< Home

sham-link (OSPFv3)

Function

The sham-link command configures a sham link.

The undo sham-link command deletes a sham link or restores the default setting. If no optional parameters are specified, a sham link is deleted; if optional parameters are specified, the default values of the parameters are restored.

Format

sham-link source-address destination-address [ cost cost | dead dead-interval | hello hello-interval | instance instance-id | retransmit retransmit-interval | trans-delay trans-delay-interval | { authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name } | ipsec sa sa-name } ] *

undo sham-link source-address destination-address [ cost [ cost ] | dead [ dead-interval ] | hello [ hello-interval ] | retransmit [ retransmit-interval ] | trans-delay [ trans-delay-interval ] | { authentication-mode { hmac-sha256 key-id key-id | keychain } | ipsec sa [ sa-name ] } ] *

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the keychain keychain-name parameter.

Parameters

Parameter Description Value
source-address Specifies the source IPv6 address. -
destination-address specifies the destination IPv6 address. -
cost cost Specifies the cost of a sham link The value is an integer ranging from 1 to 65535. By default, it is 1.
dead dead-interval Specifies the dead interval. This value must be equal to the dead-interval of the switch that sets up a sham link with the local switch, and must be at least four times that of hello-interval. The value is an integer ranging from 1 to 65535, in seconds.
hello hello-interval Specifies the interval for sending Hello packets on an interface. This value must be equal to the hello-interval of the switch that sets up the sham link with the local switch. The value is an integer ranging from 1 to 65535, in seconds.
instance instance-id Specifies the instance ID of a sham link. The value is an integer ranging from 0 to 255.
retransmit retransmit-interval Specifies the interval for retransmitting LSAs on an interface. The value is an integer ranging from 1 to 3600, in seconds.
trans-delay trans-delay-interval Specifies the delay for sending LSAs on an interface. The value is an integer ranging 1 to 800, in seconds.
authentication-mode Indicates the authentication mode over the sham link. -
hmac-sha256 Sets the HMAC-SHA256 authentication mode. -
key-id key-id Specifies the key ID for authentication, which must be the same as the one configured at the other end. The value is an integer ranging from 1 to 65535.
plain Configures the plaintext password type. Only a plaintext password can be entered, and the password is displayed in plaintext in the configuration file.
NOTICE:

If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

 -
plain-text Specifies a plaintext password. The value is a string of 1 to 255 characters, spaces not supported.
cipher Configures the ciphertext password type. You can enter either a plaintext or ciphertext password, but the password is displayed in ciphertext in the configuration file. -
cipher-text Specifies a ciphertext password. The value can be a string of 1 to 255 characters for plaintext passwords and 20 to 392 characters for ciphertext passwords, spaces not supported.
keychain Configures keychain authentication.
NOTE:

Before you configure keychain authentication, run the keychain command to configure a keychain, the key-id command to configure a key ID, the key-string command to configure a password, and the algorithm command to configure an algorithm. If these commands are not run, OSPFv3 authentication fails.

 -
keychain-name Specifies a keychain name. The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string.
ipsec sa sa-name Specifies the name of an SA configured for an OSPFv3 sham link.

The value is an existing SA name.

Views

OSPFv3 area view

Default Level

2: Configuration level

Usage Guidelines

The sham-link command can be configured only in the OSPFv3 VPN process. If two PEs belong to the same area and have an intra-area route, you can set up a sham link between the two PEs so that the VPN backbone route is preferred over the intra-area route.

Example

# Create an OSPFv3 sham link with the source address being FC00:0:0:1001::1 and destination address being FC00:0:0:2001::1.

<HUAWEI> system-view
[HUAWEI] ospfv3 1 vpn-instance vrf1
[HUAWEI-ospfv3-1] area 1
[HUAWEI-ospfv3-1-area-0.0.0.1] sham-link fc00:0:0:1001::1 fc00:0:0:2001::1
Parent Topic: OSPFv3 Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >