authentication-mode (OSPFv3)
Function
The authentication-mode command configures an authentication mode and a password for an OSPFv3 process or area.
The undo authentication-mode command deletes the authentication mode and password configured for an OSPFv3 process or area.
By default, no authentication mode or password are configured for any OSPFv3 process or area.
Format
authentication-mode hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text }
authentication-mode keychain keychain-name
undo authentication-mode hmac-sha256 key-id key-id
undo authentication-mode keychain
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.
Parameters
| Parameter | Description | Value |
|---|---|---|
| hmac-sha256 | Configures HMAC-SHA256 authentication. | - |
| key-id key-id | Specifies the key ID for authentication, which must be the same as the one configured at the other end. | The value is an integer that ranges from 1 to 65535. |
| plain | Configures the plaintext password type. Only a plaintext
password can be entered, and the password is displayed in plaintext
in the configuration file. NOTICE:
If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text. |
- |
| plain-text | Specifies a plaintext password. | The value is a string of 1 to 255 characters without spaces. |
| cipher | Configures the ciphertext password type. You can enter either a plaintext or ciphertext password, but the password is displayed in ciphertext in the configuration file. | - |
| cipher-text | Specifies a ciphertext password. | The value can be a string of 1 to 255 characters for plaintext passwords and 20 to 392 characters for ciphertext passwords without spaces. |
| keychain | Configures keychain authentication. NOTE:
Before configuring this parameter, you must run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail. |
- |
| keychain-name | Specifies a keychain name. | The value is a string of 1 to 47 case-insensitive characters without spaces. |
Usage Guidelines
Usage Scenario
Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 process or area to improve OSPFv3 network security, run the authentication-mode command.
Precautions
If you use area authentication, the authentication and password configurations on the interfaces of all the routers in the area must be the same.
OSPFv3 area authentication has a lower priority than OSPFv3 interface authentication.
To configure OSPFv3 interface authentication, run the ospfv3 authentication-mode command.
Example
# Configure HMAC-SHA256 authentication for OSPFv3 process 100.
<HUAWEI> system-view
[HUAWEI] ospfv3 100
[HUAWEI-ospfv3-100] authentication-mode hmac-sha256 key-id 10 cipher huawei
# Configure HMAC-SHA256 authentication for OSPFv3 area 0.
<HUAWEI> system-view
[HUAWEI] ospfv3 100
[HUAWEI-ospfv3-100] area 0
[HUAWEI-ospfv3-100-area-0.0.0.0] authentication-mode hmac-sha256 key-id 10 cipher huawei