OSPF Null Authentication

 

In the previous post (OSPF Authentication), we have learned how to configure and troubleshoot OSPF Authentication. However, we only focused on Authentications Type 1 and Type 2.

So you may be wondering: what about Type 0 or Null Authentication?   What is it for?

Well, this type of authentication is typically used in links where authentication is not required.  Let me explain.   If your organization is using OSPF authentication in an Area and you try to form an adjacency with another device where authentication is not configured or desired, there is where OSPF Null Authentication enters to play.

To configure OSPF Null Authentication use the interface level command:  ip ospf authentication null.

For example, let’s take a look to the following topology:

OSPF-NULL-A-Topology

In this scenario R1, R2 and R4 have configured OSPF authentication using Cryptography (Authentication Type 2).    R3 was recently added to the network; however the adjacency with R1 is not established.

First, let’s debug the ospf adjacencies and try to find what the problem is.

OSPF-Null-Debug-R1

OSPF-Null-Debug-R3

As you can see in the above output, the problem is mismatch authentication types between the peers.

R1 is using Type 2 (Crypto) and R3 is using Type 0 (null).

Now let’s take a look at the configuration of R1 and R3:

OSPF-NULL-R1-TO-R3

R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.124.1 255.255.255.0
ip ospf message-digest-key 1 md5 cisco124
!
interface Ethernet0/1
ip address 192.168.13.1 255.255.255.252
ip ospf network point-to-point
!
router ospf 1
router-id 0.0.0.1
area 0 authentication message-digest
network 1.1.1.1 0.0.0.0 area 0
network 192.168.13.1 0.0.0.0 area 0
network 192.168.124.0 0.0.0.255 area 0
!

As shown in the configuration above, R1 was configured to authenticate all devices connected to area 0 with the command area 0 authentication message-digest.  This will be equivalent to adding the command ip ospf authentication message-digest to all interfaces connecting to Area 0.

A way to verify this statement is by using the command show ip ospf interface {interface-id}.

OSPF-NULL-show-ospf-if-e0-0

OSPF-NULL-show-ospf-if-e0-1

R3:

!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.13.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/1
ip address 172.16.30.3 255.255.255.0
!
router ospf 1
router-id 0.0.0.3
passive-interface default
no passive-interface Ethernet0/0
network 3.3.3.3 0.0.0.0 area 0
network 172.16.30.0 0.0.0.255 area 0
network 192.168.13.2 0.0.0.0 area 0
!

As shown in the configuration above, R3 do not have OSPF authentication configured.

To solve this issue, just configure OSPF null authentication to the interface in R1 connecting to R3:

!
interface ethernet0/1
ip ospf authentication null
end
!

After the above configuration was applied, the peers R1 and R3 will form adjacency:

OSPF-NULL-Solution-Neighbors

Let’s take a look at the result of the configuration in the interface:

OSPF-NULL-Solution-e-0-1

It is time to close this post. Thank you for visiting.