Technical Tip: How to configure OSPF MD5 authentication

sagha · ‎12-23-2019

Description
This article describes how to configure OSPF MD5 authentication for OSPF-interfaces.

Related link:
https://docs.fortinet.com/document/fortigate/6.2.3/cli-reference/469620/router-ospf
Solution
FortiOS v6.0 and below.

1) Use the following commands to enable OSPF md5 authentication.

# config router ospf
# config ospf-interface
    edit [Interface Entry Name]
        set interface [Interface]
        set authentication md5
        set md5-key [Key ID] [Key String Value]
    next
end

2) Example: MD5 authentication for port4.

# config router ospf
# config ospf-interface
    edit "PORT4"
        set interface "port4"
        set authentication md5
        set md5-key 1 fortinet123
    next
end

3) Verification commands.

# get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 Full/Backup 00:00:34 10.162.0.100 port4

# get router info ospf interface port4
Port4 is up, line protocol is up
Internet Address 10.162.0.114/20, Area 0.0.0.0, MTU 1500
Process ID 0, VRF 0, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 3.3.3.3, Interface Address 10.162.0.114
Backup Designated Router (ID) 2.2.2.2, Interface Address 10.162.0.100
Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 2334819
Hello received 87518 sent 87469, DD received 8 sent 7
LS-Req received 2 sent 2, LS-Upd received 2410 sent 1933
LS-Ack received 1926 sent 2408, Discarded 7

FortiOS v6.2 and above.

1) The key cannot be configured directly under ‘# config ospf-interface’ as ‘set md5-key’ option has been removed.

2) Go under ‘# config ospf-interface’ and then further go under ‘# config md5-keys’ to configure the keys.

3) Syntax.

# config router ospf
# config ospf-interface
    edit [Interface Entry Name]
        set interface [Interface]
        set authentication md5
        # config md5-keys
            edit [Key ID]
                set key-string [Key String Value]
            next
        end
    next
end

4) Example.

# config router ospf
# config ospf-interface
    edit "PORT4"
        set interface "port4"
        set authentication md5
        # config md5-keys
            edit 1
                set key-string fortinet123
            next
        end
    next
end

5) Verification commands.

# get router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 Full/DR 00:00:34 10.162.0.114 port4

# get router info ospf interface port4
port4 is up, line protocol is up
Internet Address 10.162.0.100/20, Area 0.0.0.0, MTU 1500
Process ID 0, VRF 0, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 3.3.3.3, Interface Address 10.162.0.114
Backup Designated Router (ID) 2.2.2.2, Interface Address 10.162.0.100
Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 13694
Hello received 87449 sent 87545, DD received 7 sent 8
LS-Req received 2 sent 2, LS-Upd received 1927 sent 2410
LS-Ack received 2408 sent 1925, Discarded 0
Cryptographic authentication enabled
Sending SA: Key 1