The authentication-mode command configures an authentication mode and key for a BFD session.
The undo authentication-mode command deletes the authentication mode and key configured for a BFD session.
By default, no authentication mode and key are configured for a BFD session.
| Parameter | Description | Value |
|---|---|---|
| key-id key-id |
Specifies an authentication key ID. |
The value is an integer ranging from 1 to 255. |
| cipher cipher-text |
Specifies a ciphertext key type. |
The value is a string of characters.
The characters exclude question marks (?) and spaces. However, if a password string is between a pair of quotation marks, the string can contain spaces. |
| nego-packet |
Authenticates BFD negotiation packets. |
- |
| timeout-interval interval-value |
Specifies a negotiation timeout period. |
The value is an integer. The value is a string of 1 to 10000 characters, in seconds. |
| met-sha1 |
Specifies the SHA1 algorithm. |
- |
Usage Scenario
On a network demanding higher security, run the authentication-mode command to configure BFD session authentication information. In a specific access scenario, for example, when a multicast BFD session is associated with the protocol status of an interface, you need to configure authentication information for the BFD session on the interface. BFD negotiation can succeed, the BFD-associated protocol status of the interface can be activated, and users can access the device through this interface only when the BFD session authentication information on both ends is consistent.
Prerequisites
Precautions
If you run the authentication-mode command to configure BFD session authentication information, BFD renegotiation will be performed. BFD renegotiation can succeed only when the BFD session authentication information on both ends is consistent.