Configuring Interface Authentication

Interface authentication is used among neighboring routers to set the authentication mode and password. Interface authentication takes precedence over area authentication.

Context

By default, authentication is not configured for OSPF interface. Configuring authentication is recommended to ensure system security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The OSPF interface view is displayed.

  3. Run any of the following commands to configure interface authentication as required:

    • Run ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]

      Simple authentication is configured for the OSPF interface.

      • simple indicates simple authentication.
      • plain indicates the password in simple text. For simple authentication, ciphertext passwords are used by default.
      • cipher indicates the ciphertext password. For MD5, HMAC-MD5 or HMAC-SHA256 authentication, cipher-text passwords are used by default.

      When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simpletext if you select simpletext mode, which has a high risk. To ensure device security, change the password periodically.

    • Run ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]

      Cipher-text authentication is configured for the OSPF interface.

      • md5 indicates the MD5 cipher-text authentication mode.
      • hmac-md5 indicates the HMAC-MD5 cipher-text authentication mode.
      • hmac-sha256 indicates the HMAC-SHA256 cipher-text authentication mode.

      For the sake of security, using the HMAC-SHA256 algorithm rather than the MD5 and HMAC-MD5 algorithm is recommended.

    • Run ospf authentication-mode keychain keychain-name

      The Keychain authentication is configured for the OSPF interface.

      Before using the Keychain authentication, you must run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail.

    • Run ospf authentication-mode null

      The OSPF interface does not perform authentication.

  4. Run commit

    The configuration is committed.

Parent Topic: Improving OSPF Network Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >