OSPF_1.3.6.1.2.1.14.16.2.6 ospfIfAuthFailure

Description

OSPF/2/IFAUTFAIL:OID [oid]: A packet is received on a non-virtual interface from a router whose authentication key or authentication type conflicts with the local authentication key or authentication type. (IfIpAddress=[ip-address], AddressLessIf=[interface-index], ProcessId=[process-id], RouterId=[router-id], PacketSrc=[source-ip-address], ConfigErrorType=[error-type], PacketType=[packet-type], InstanceName=[instance-name])

The non-virtual-link interface authentication failed. The possible cause was that the configuration of the non-virtual-link interface authentication was incorrect.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.2.1.14.16.2.6	Major	environmentalAlarm (6)

Parameters

Name	Meaning
oid	Indicates the MIB object ID of the alarm.
IfIpAddress	Indicates the IP address of the non-virtual-link interface.
AddressLessIf	Indicates the index of the interface.
ProcessId	Indicates the process ID.
RouterId	Indicates the ID of the local switch.
PacketSrc	Indicates the source IP address of the packet.
ConfigErrorType	Indicates the error type. 5: Auth type Mismatch 6: Auth Failure
PacketType	Indicates the type of the packet. 1: Hello packet 2: DD packet 3: Request packet 4: Update packet 5: Acknowledgement packet 6: Update packet Retrans 7: Update packet flood
InstanceName	Indicates the instance name.

Impact on the System

This trap message is generated after an interface receives a packet indicating authentication parameters are incorrectly configured.

Possible Causes

The configuration of interface authentication was incorrect.

Procedure

Run the display current-configuration configuration ospf command to check whether area authentication configurations on the two switch devices are consistent, and the display current- configuration interface interface-type interface-number command to check whether the interface authentication configurations on the two ends are consistent. The interface authentication takes precedence over the area authentication.
- If so, go to Step 3.
- If not, go to Step 2.
Perform the following operations according to the networking:
- If it is allowed to modify the configurations on the two ends to be consistent, go to Step 3.
- If it is not allowed to modify the configurations on the two interfaces to be consistent, go to Step 4.
If the authentication is in plain text, modify the authentication password. If the authentication is in cipher text, run the following commands to reconfigure the authentication on the two interfaces as required.
Configure the interface authentication:
- ospf authentication-mode { simple [ plain plain-text | [ cipher ] cipher-text ] | null }
- ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
- ospf authentication-mode keychain keychain-name
Configure the area authentication:
- authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
- authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
- authentication-mode keychain keychain-name
Check whether the trap is cleared.
- If so, go to Step 5.
- If not, go to Step 4.
To ensure high security, it is recommended that the simple, md5, and hmac-md5 authentication modes be not used.
Collect alarm information and configuration information, and then contact technical support personnel.
End.

Related Information

None