Use this command to configure a table of MD5 keys used in OSPF cryptographic authentication. The table can include up to 256 entries. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough).
OSPF cryptographic authentication involves the use of a shared secret key to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.
Before you begin:
- You must have read-write permission for router settings.
After you have configured an MD5 key configuration object, you can specify it in the OSPF router configuration.
config router md5-ospf
set md5-key <string>
|A number 1-255. Each member key ID must be unique to its member list.
|A string of up to 16 characters to be hashed with the cryptographic MD5 hash function.
FortiADC-docs # config router md5-ospf
FortiADC-docs (md5-ospf) # edit md5-key-pool
Add new entry 'md5-key-pool' for node 3752
FortiADC-docs (md5-key-pool) # config md5-member
FortiADC-docs (md5-member) # edit 1
Add new entry '1' for node 3754
FortiADC-docs (1) # set key 0123456789abcdef
FortiADC-docs (1) # end
FortiADC-docs (md5-key-pool) # end