Configuring an Authentication Mode
Context
OSPFv3 supports keychain and HMAC-SHA256 authentication modes. The following procedure uses keychain authentication as an example.
Before you configure keychain authentication, run the keychain command to configure a keychain, the key-id command to configure a key ID, the key-string command to configure a password, and the algorithm command to configure an algorithm. If these commands are not run, OSPFv3 authentication will fail.
If plain is selected during the authentication mode configuration, the password is saved in the configuration file in plain text. This is a security risk. It is recommended that you select cipher to save the password in cipher text.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.
Procedure
- Configure OSPFv3 area authentication.
- Run authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name }
OSPFv3 area authentication is configured.
If you use OSPFv3 area authentication, the authentication and password configurations on all switch in the same area must be the same.
- Run authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name }
- Configure OSPFv3 process authentication.
- Configure OSPFv3 interface authentication.
- (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
- (Optional) On an Ethernet interface, run undo portswitch