Chapter 9
Configuring IP Routing
hostname(config-interface)# ospf authentication [message-digest | null]
To assign a password to be used by neighboring OSPF routers on a network segment that is using
•
the OSPF simple password authentication, enter the following command:
hostname(config-interface)# ospf authentication-key key
The key can be any continuous string of characters up to 8 bytes in length.
The password created by this command is used as a key that is inserted directly into the OSPF header
when the security appliance software originates routing protocol packets. A separate password can
be assigned to each network on a per-interface basis. All neighboring routers on the same network
must have the same password to be able to exchange OSPF information.
To explicitly specify the cost of sending a packet on an OSPF interface, enter the following
•
command:
hostname(config-interface)# ospf cost cost
The cost is an integer from 1 to 65535.
To set the number of seconds that a device must wait before it declares a neighbor OSPF router down
•
because it has not received a hello packet, enter the following command:
hostname(config-interface)# ospf dead-interval seconds
The value must be the same for all nodes on the network.
To specify the length of time between the hello packets that the security appliance sends on an OSPF
•
interface, enter the following command:
hostname(config-interface)# ospf hello-interval seconds
The value must be the same for all nodes on the network.
To enable OSPF MD5 authentication, enter the following command:
•
hostname(config-interface)# ospf message-digest-key key_id md5 key
Set the following values:
–
–
Usually, one key per interface is used to generate authentication information when sending packets
and to authenticate incoming packets. The same key identifier on the neighbor router must have the
same key value.
We recommend that you not keep more than one key per interface. Every time you add a new key,
you should remove the old key to prevent the local system from continuing to communicate with a
hostile system that knows the old key. Removing the old key also reduces overhead during rollover.
•
To set the priority to help determine the OSPF designated router for a network, enter the following
command:
hostname(config-interface)# ospf priority number_value
The number_value is between 0 to 255.
To specify the number of seconds between LSA retransmissions for adjacencies belonging to an
•
OSPF interface, enter the following command:
hostname(config-interface)# ospf retransmit-interval seconds
OL-12172-03
key_id—An identifier in the range from 1 to 255.
key—Alphanumeric password of up to 16 bytes.
Cisco Security Appliance Command Line Configuration Guide
Configuring OSPF
9-11