How to Configure OSPF Authentication

How to Configure OSPF Authentication

28271
Created On 09/25/18 17:50 PM - Last Modified 06/14/23 06:06 AM


Resolution


Palo Alto Networks firewalls can use the following types of authentication for OSPF:

  • Type0 No Authentication
  • Type1 Plain Text Authentication or Type 1, that uses simple clear-text passwords.
  • Type2 MD5 Authentication or Type 2 that uses MD5 cryptographic passwords.

Steps

  1. Configure an Authentication profile and choose Simple Password or MD5 password type.
  2. Once the profile is definedattach it to one OSPF-enabled interface and commit the changes.

For troubleshooting, look at the routed.log file using the CLI command:

> tail follow yes mp-log routed.log

The following are sample routed.log entries:

  1. Fully Adjacent
    **** AUDIT      0x3e01 - 200  (0000) **** I:00000505 F:00000040

    qoamddsc.c 1014 :at 19:34:49, 10 February 2013 (4379890 ms)
    Database exchange with an adjacent OSPF neighbor has been completed.
    The adjacency with this neighbor is now fully up.
    Neighbor router ID                192.168.13.99
    Neighbor IP address                192.168.13.99

  2. While testing changing authentication type
    **** AUDIT      0x3e01 - 91  (0000) **** I:00003ed1 F:00000040

    qodmnmi.c 210 :at 21:43:03, 10 February 2013 (5853790 ms)
    An adjacency with a neighbor has gone down.
    Resources associated with database exchange for this neighbor will be
    freed.
    Neighbor router ID                192.168.12.99
    Neighbor IP address                192.168.13.99

  3. OSPF Neighbor No Password while PA side configured for Clear Text Password
    **** AUDIT      0x3e02 - 39  (0000) **** I:00002c2b F:00000010
    qon2auth.c 707 :at 23:09:13, 10 February 2013 (3130980 ms)
    OSPF 1 Packet received with unexpected authentication type 0.
    Expected authentication type = 1.
    Packet data =
      45C0004C 0A340000 01590055 C0A80D63 E0000005 0201002C C0A80C63 00000000
      517E0000 00000000 00000000 FFFFFF00 000A120A 00000028 C0A80D63 00000000
      FFF60003 00010004 00000001

  4. MD5 Authentication while PA side configured for Clear Text Password
    **** AUDIT      0x3e02 - 39  (0000) **** I:0000330e F:00000010

    qon2auth.c 707 :at 23:18:53, 10 February 2013 (3711010 ms)
    OSPF 1 Packet received with unexpected authentication type 2.
    Expected authentication type = 1.
    Packet data =
      45C00078 0A820000 0159FFDA C0A80D63 E0000005 02010030 C0A80C63 00000000
      00000002 00000010 3C7EE878 FFFFFF00 000A120A 00000028 C0A80D63 C0A80D01
      C0A80C01 A22541E7 95E0BFB8 E2911562 EB920B2C 00000009 00010004 00000001
      00020014 3C7EE878 011241E5 DD4B6AA7 22E64507 F51E98B5

owner: aciobanu



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKACA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language