The dcn ospf authentication-mode command sets the authentication mode and key on a DCN interface of OSPF neighbors.
The dcn ospf authentication-mode null command sets the null authentication mode on a DCN interface.
The undo dcn ospf authentication-mode command deletes the authentication mode configured on a DCN interface.
By default, a DCN interface does not authenticate OSPF packets.
| Parameter | Description | Value |
|---|---|---|
| plain plain-text |
Sets the simple text password type. If this parameter is specified, the device allows you to set only a simple text password, and the password is displayed in simple text mode in the configuration file.
|
- |
| plain-text | Specifies a simple text password. |
|
| cipher | Sets the ciphertext password type. |
- |
| cipher-text | Specifies a ciphertext password. |
Ciphertext passwords with various lengths configured in an earlier version are also supported in the existing version. |
| cipher-text | Specifies a ciphertext password. |
- |
| md5 | Sets the message digest algorithm 5 (MD5) authentication mode. To ensure high security, do not use the MD5 authentication mode. |
- |
| hmac-md5 | Sets the Hashed message authentication code-MD5 (HMAC-MD5) authentication mode. To ensure high security, do not use the HMAC-MD5 authentication mode. |
- |
| hmac-sha256 | Sets the HMAC-secure hash algorithm 256 (HMAC-SHA256) authentication mode. HAMC-SHA256 authentication mode is better and more secure than other authentication modes. To ensure high security, HAMC-SHA256 authentication algorithm is recommended. |
- |
| key-id | Specifies the key ID in MD5, HMAC-MD5, or HMAC-SHA256 authentication mode. The key ID must be the same as the key ID on the peer device. |
The value is an integer ranging from 1 to 255. |
| null | Sets the null authentication mode. |
- |
| simple | Enables the simple authentication mode. |
- |
Usage Scenario
On a network demanding higher security, run the dcn ospf authentication-mode command to configure OSPF authentication modes on a DCN Serial interface or sub-interfaces 4094 of OSPF neighbors .
Prerequisites
The DCN feature has been enabled using the dcn command on an interface, or DCN communication through sub-interfaces 4094 has been enabled using the dcn mode vlan command in the GE interface view.
Precautions
The Router interfaces on the same network segment must use the same authentication mode and key.
Interface-based authentication has a higher priority than area-based authentication. OSPF does not support the configuration of a null interface. By default, area-based authentication is not configured for OSPF. Configuring interface-based authentication is recommended to ensure system security.In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] sysname HUAWEI1 [*HUAWEI] commit [~HUAWEI] dcn Warning: This operation will enable DCN function. Continue? [Y/N]:y [*HUAWEI-dcn] quit [*HUAWEI] interface GigabitEthernet 0/1/0 [*HUAWEI-GigabitEthernet0/1/0] dcn [*HUAWEI-GigabitEthernet0/1/0] dcn ospf authentication-mode hmac-sha256 1 cipher 321cba <HUAWEI> system-view [~HUAWEI] sysname HUAWEI2 [*HUAWEI] commit [~HUAWEI] dcn Warning: This operation will enable DCN function. Continue? [Y/N]:y [*HUAWEI-dcn] quit [*HUAWEI] interface GigabitEthernet 0/1/8 [*HUAWEI-GigabitEthernet0/1/8] dcn [*HUAWEI-GigabitEthernet0/1/8] dcn ospf authentication-mode hmac-sha256 1 cipher 321cba