ospfv3 authentication-mode
Function
The ospfv3 authentication-mode command configures an authentication mode and a password for an OSPFv3 interface.
The undo ospfv3 authentication-mode command deletes the authentication mode and password configured for an OSPFv3 interface.
By default, no authentication mode or password are configured for any OSPFv3 interface.
Format
ospfv3 authentication-mode hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } [ instance instance-id ]
ospfv3 authentication-mode keychain keychain-name [ instance instance-id ]
undo ospfv3 authentication-mode hmac-sha256 key-id key-id [ plain plain-text | cipher cipher-text ] [ instance instance-id ]
undo ospfv3 authentication-mode keychain [ keychain-name ] [ instance instance-id ]
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.
Parameters
| Parameter | Description | Value |
|---|---|---|
| hmac-sha256 | Configures the HMAC-SHA256 authentication mode. | N/A |
| key-id key-id | Specifies the key ID for authentication, which must be the same as the one configured at the other end. | The value is an integer ranging from 1 to 255. |
| plain | Configures the plaintext password type. Only a plaintext
password can be entered, and the password is displayed in plaintext
in the configuration file. NOTICE:
If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text. |
N/A |
| plain-text | Specifies a plaintext password. | The value is a string of 1 to 255 characters, spaces not supported. |
| cipher | Configures the ciphertext password type. You can enter either a plaintext or ciphertext password, but the password is displayed in ciphertext in the configuration file. | N/A |
| cipher-text | Specifies a ciphertext password. | The value can be a string of 1 to 255 characters for plaintext passwords and 20 to 392 characters for ciphertext passwords, spaces not supported. |
| keychain | Configures keychain authentication. NOTE:
Before you configure keychain authentication, run the keychain command to configure a keychain, the key-id command to configure a key ID, the key-string command to configure a password, and the algorithm command to configure an algorithm. If these commands are not run, OSPFv3 authentication fails. |
N/A |
| keychain-name | Specifies a keychain name. | The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string. |
| instance instance-id | Specifies the ID of a VLAN to which the specified interface belongs. | The value ranges from 0 to 255, with default value 0. |
Usage Guidelines
Usage Scenario
Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 interface to improve OSPFv3 network security, run the ospfv3 authentication-mode command.
Precautions
OSPFv3 interface authentication takes precedence over OSPFv3 area authentication.
To configure OSPFv3 area authentication, run the authentication-mode command.
Example
# Configure OSPFv3 HMAC-SHA256 authentication on VLANIF100.
<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] ospfv3
[HUAWEI-ospfv3-1] router-id 10.1.1.1
[HUAWEI-ospfv3-1] quit
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ospfv3 1 area 0
[HUAWEI-Vlanif100] ospfv3 authentication-mode hmac-sha256 key-id 10 cipher huawei
# Configure OSPFv3 HMAC-SHA256 authentication on GE0/0/1.
<HUAWEI> system-view [HUAWEI] ipv6 [HUAWEI] ospfv3 [HUAWEI-ospfv3-1] router-id 10.1.1.1 [HUAWEI-ospfv3-1] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] ipv6 enable [HUAWEI-GigabitEthernet0/0/1] ospfv3 1 area 0 [HUAWEI-GigabitEthernet0/0/1] ospfv3 authentication-mode hmac-sha256 key-id 10 cipher huawei