12.3.1 Authentication procedure
You can perform authentication using either a plain-text password or an MD5 digest.
- <Structure of this section>
(1) Plaintext password authentication
In plain-text authentication, the authenticating key specified in the switch configuration is sent as a password along with each piece of routing information.
Authentication succeeds if the password in the routing information matches the authenticating key specified in the configuration. The router discards information that fails authentication.
(2) MD5 certification
In MD5 authentication, the receiving router authenticates the source of routing information based on a message digest produced by the MD5 algorithm. The following figure shows the flow of data in MD5 authentication.
|
|
![[Figure Data]](./GRAPHICS/ZU310050.GIF)
A router uses the MD5 hashing algorithm to produce a message digest from the authenticating key, the key ID, and the routing information itself. The sending router sends this message digest along with the routing information.
The receiving router tries all of the authenticating keys configured in the router that have the key ID contained in the routing information. It uses the authenticating keys to compute its own versions of the message digest. Authentication is considered successful if any of the message digests matches the message digest received with the routing information. The routing information is considered to have come from an untrustworthy source if authentication fails despite trying all valid keys. The router discards information that fails authentication.