dhcpv6 relay database authentication-mode

Function

The dhcpv6 relay database authentication-mode command configures the integrity authentication mode for a binding table file.

The undo dhcpv6 relay database authentication-mode command restores the integrity authentication mode of a binding table file to check.

By default, the file integrity authentication mode is check.

Format

dhcpv6 relay database authentication-mode { check | no-check | force-check }

undo dhcpv6 relay database authentication-mode [ check | no-check | force-check ]

Parameters

Parameter Description Value
check

Indicates that the authentication mode is check. If the file is an old version file that does not carry the file integrity authentication code, the data is directly restored. If the file is a new version file that carries the file integrity authentication code, the file integrity authentication is performed before the data is restored.

-
no-check

Indicates that the file integrity authentication is not performed and data is directly restored.

-
force-check

Indicates that the authentication mode is force-check. If the file is an old version file that does not carry the file integrity authentication code, the data is not restored. If the file is a new version file that carries the file integrity authentication code, the file integrity authentication is performed before the data is restored.

-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

To prevent data loss caused by device faults, you can enable automatic backup of prefix routing information so that the system can generate backup files. To prevent the backup file from being tampered with, an encrypted file integrity check code is added to the backup file. After the device restarts and before the system restores prefix routing information from the backup file, the system decrypts the file integrity authentication code and verifies the file integrity based on the decrypted file integrity authentication code. If the verification is successful, the data is restored. If the verification fails, the data is discarded and a log is recorded.

  • If you need to manually modify the backup file content, run the dhcpv6 relay database authentication-mode no-check command to set the file integrity authentication mode to no-check before the restart.
  • The root keys for decrypting and encrypting the file integrity check code must be the same. If the root keys are different, the decryption fails. The root keys of different devices are different. If you need to use the backup files generated on other devices to restore data, run the dhcpv6 relay database authentication-mode no-check command to set the file integrity authentication mode to no-check before the restart.
  • To be compatible with earlier versions, a device can be restarted to restore data of a historical version file that does not carry the file integrity authentication code. To prevent data tampering based on historical version files, you can run the dhcpv6 relay database authentication-mode force-check command to set the file integrity authentication mode to force-check before the restart.

Precautions

  • After the dhcp relay database authentication-mode force-check command is run, historical version files that do not carry the file integrity authentication code cannot be restored. Therefore, exercise caution when running this command.
  • If the backup prefix routing information file fails to be verified, the file is renamed "original file name.fail" and saved.

Example

# Set the file integrity authentication mode to no-check.
<HUAWEI> system-view
[~HUAWEI] dhcpv6 relay database authentication-mode no-check
Parent Topic: DHCPv6 Relay Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >