24-Port Layer 3 Switch Management Guide
IP R
OUTING
 C
OMMANDS
4-265
ip ospf message-digest-key
Use this command to enable message-digest (MD5) authentication on the 
specified interface and to assign a key-id and key to be used by neighboring 
routers. Use the no form to remove an existing key.
Syntax 
ip ospf message-digest-key key-id md5 key
no ip ospf message-digest-key key-id
• key-id - Index number of an MD5 key. (Range: 1-255)
• key - Alphanumeric password used to generate a 128 bit message 
digest or “fingerprint.” (Range: 1-16 characters)
Command Mode 
Interface Configuration (VLAN)
Default Setting 
MD5 authentication is disabled.
Command Usage 
• Normally, only one key is used per interface to generate authentication 
information for outbound packets and to authenticate incoming 
packets. Neighbor routers must use the same key identifier and key 
value.
• When changing to a new key, the router will send multiple copies of all 
protocol messages, one with the old key and another with the new key. 
Once all the neighboring routers start sending protocol messages back 
to this router with the new key, the router will stop using the old key. 
This rollover process gives the network administrator time to update 
all the routers on the network without affecting the network 
connectivity. Once all the network routers have been updated with the 
new key, the old key should be removed for security reasons.
Example
This example sets a message-digest key identifier and password.
Console(config)#interface vlan 1
Console(config-if)#ip ospf message-digest-key 1 md5 aiebel
Console(config-if)#










