Complete Cisco Nexus OSPF Authentication, Route Summarization & Redistribution Lab | Part 6

Complete Cisco Nexus OSPF Authentication & Route Summarization Lab | Part 6

Welcome to Part 6 of the Cisco Nexus enterprise networking lab series. This advanced networking tutorial focuses on OSPF authentication, route summarization, loopback advertisement, security concepts, and enterprise routing optimization.

What You Will Learn:

• OSPF MD5 Authentication
• OSPF Clear Text Authentication
• OSPF Route Summarization
• Area Range Summaries
• EIGRP Route Summaries into OSPF
• Loopback Interface Configuration
• Enterprise Routing Security

---

Table of Contents

• 1. OSPF Authentication Overview
• 2. Task 1 - Configure OSPF MD5 Authentication
• 3. Task 2 - Configure Clear Text Authentication
• 4. Task 3 - Configure Additional Loopbacks
• 5. Task 4 - Configure OSPF Route Summarization
• 6. Task 5 - Configure EIGRP Loopbacks on R2
• 7. Task 6 - Summarize EIGRP Networks into OSPF
• 8. Verification Commands
• 9. OSPF Mathematics & Summarization Calculations
• 10. OSPF Security Concepts
• 11. Related Articles
• 12. Conclusion

---

1. OSPF Authentication Overview

OSPF authentication protects routing updates from unauthorized devices. Without authentication, rogue routers can inject fake routing information into enterprise networks.

Cisco supports multiple authentication methods:

• Null Authentication
• Simple Password Authentication
• MD5 Authentication

Best Practice: MD5 authentication is more secure than plain text authentication because the password is hashed before transmission.

MD5 Hashing Concept

MD5 generates a fixed-size hash value:

\[ H(x)=128\text{-bit hash} \]

Where:

• \(H(x)\) = Hash Function
• \(x\) = Original Password

---

2. Task 1 - Configure OSPF MD5 Authentication

MD5 authentication will be configured between:

• R1
• NX-01
• NX-02

Authentication details:

• Key ID = 123
• Password = Cisco@123

R1 Configuration

interface e0/1
 ip ospf authentication message-digest
 ip ospf message-digest-key 123 md5 Cisco@123

interface e0/2
 ip ospf authentication message-digest
 ip ospf message-digest-key 123 md5 Cisco@123

---

NX-01 Configuration

interface vlan10
 ip ospf authentication message-digest
 ip ospf message-digest-key 123 md5 Cisco@123

---

NX-02 Configuration

interface vlan20
 ip ospf authentication message-digest
 ip ospf message-digest-key 123 md5 Cisco@123

How MD5 Authentication Works

When routers exchange OSPF packets:

• The packet is hashed using MD5
• The receiving router validates the hash
• If hashes mismatch, adjacency fails

This prevents unauthorized routers from forming OSPF neighbors.

Verification Command

show ip ospf interface

---

3. Task 2 - Configure Clear Text Authentication

NX-01 and NX-03 will use simple clear text authentication.

Security Warning: Clear text authentication sends passwords in readable format and should only be used in lab environments.

NX-01 Configuration

interface vlan30
 ip ospf authentication
 ip ospf authentication-key Cisco123

---

NX-03 Configuration

interface vlan30
 ip ospf authentication
 ip ospf authentication-key Cisco123

OSPF Authentication Verification

show ip ospf neighbor

---

4. Task 3 - Configure Additional Loopbacks

Additional loopbacks simulate enterprise branch networks and remote subnets.

NX-04 Loopback Configuration

interface loopback201
 ip address 202.1.20.1/24
 ip router ospf 1 area 20

interface loopback202
 ip address 202.1.21.1/24
 ip router ospf 1 area 20

interface loopback203
 ip address 202.1.22.1/24
 ip router ospf 1 area 20

interface loopback204
 ip address 202.1.23.1/24
 ip router ospf 1 area 20

Enterprise Insight: Loopback interfaces are commonly used to represent stable networks, router IDs, management interfaces, and service endpoints.

---

5. Task 4 - Configure OSPF Route Summarization

NX-02 summarizes Area 20 routes toward Area 0.

NX-02 Summarization Configuration

router ospf 1
 area 20 range 202.1.20.0 255.255.252.0

Why 255.255.252.0?

