Fortinet black logo

CLI Reference

config router md5-ospf

config router md5-ospf

Use this command to configure a table of MD5 keys used in OSPF cryptographic authentication. The table can include up to 256 entries. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough).

OSPF cryptographic authentication involves the use of a shared secret key to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

Before you begin:

  • You must have read-write permission for router settings.

After you have configured an MD5 key configuration object, you can specify it in the OSPF router configuration.

Syntax

config router md5-ospf

edit <name>

config md5-member

edit <No.>

set md5-key <string>

next

end

next

end

<No.>

A number 1-255. Each member key ID must be unique to its member list.
md5-key A string of up to 16 characters to be hashed with the cryptographic MD5 hash function.

Example

FortiADC-docs # config router md5-ospf

FortiADC-docs (md5-ospf) # edit md5-key-pool

Add new entry 'md5-key-pool' for node 3752

FortiADC-docs (md5-key-pool) # config md5-member

FortiADC-docs (md5-member) # edit 1

Add new entry '1' for node 3754

FortiADC-docs (1) # set key 0123456789abcdef

FortiADC-docs (1) # end

FortiADC-docs (md5-key-pool) # end

FortiADC-docs #

config router md5-ospf

Use this command to configure a table of MD5 keys used in OSPF cryptographic authentication. The table can include up to 256 entries. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough).

OSPF cryptographic authentication involves the use of a shared secret key to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

Before you begin:

  • You must have read-write permission for router settings.

After you have configured an MD5 key configuration object, you can specify it in the OSPF router configuration.

Syntax

config router md5-ospf

edit <name>

config md5-member

edit <No.>

set md5-key <string>

next

end

next

end

<No.>

A number 1-255. Each member key ID must be unique to its member list.
md5-key A string of up to 16 characters to be hashed with the cryptographic MD5 hash function.

Example

FortiADC-docs # config router md5-ospf

FortiADC-docs (md5-ospf) # edit md5-key-pool

Add new entry 'md5-key-pool' for node 3752

FortiADC-docs (md5-key-pool) # config md5-member

FortiADC-docs (md5-member) # edit 1

Add new entry '1' for node 3754

FortiADC-docs (1) # set key 0123456789abcdef

FortiADC-docs (1) # end

FortiADC-docs (md5-key-pool) # end

FortiADC-docs #