ospf part 4: ospf authentication

Hi there mate! This will be the last discussion on OSPF configuration. The rest of the OSPF topics will discuss how OSPF works and the content of Hello packet. The last topic that we had was configuring passive interfaces for security reasons. This time, we will configure OSPF with authentication using encrypted passwords. The need for configuring authentication is very simple, it is to provide security to active interfaces.  I mean active interface are those interfaces that receives and sends hello or OSPF updates. They cannot be a passive interface so authentication will be the best process to secure those interfaces.

Just come to imagine the scenario below wherein12a1

Instead that the interface serial 1/0 of router 1 is connected to router2. It was connected to hacking router so it will lead to security breach.

So let us get back to our original topology.

12a2.PNG

Authentication SYNTAX:

en 
conf t
router ospf {process#} <— process # 
area {area#} authentication message digest < — we set authentication on the entire area on specific router
exit
int serial x/x
ip ospf message-digest-key 1 md5 {password} <— the authentication used is MD5 , you can further check on google how it works 

Note: 1.) We set password on each interface since the security breach may happen on each                     interface

2.) We can set multiple passwords on each interface: the syntax will follow:

 

int serial x/x
ip ospf message-digest-key 1 md5 {password}
ip ospf message-digest-key 2 md5 {password}

Very easy configuration right? So let us try to check the configuration on each router.
en
conf t
router ospf 100
area 0 authentication message-digest
exit
int se 1/0
ip ospf message-digest-key 1 md5 cisco

12a3

As we can see, opsf neighbor adjacency went down. It is for the reason that the neighbor router is not also configured with authentication and so they will not established neighbor relationship. Another way to verify: show ip ospf neighbor

12a4

So no neighbor relationship established. We can now continue with R2 authentication configuration:

@r2

en
conf t
router ospf 100
area 0 authentication message-digest
exit

12a5

As I go on, I can see that neighbor adjacency went down even without configuring the interfaces. It is for the reason that authentication was configured globally so it affects all the interfaces involved. We need to go by interfaces so that it would be more secured and to specify the password. How we will enter a locked door without a key? There should be a key. We need to specify the password / key-string. Below shows that no neighbor adjacency was established.

12a6

Let us continue the configuration:

int se 1/0
ip ospf message-digest-key 1 md5 cisco
int se 1/1
ip ospf message-digest-key 1 md5 cisco
exit

Below is what happened when I configured authentication on R2. We can see that serial 1/0 went up since it is connected to R1 and R1 has already md5 configuration. We can see on neighbor table that only R1 exists since R3 doesnt have md5 configuration.

12a7.png

Below is the neighbor table of R1, it shows that he can now see R2

12a8

Lastly, let us configure R3:
en
conf t
router ospf 100
area 0 authentication message-digest
exit
int se 1/1
ip ospf message-digest-key 1 md5 cisco
exit

12a9.png

Nothing much special with R3 configuration. We already discussed that serial 1/1 is possible to turn up since all routers has already md5 authentication and also router 2 appears on neighbor table. One thing that I can add to is that you alway see that term “from loading to FULL”. Those are stages of neighbor adjacency which we will discuss on the next topics.

I guess right now, you wonder how ospf works? We will discuss that on the next topic.

Advertisements

DNS lookup Operation

Hi there mate, First, I am very much thankful you keep my blogs alive even though I’ve been silent for almost more than two months. The reason is that I already took the exam and yup, I am now Nicole Guzman, CCNA. Anyway, I am very thankful to those followers and those who are requesting for me to write a blog post for me to share my knowledge and at the same time learn as I teach here. We will be dealing this time on DNS lookup operation as a special topic requested.

So can you imagine a world wherein you use IP address instead of the name of website each time you visit internet? Can you imagine teaching your grandma accessing internet by the use of IP address instead the website itself? Definitely, it is not user-friendly. So DNS came as a solution for that.

 

DNS lookup operation works like this:

1st Our goal is for  PC1 to get to http://www.halimbawa.com

2nd Your browser or operating system will determine whether he already knows this website. It is either configured on the operating system, or stored on cache. For demonstation reasons,  let us take the worst case scenario.

3rd In the event your browser or operating system doesn’t know the website, it will ask the resoving name server whether it is stored on cache.

4th In the event that the resolving name server cannot find the IP address of such website,it will inquire Root name server.These servers are really special, because they hold all of the domain names and their corresponding IP addresses

5th In the event that the resolving name server cannot find the IP address on root name server, root name server would refer it to the TLD name server. TLD refers to the top level domain. For example, on the website http://www.halimbawa.com, com is the TLD.

6th TLD name server would lastly refer resolving name server to go to AUTHORITATIVE NAME SERVER. How did TLD server know that the IP address of http://www.halimbawa.com can be found on Authoritative name server? First, ANS or authoritative name server is on top of the hierarchy of DNS servers. Also, when such domain was bought ,the domain registry will notify the organization responsible for the TLD (registry) and tell them to update the TLD name servers

Lastly, the resolving name server already knows the IP address of http://www.halimbawa.com and it is 192.168.33.5. Hola! PC1 can now get to http://www.halimbawa.com. It may seem very complex but the thing here, it is the most overlooked process.