Continuing on from Lab 5 - Part 2 Adding Additional Routers To The OSPF Network, where we added some additional routers to our OSPF Multi Area network, we'll now take a look at configuring Authentication, Custom Metrics and Route Summarization.

OSPF Authentication

The first thing we'll do is configure OSPF Authentication in area 20 of the network. When your configuring authentication the best method to do this is from the outisde in or from the edge to the core. If you configure the message-digest before the key, you your adjacency will go down. So it's better to configure the message-digest-key before the authentication message-digest.

Configure OSPF authentication on R6:

R6(config)#interface fastethernet 0/0
R6(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R6(config-if)#ip ospf authentication message-digest

At this point the adjacency will go down:

*Mar  1 00:16:43.963: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

On R3 you will get the Mismatch Authentication type message as shown below:

Mar  1 00:16:51.199: OSPF: Rcv pkt from 10.3.6.2, FastEthernet3/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0

Configure OSPF authentication on R5:

R5(config)#interface fastethernet 1/0
R5(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R5(config-if)#ip ospf authentication message-digest
R5(config-if)#interface fastethernet 0/0
R5(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R5(config-if)#ip ospf authentication message-digest

Configure OSPF authentication on R3. On R3 we'll use the router ospf configuration command area 20 authentication message-digest which will set all interfaces that are a member of area 20 to use the message-digest method of authentication.

R3(config)#interface fastethernet 3/0
R3(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R3(config-if)#interface fastethernet 2/0                
R3(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R3(config-if)#interface fastethernet 0/0                
R3(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R3(config-if)#router ospf 1
R3(config-router)#area 20 authentication message-digest

Configure OSPF authentication on R4:

R4(config)#interface fastethernet 1/0
R4(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R4(config-if)#ip ospf authentication message-digest
R4(config-if)#interface fastethernet 0/0
R4(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R4(config-if)#ip ospf authentication message-digest     

Configure OSPF authentication on R2:

R2(config)#interface fastethernet 2/0
R2(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#interface fastethernet 1/0                
R2(config-if)#ip ospf message-digest-key 1 md5 networkfoo
R2(config-if)#ip ospf authentication message-digest 

Once you've configured the OSPF authentication you may notice that the MD5 key is displayed in clear text in the configuration, as show below:

!
interface FastEthernet1/0
 ip address 10.2.3.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 networkfoo
 duplex auto
 speed auto
!

In order to prevent someone from easily learning the password, over your shoulder for example, use the service password-encryption global command which will encrypt the key in the configuration file.

interface FastEthernet1/0
 ip address 10.2.3.1 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 09424B1D0E0A05190D030B
 duplex auto
 speed auto
!

You can use the show ip ospf interface command to view the authentication configured on an interface:

FastEthernet1/0 is up, line protocol is up
  Internet Address 10.2.3.1/30, Area 20
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 3.3.3.3, Interface address 10.2.3.2
  Backup Designated router (ID) 2.2.2.2, Interface address 10.2.3.1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Supports Link-local Signaling (LLS)
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 2
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 3.3.3.3  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

Custom Metrics

Now Lets take a look at customizing some of the metrics to influence the routing tables. The routing table on R5 currently looks like this:

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 4 subnets
O       172.16.4.0 [110/2] via 10.4.5.1, 00:49:37, FastEthernet1/0
C       172.16.5.0 is directly connected, Loopback0
O       172.16.6.0 [110/3] via 10.3.5.1, 00:49:37, FastEthernet0/0
O       172.16.3.0 [110/2] via 10.3.5.1, 00:49:37, FastEthernet0/0
     10.0.0.0/30 is subnetted, 7 subnets
O IA    10.1.1.0 [110/3] via 10.4.5.1, 00:49:37, FastEthernet1/0
                 [110/3] via 10.3.5.1, 00:49:37, FastEthernet0/0
O IA    10.0.0.0 [110/4] via 10.4.5.1, 00:49:37, FastEthernet1/0
                 [110/4] via 10.3.5.1, 00:49:37, FastEthernet0/0
C       10.4.5.0 is directly connected, FastEthernet1/0
O       10.2.3.0 [110/2] via 10.3.5.1, 00:49:37, FastEthernet0/0
C       10.3.5.0 is directly connected, FastEthernet0/0
O       10.2.4.0 [110/2] via 10.4.5.1, 00:49:37, FastEthernet1/0
O       10.3.6.0 [110/2] via 10.3.5.1, 00:49:37, FastEthernet0/0
O IA 192.168.1.0/24 [110/5] via 10.4.5.1, 00:49:37, FastEthernet1/0
                    [110/5] via 10.3.5.1, 00:49:37, FastEthernet0/0

