authentication-mode (OSPF)
Function
The authentication-mode command configures the authentication mode and the password for an OSPF area.
The undo authentication-mode command cancels the configuration.
By default, no authentication mode or password is configured for OSPF.
Format
authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
authentication-mode keychain keychain-name
undo authentication-mode
Parameters
| Parameter | Description | Value |
|---|---|---|
simple |
Indicates the simple authentication. By default, the simple authentication mode is plain. |
- |
plain |
Indicates the plain authentication. You can only type in the simple text, and it displays as simple text when the configuration file is viewed. NOTE:
When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simple text if you select simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
plain-text |
Specifies the simple-text password. |
|
cipher |
Indicates the cipher authentication. You can type in the simple text or the ciphertext, and it is displayed as the ciphertext when the configuration file is viewed. |
- |
cipher-text |
Specifies the ciphertext password. |
|
md5 |
Indicates the MD5 authentication. |
- |
hmac-md5 |
Indicates the HMAC-MD5 authentication. |
- |
hmac-sha256 |
Indicates the HMAC-SHA256 authentication. NOTE:
HAMC-SHA256 authentication mode is better and more secure than other authentication modes. To ensure high security, HAMC-SHA256 authentication algorithm is recommended. |
- |
key-id |
Specifies authentication key ID of the cipher authentication of the interface. The key ID must be consistent with that of the peer. |
The value is an integer ranging from 1 to 255. |
keychain |
Indicates the keychain authentication. NOTE:
Before configuring this parameter, you must run the keychain command to create a keychain. Then, run the key-id, key-string, and algorithm commands to configure a key ID, a password, and an authentication algorithm for this keychain. Otherwise, the OSPF authentication will fail. Currently, only the hmac-md5 algorithm can be used for OSPF. Currently, only the hmac-md5 and hmac-sha256 algorithms can be used for OSPF. |
- |
keychain-name |
Specifies the keychain name. |
It must be the name of an existing keychain. |
Spaces are not allowed in the password.
Usage Guidelines
Usage Scenario
By default, authentication is not configured for OSPF area. Configuring authentication is recommended to ensure system security.
OSPF authentication can be configured to improve network security to meet high security demands. When area authentication is used, interfaces on all devices in an area must have the same area authentication mode and the password.
Precautions
The priority of area authentication is lower than the priority of interface identification. The ospf authentication-mode command can be used to change the priority of interface authentication.