Home » Cisco » 210-260 v.2 » Which two authentication types does OSPF support?
Which two authentication types does OSPF support? (Choose two.)
A. plaintext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES
Correct Answer: AB
Explanation/Reference:
These are the three different types of authentication supported by OSPF.
Null Authentication””This is also called Type 0 and it means no authentication information is included in the packet header. It is the default.
Plain Text Authentication””This is also called Type 1 and it uses simple clear-text passwords. MD5 Authentication””This is also called Type 2 and it uses MD5 cryptographic passwords.
Authentication does not need to be set. However, if it is set, all peer routers on the same segment must have the same password and authentication method. The examples in this document demonstrate configurations for both plain text and MD5 authentication.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13697-25.html
https://community.cisco.com/t5/networking-documents/ospf-authentication/ta-p/3131640
Configuration overview:
Only three key point need to be remember while configuring authentication in OSPF
A) Types of Authentication:
There are three different types of authentication available for OSPF version 2:
1) Null authentication: Null authentication means that there is no authentication, which is the default on Cisco routers.
2) Clear text authentication: In this method of authentication, passwords are exchanged in clear text on the network
3) Cryptographic authentication: The cryptographic method uses the open standard MD5 (Message Digest type 5) encryption.
B) Enabling OSPF Authentication:
OSPF authentication can be enabling in two ways:
1) Per interface: Authentication is enabling per interface using the “ip ospf athentication” command.
2) Area authentication: Authentication for area can enable using “area authentication” command.
C) Configuring Authentication Key:
In either case password must be configure at interface using “ip ospf authentication-key” or “ip ospf message-digest-key” command
MD5 is now considered vulnerable to attacks and should only be used when stronger authentication is not available. Cisco IOS release 15.4(1)T added support for OSPF SHA authentication, as detailed in RFC 5709. Therefore, the administrator should use SHA authentication as long as all of the router operating systems support OSPF SHA authentication.