authentication-mode (OSPFv3 area view)

Function

The authentication-mode command configures an authentication mode and a password for an OSPFv3 area.

The undo authentication-mode command deletes the authentication mode and password configured for an OSPFv3 area.

By default, authentication is not configured for an OSPFv3 area. Configuring authentication is recommended to ensure system security.

Format

authentication-mode { hmac-sha256 | hmac-sm3 } key-id KeyId { plain PlainText | [ cipher ] CipherText }

undo authentication-mode { hmac-sha256 | hmac-sm3 } key-id KeyId

Parameters

Parameter Description Value
hmac-sha256

Configures HMAC-SHA256 authentication.

-
hmac-sm3

Sets the HMAC-SM3 authentication mode.

-
key-id KeyId

Specifies a key ID for authentication, which must be the same as the one configured at the other end.

The value is an integer ranging from 1 to 65535.
plain PlainText

Specifies simple authentication. You can only type in simple passwords, and the passwords are displayed in simple mode in the configuration file.

  • The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.
  • For security purposes, you are advised to configure a password in ciphertext mode. To further improve device security, periodically change the password.

The value is a string of 1 to 255 characters.

A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password.
cipher CipherText

Specifies the cipher authentication. You can type in simple or ciphertext passwords, and the passwords are displayed in ciphertext in the configuration file.

The value can be a string of 1 to 255 characters for a simple password and 20 to 432 characters for a ciphertext password.

A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password.

Views

OSPFv3 area view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ospf write

Usage Guidelines

Usage Scenario

Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 process or area to improve OSPFv3 network security, run the authentication-mode command.

Precautions

If you use area authentication, the authentication and password configurations on the interfaces of all the routers in the area must be the same.

OSPFv3 area authentication has a lower priority than OSPFv3 interface authentication.

To configure OSPFv3 interface authentication, run the ospfv3 authentication-mode command.

Example

# Configure HMAC-SHA256 authentication for OSPFv3 area 0.
<HUAWEI> system-view
[~HUAWEI] ospfv3 100
[*HUAWEI-ospfv3-100] area 0
[*HUAWEI-ospfv3-100-area-0.0.0.0] authentication-mode hmac-sha256 key-id 10 cipher Huawei-13579
Parent Topic: OSPFv3 Configuration Command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >