The ospfv3 authentication-mode command configures an authentication mode and a password for an OSPFv3 interface.
The undo ospfv3 authentication-mode command deletes the authentication mode and password configured for an OSPFv3 interface.
By default, no authentication mode or password is configured for any OSPFv3 interface.
| Parameter | Description | Value |
|---|---|---|
| hmac-sha256 |
Configures the HMAC-SHA256 authentication mode. |
- |
| hmac-sm3 |
Sets the HMAC-SM3 authentication mode. |
- |
| key-id KeyId |
Specifies a key ID for authentication, which must be the same as the one configured at the other end. |
The value is an integer ranging from 1 to 65535. |
| plain plainText |
Specifies simple authentication. You can only type in simple passwords, and the passwords are displayed in simple mode in the configuration file.
|
The value is a string of 1 to 255 characters. A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password. |
| cipher cipherText |
Configures the ciphertext mode. You can enter either a simple or ciphertext, but the password is displayed in ciphertext in the configuration file. |
The value can be a string of 1 to 255 characters for a simple password and 20 to 432 characters for a ciphertext password. A password cannot contain a question mark (?), but can contain spaces if surrounded by double quotation marks (""). In this case, the double quotation marks are part of the password. |
| instance instanceId |
Specifies the ID of the instance to which an interface belongs. |
The value is an integer ranging from 0 to 255. The default value is 0. |
100GE interface view, 10GE interface view, 25GE sub-interface view, 25GE interface view, 400GE interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE electrical interface view, Global VE sub-interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view
Usage Scenario
Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 interface to improve OSPFv3 network security, run the ospfv3 authentication-mode command.
Precautions
OSPFv3 interface authentication takes precedence over OSPFv3 area authentication. If both interface authentication and area authentication are configured, the authentication succeeds as long as the interface authentication succeeds. If authentication is configured on an interface, OSPFv3 neighbor relationships can be established on the interface as long as interface authentication succeeds, regardless of the area authentication configuration or whether area authentication is configured.
To configure OSPFv3 area authentication, run the authentication-mode command.<HUAWEI> system-view [~HUAWEI] ospfv3 1 [*HUAWEI-ospfv3-1] quit [*HUAWEI] interface GigabitEthernet 0/1/0 [*HUAWEI-GigabitEthernet0/1/0] ipv6 enable [*HUAWEI-GigabitEthernet0/1/0] ospfv3 1 area 0 [*HUAWEI-GigabitEthernet0/1/0] ospfv3 authentication-mode hmac-sha256 key-id 10 cipher Huawei-13579