Configuring OSPFv3 Area Authentication

OSPFv3 supports packet authentication, with which devices accept only the OSPFv3 packets that are authenticated. If OSPFv3 packets fail to be authenticated, OSPFv3 neighbor relationships cannot be established. Configuring OSPFv3 area authentication improves OSPFv3 network security.

Context

With the increase in attacks on TCP/IP networks and inherent defects and flawed implementation of the TCP/IP protocol suite, the attacks have increasing impacts on the networks. Attacks on network devices may even cause a network crash or lead to network unavailability. Configuring OSPFv3 area authentication improves OSPFv3 network security. If area authentication is used, the authentication mode and password configurations on all the interfaces in the area must be identical.

By default, no authentication mode is configured for an OSPFv3 area. For security purposes, you are advised to configure an authentication mode.

OSPFv3 authentication takes effect in descending order of priority as follows: interface authentication, area authentication, and process authentication.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ospfv3 [ process-id ]

    The OSPFv3 view is displayed.

  3. Run area area-id

    The OSPFv3 area view is displayed.

  4. Configure an authentication mode for the OSPFv3 area as required.

    • To configure the HMAC-SHA256 or HMAC-SM3 authentication mode for the OSPFv3 area, run the authentication-mode { hmac-sha256 | hmac-sm3 } key-id KeyId { plain PlainText | [ cipher ] CipherText } command.

      If you choose plain, the password will be saved as a cleartext in the configuration file, which provokes high security risks. To improve system security, choose ciphertext authentication and change the password periodically.

  5. Run commit

    The configuration is committed.

Parent Topic: Configuring OSPFv3 Authentication
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >