The authentication-mode command configures BFD session authentication information.
The undo authentication-mode command deletes the configured BFD session authentication information.
By default, BFD session authentication information is not configured.
authentication-mode met-sha1 key-id key-id-value cipher cipher-text nego-packet [ timeout-interval interval-value ]
undo authentication-mode
| Parameter | Description | Value |
|---|---|---|
| met-sha1 | Specifies MSHA1 to decrypt and authenticate. |
- |
| key-id key-id-value | Specifies the authentication key ID of a BFD session. |
The value is an integer that ranges from 1 to 255. |
| cipher cipher-text | Specifies a ciphertext BFD authentication password. You can enter either a simple or ciphertext password, but the password is displayed in ciphertext in the configuration file. |
The value is a string of characters.
NOTE:
The characters exclude question marks (?) and
spaces. However, if a password string is between a pair of quotation
marks, the string can contain spaces. |
| nego-packet | Authenticates BFD negotiation packets. |
- |
| timeout-interval interval-value | Specifies the negotiation timeout period of a BFD session. |
The value is an integer ranging from 1 to 10000,
in seconds. This parameter has no default value.
NOTE:
After a BFD negotiation timeout period is configured, the BFD negotiation timeout timer is started when the BFD session goes Down (the event is not triggered by a link fault detected). If the timer has expired but the BFD session is still Down, the link protocol of the associated interface goes Down. |
Usage Scenario
On a network demanding higher security, run the authentication-mode command to configure BFD session authentication information to improve network security. In a specific access scenario, for example, when a multicast BFD session is associated with the protocol status of an interface, you need to configure authentication information for the BFD session on the interface. BFD negotiation can succeed, the BFD-associated protocol status of the interface can be activated, and users can access the device through this interface only when the BFD session authentication information on both ends is consistent.
Prerequisites
BFD has been globally enabled using the bfd command in the system view.
A BFD session used to detect the physical link status has been created using the bfd bind peer-ip default-ip command in the system view.
Precautions
If you run the authentication-mode command to configure BFD session authentication information, BFD renegotiation will be performed. BFD renegotiation can succeed only when the BFD session authentication information on both ends is consistent.
Adding, modifying, or deleting BFD session authentication information may interrupt the service associated with the BFD session.