EIGRP utilize key chains for their authentication configuration. The key chain configuration provides the ability to setup multiple keys that can be used by the supporting features. This includes the ability to have keys that potentially overlap in the time that they are valid. Keys can also be configured with specific transmit (send) and receive (accept ) lifetimes that provide the ability to have keys automatically change at a predetermined time.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2868-2869).  . Kindle Edition.

http://www.ciscopress.com/articles/article.asp?p=1728836