Configuring an Authentication Mode
Open Shortest Path First version 3 (OSPFv3) supports packet authentication, enabling routers to receive only the OSPFv3 packets that are authenticated. If packets fail to be authenticated, OSPFv3 neighbor relationships cannot be established. This section describes how to configure an authentication mode.
Context
OSPFv3 supports keychain and HMAC-SHA256 authentications. The following procedure uses keychain authentication as an example.
Before you configure keychain authentication, run the keychain command to configure a keychain, the key-id command to configure a key ID, the key-string command to configure a password, and the algorithm command to configure an algorithm. If these commands are not run, OSPFv3 authentication fails.
By default, authentication is not configured for OSPF process, area or interface. Configuring authentication is recommended to ensure system security.
Procedure
- Configure OSPFv3 area authentication.
- Configure OSPFv3 area authentication.
authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name }
If you use OSPFv3 area authentication, the authentication and password configurations on all routers in the same area must be the same.
- Configure OSPFv3 area authentication.
- Configure OSPFv3 process authentication.
- Configure OSPFv3 interface authentication.
- Configure OSPFv3 interface authentication.
ospfv3 authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name } [ instance instance-id ]
OSPFv3 interface authentication takes precedence over OSPFv3 area authentication.
If you use HMAC-SHA256 authentication, the authentication and password configurations on all the interfaces on the same network segment must be the same.
- Configure OSPFv3 interface authentication.