TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

771

772

773

774

775

776

777

778

779

780

9-34

Routing

OSPF

The TMS zl Module supports two types of OSPF authentication:

■ OSPF simple password authentication

■ Authentication with MD5

With OSPF simple password authentication, routers simply add a password

to the 64-bit authentication field in the OSPF header.

With MD5 authentication, a router uses a secret key and the MD5 algorithm

to generate a message digest for a packet. Routers that receive the packet

dehash the message digest using the same key. If the dehashed message digest

matches the packet, the packet is authentic.

Authentication with MD5 is more secure than simple password authentica-

tion. Attackers can intercept a valid OSPF packet and read the simple pass-

word. However, message digests are unique to each packet and impossible to

generate without the secret key.

Simple password authentication is most useful for ensuring routers do not

send messages into networks in the wrong area. Simply configure a different

simple password for each network. MD5 authentication, on the other hand,

also protects against hackers.

Note You must set the same password or key for each router on a network, but you

can set different passwords or keys for different networks. However, you must

use the same type of authentication (none, simple, or MD5) for every network

in an area.

You configure OSPF authentication in the Enable OSPF on a VLAN window. See

step 9 on page 9-44.

OSPF Authentication

If you enable authentication on your OSPF network, then routers will not

exchange their databases to achieve adjacency until they have authenticated

each other with a password. OSPF authentication prevents network devices

from inadvertently joining the wrong area. In addition, hackers and malware

can send pseudo-OSPF packets to establish a neighbor relationship with the

routers on your private network. After this relationship is established, the

hackers and the malware writers receive LSAs and learn valuable information

about your network. OSPF authentication ensures that routers on your private

network do not accept unauthorized packets.

The TMS zl Module supports two types of OSPF authentication:

■ OSPF simple password authentication (text)