Authenticating OSPF MD5 on a virtual link


ip ospf md5-auth-key-chain chain-name-string no ip ospf [ip-address] authentication

Used to configure MD5 authentication in the router OSPF context on both ABRs in a virtual link. The MD5 authentication takes effect immediately, and all OSPF packets transmitted on the link contain the designated key. Every OSPF packet received on the interface for the virtual link on each ABR is checked for the key. If it is not present, the packet is dropped.

To disable MD5 authentication on an ABR interface used for a virtual link, use the no form of the command. The password must be the same on both ABRs on a given virtual link.


Before using this authentication option, you must configure one or more key chains on the routing switch by using the Key Management System (KMS). See the Access Security Guide for your routing switch.


For an ABR in a given virtual link, this is the IP address used to create the link on that ABR. (This IP address matches the IP address of the interface on the opposite end of the virtual link. See the description of ip-address in the syntax description under Configuring a virtual link.)


The name of a key generated using the key-chain chain_name key key_id command.

To change the MD5 authentication configured on a virtual link, re-execute the command with the new MD5 key.


To replace the MD5 method with the password method on a virtual link, overwrite the MD5 configuration by using the password form of the command. (It is not necessary to disable the currently configured OSPF MD5 authentication.)

Default: Disabled