You can see R5 has two equal cost routes to the network 192.168.1.0/24 via R4 and R3. Lets say we want R5 to only use R4, to do this we will raise the interface cost on the link between R5 and R3 making it less favourable then the route via R4. We can view the current interface cost using the show ip ospf interface command, to limit the output to just the info we want will use an output modifier:

R5#show ip ospf interface fastethernet 0/0 | include Cost
  Process ID 1, Router ID 5.5.5.5, Network Type BROADCAST, Cost: 1

As you can see the current cost on the R5 - R3 link is 1. Now we'll alter the Cost and check the routing table again:

R5(config)#interface fastethernet 0/0
R5(config-if)#ip ospf cost 5 

You can see the routing table has updated and only contains the route via R4:

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 4 subnets
O       172.16.4.0 [110/2] via 10.4.5.1, 00:00:02, FastEthernet1/0
C       172.16.5.0 is directly connected, Loopback0
O       172.16.6.0 [110/5] via 10.4.5.1, 00:00:02, FastEthernet1/0
O       172.16.3.0 [110/4] via 10.4.5.1, 00:00:02, FastEthernet1/0
     10.0.0.0/30 is subnetted, 7 subnets
O IA    10.1.1.0 [110/3] via 10.4.5.1, 00:00:02, FastEthernet1/0
O IA    10.0.0.0 [110/4] via 10.4.5.1, 00:00:02, FastEthernet1/0
C       10.4.5.0 is directly connected, FastEthernet1/0
O       10.2.3.0 [110/3] via 10.4.5.1, 00:00:02, FastEthernet1/0
C       10.3.5.0 is directly connected, FastEthernet0/0
O       10.2.4.0 [110/2] via 10.4.5.1, 00:00:02, FastEthernet1/0
O       10.3.6.0 [110/4] via 10.4.5.1, 00:00:02, FastEthernet1/0
O IA 192.168.1.0/24 [110/5] via 10.4.5.1, 00:00:03, FastEthernet1/0

Route Summarization

We'll now configure route summarization to summarize the 172.16.*.0/24 subnets. Right now the routing table on R0 contains an individual route for each of the 172.16.*.0/24 subnets located in OSPF area 20. We'll setup route summarization on R2 using the area range router ospf configuration command. The area range command can only be used on ABR router, it is used to summarize the routes for an area. Let's take a look at R0's routing table before we make the changes:

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 4 subnets
O IA    172.16.4.0 [110/4] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    172.16.5.0 [110/5] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    172.16.6.0 [110/5] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    172.16.3.0 [110/4] via 10.0.0.2, 02:06:04, FastEthernet0/0
     10.0.0.0/30 is subnetted, 7 subnets
O IA    10.1.1.0 [110/2] via 10.0.0.2, 02:43:03, FastEthernet0/0
C       10.0.0.0 is directly connected, FastEthernet0/0
O IA    10.4.5.0 [110/4] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    10.2.3.0 [110/3] via 10.0.0.2, 02:19:34, FastEthernet0/0
O IA    10.3.5.0 [110/4] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    10.2.4.0 [110/3] via 10.0.0.2, 02:06:04, FastEthernet0/0
O IA    10.3.6.0 [110/4] via 10.0.0.2, 02:06:04, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback0

We'll now make our configuration changes on R2:

R2#configure terminal
R2(config)#router ospf 1
R2(config-router)#area 20 range 172.16.0.0 255.255.248.0 advertise

Lets take a look at R0's routing table now:

Gateway of last resort is not set

     172.16.0.0/21 is subnetted, 1 subnets
O IA    172.16.0.0 [110/4] via 10.0.0.2, 00:00:03, FastEthernet0/0
     10.0.0.0/30 is subnetted, 7 subnets
O IA    10.1.1.0 [110/2] via 10.0.0.2, 02:43:21, FastEthernet0/0
C       10.0.0.0 is directly connected, FastEthernet0/0
O IA    10.4.5.0 [110/4] via 10.0.0.2, 02:06:22, FastEthernet0/0
O IA    10.2.3.0 [110/3] via 10.0.0.2, 02:19:52, FastEthernet0/0
O IA    10.3.5.0 [110/4] via 10.0.0.2, 02:06:22, FastEthernet0/0
O IA    10.2.4.0 [110/3] via 10.0.0.2, 02:06:22, FastEthernet0/0
O IA    10.3.6.0 [110/4] via 10.0.0.2, 02:06:22, FastEthernet0/0
C    192.168.1.0/24 is directly connected, Loopback0

Notice there is a single route now, much cleaner!