Subnet mask:

\[ 255.255.252.0 \]

Binary:

\[ 11111111.11111111.11111100.00000000 \]

This creates:

\[ /22 \]

Range covered:

• 202.1.20.0
• 202.1.21.0
• 202.1.22.0
• 202.1.23.0

Benefits of Summarization:

• Smaller routing tables
• Faster convergence
• Reduced CPU usage
• Improved scalability
• Reduced LSDB size

---

6. Task 5 - Configure EIGRP Loopbacks on R2

Additional loopbacks will be configured on R2 and advertised through EIGRP.

R2 Loopback Configuration

interface loopback201
 ip address 222.1.4.1 255.255.255.0

interface loopback202
 ip address 222.1.5.1 255.255.255.0

interface loopback203
 ip address 222.1.6.1 255.255.255.0

interface loopback204
 ip address 222.1.7.1 255.255.255.0

---

EIGRP Advertisement Configuration

router eigrp NX-12
 address-family ipv4 unicast autonomous-system 12
 network 222.1.4.0
 network 222.1.5.0
 network 222.1.6.0
 network 222.1.7.0

EIGRP Route Verification

show ip route eigrp

---

7. Task 6 - Summarize EIGRP Networks into OSPF

R1 summarizes redistributed EIGRP networks into OSPF.

R1 Summary Configuration

router ospf 1
 summary-address 222.1.4.0 255.255.252.0

Summary Mathematics

Networks:

• 222.1.4.0
• 222.1.5.0
• 222.1.6.0
• 222.1.7.0

Binary calculation:

\[ 4 = 00000100 \]

\[ 7 = 00000111 \]

Common prefix:

\[ /22 \]

ASBR Behavior: R1 acts as an Autonomous System Boundary Router because it redistributes EIGRP into OSPF.

---

8. Verification Commands

Command	Purpose
show ip ospf neighbor	Verify OSPF adjacency
show ip ospf database	Verify LSDB
show ip route ospf	Verify OSPF routes
show ip route eigrp	Verify EIGRP routes
show ip protocols	Verify routing protocols
ping	Connectivity testing

Example OSPF Route Table

O IA 202.1.20.0/22
O E2 222.1.4.0/22

---

9. OSPF Mathematics & Summarization Calculations

OSPF SPF Cost Formula

\[ \text{Cost}=\frac{\text{Reference Bandwidth}}{\text{Interface Bandwidth}} \]

Example Calculation

Gigabit Ethernet:

\[ \frac{100000000}{1000000000}=0.1 \]

Cisco rounds minimum OSPF cost to:

\[ 1 \]

LSA Reduction Through Summarization

Without summarization:

\[ 4 \text{ routes} \]

With summarization:

\[ 1 \text{ summary route} \]

Reduction:

\[ 4-1=3 \]

---

10. OSPF Security Concepts

OSPF security is critical in enterprise environments.

Common OSPF Attacks

• Fake route injection
• Rogue neighbor formation
• LSA flooding attacks
• Topology manipulation

Security Recommendations

• Use MD5 authentication
• Use passive interfaces
• Limit OSPF exposure
• Use infrastructure ACLs
• Monitor LSDB changes

Production Recommendation: Always use cryptographic authentication in production enterprise networks.

---

11. Related Articles

• Part 1 - Complete Cisco Nexus VLAN Trunking Lab
• Part 2 - Complete Cisco Nexus Static Routing Lab
• Part 3 - Complete Cisco Nexus EIGRP Lab
• Part 4 - Complete Cisco Nexus EIGRP Authentication & Summarization Lab
• Part 5 - Complete Cisco Nexus OSPF & EIGRP Redistribution Lab
• Part 7 - Complete Cisco Nexus BGP & OSPF Stub Area Lab Guide

---

12. Conclusion

This advanced Cisco Nexus lab demonstrated:

• OSPF MD5 authentication
• OSPF clear text authentication
• Enterprise route summarization
• EIGRP to OSPF route injection
• OSPF Area summarization
• Loopback advertisements
• Enterprise routing optimization

Final Takeaway: Authentication protects routing domains from unauthorized access, while summarization improves scalability and convergence in enterprise networks. Together, these technologies form a critical part of real-world enterprise routing design.