Configuring the Authentication Mode

OSPF supports packet authentication. Only the packets that pass the authentication can be received. If packets fail to pass the authentication, the neighbor relationship cannot be established.

Context

In area authentication, all the routers in an area must use the same area authentication mode and password. For example, the authentication mode of all devices in Area 0 is simple authentication and the password is abc.

The interface authentication mode is used among neighbor routers to set the authentication mode and password. Its priority is higher than that of the area authentication mode.

By default, authentication is not configured for OSPF area or interface. Configuring area authentication is recommended to ensure system security.

Procedure

Configure the area authentication mode.
1. Access the system view.
```
system-view
```
2. Access the OSPF process view.
```
ospf [ process-id ]
```
3. Access the OSPF area view.
```
area area-id
```
4. Run one of the following commands to configure the authentication mode of the OSPF area as required:
  - Configure simple authentication for the OSPF area.
```
authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
```
  - Configure MD5, HMAC-MD5 or HMAC-SHA256 authentication for the OSPF area.
```
authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
```
    All the routers in an area must agree on the same area authentication mode and password. For example, the authentication mode of all routers in area 0 is simple authentication, and the password is abc.
  - Configure Keychain authentication for the OSPF area.
```
authentication-mode keychain keychain-name
```
    Before using the Keychain authentication, you must run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail.
Configure the interface authentication mode.
1. Access the system view.
```
system-view
```
2. Access the interface view.
```
interface interface-type interface-number
```
3. Run one of the following commands to configure the interface authentication mode as required:
  - Configure simple authentication for the OSPF interface.
```
ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
```
  - Configure MD5, HMAC-MD5 or HMAC-SHA256 authentication for the OSPF interface.
```
ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
```
  - Configure non-authentication for the OSPF interface.
```
ospf authentication-mode null
```
  - Configure Keychain authentication for the OSPF interface.
```
ospf authentication-mode keychain keychain-name
```
    Before using the Keychain authentication, you must run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail.
  The authentication mode and password of interfaces in the same network segment must be consistent except the Keychain authentication mode. If the interfaces are in different network segments, the authentication mode and password of the interfaces can be different.