The authentication-mode command configures an authentication mode and a password for an OSPF area.
The undo authentication-mode command cancels the configuration.
By default, authentication is not configured for an OSPF area. Configuring authentication is recommended to ensure system security.
| Parameter | Description | Value |
|---|---|---|
| plain |
Indicates simple-text authentication. You can only type in simple-text passwords, and the passwords are displayed in simple text in the configuration file. When configuring an authentication password, select the ciphertext mode. If you select the simple text mode, the password is saved as a simple text in the configuration file, which has a high risk. To ensure device security, change the password periodically. |
By default, cipher takes effect for simple authentication. |
| SPlainText |
Specifies a simple text password. |
The value is a string of 1 to 8 characters when simple is configured, and is a string of 1 to 255 characters when md5, hmac-md5, or hmac-sha256 is configured. A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password. |
| cipher |
Indicates cipher authentication. You can type in simple-text or ciphertext passwords, and the passwords are displayed in ciphertext in the configuration file. |
By default, cipher takes effect for MD5, HMAC-MD5, or HMAC-SHA256 authentication. |
| SCipherText |
Specifies a ciphertext password. |
A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password. |
| simple |
Indicates simple authentication. By default, the simple authentication mode is cipher.
|
- |
| md5 |
Indicates MD5 authentication. For the sake of security, using the HMAC-SHA256 algorithm rather than the MD5 algorithm is recommended. |
- |
| hmac-md5 |
Indicates HMAC-MD5 authentication. For the sake of security, using the HMAC-SHA256 algorithm rather than the HMAC-MD5 algorithm is recommended. |
- |
| hmac-sha256 |
Indicates HMAC-SHA256 authentication. |
- |
| KeyID |
Specifies an authentication key ID of the cipher authentication of the interface. The key ID must be consistent with that of the peer. |
The value is an integer ranging from 1 to 255. |
| keychain |
Indicates the keychain authentication. Before configuring this parameter, run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail. Currently, only the SM3, HMAC-MD5 and HMAC-SHA256 algorithms can be used for OSPF. If the dependent keychain is deleted, the neighbor relationship may be interrupted. Therefore, exercise caution when deleting the keychain. |
- |
| Keychain-Name |
Specifies the keychain name. |
The value is a string of 1 to 47 case-insensitive characters. A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password. |
Usage Scenario
OSPF authentication can be configured to improve network security and meet high security demands. When area authentication is used, interfaces on all devices in an area must have the same area authentication mode and the password.
Precautions
Area authentication has a lower priority than interface identification. The ospf authentication-mode command can be used to change the priority of interface authentication.