authentication-mode (OSPFv3)
Function
The authentication-mode command configures an authentication mode and a password for an OSPFv3 process or area.
The undo authentication-mode command deletes the authentication mode and password configured for an OSPFv3 process or area.
By default, no authentication mode or password is configured for any OSPFv3.
By default, authentication is not configured for OSPFv3 process or area. Configuring authentication is recommended to ensure system security.
Format
authentication-mode { hmac-sha256 key-id key-id { plain explicit-text | [ cipher ] cipher-text } | keychain keychain-name }
undo authentication-mode { hmac-sha256 key-id key-id | keychain }
Parameters
| Parameter | Description | Value |
|---|---|---|
hmac-sha256 |
Configures HMAC-SHA256 authentication. NOTE:
HAMC-SHA256 authentication mode is better and more secure than other authentication modes. To ensure high security, HAMC-SHA256 authentication algorithm is recommended. |
N/A |
key-id key-id |
Specifies the key ID for authentication, which must be the same as the one configured at the other end. |
The value is an integer ranging from 1 to 255. |
plain |
Configures the simple password type. Only a simple password can be entered, and the password is displayed in explicittext in the configuration file. NOTE:
When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in explicittext if you select plain mode, which has a high risk. To ensure device security, change the password periodically. |
N/A |
explicit-text |
Specifies an explicittext password. |
The value is a string of 1 to 255 characters. |
cipher |
Configures the ciphertext password type. You can enter either an explicittext or ciphertext password, but the password is displayed in ciphertext in the configuration file. |
N/A |
cipher-text |
Specifies a ciphertext password. |
The value can be a string of 1 to 255 characters for explicittext passwords and 20 to 392 characters for ciphertext passwords. |
keychain |
Configures keychain authentication. |
N/A |
keychain-name |
Specifies a keychain name. |
The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string. |
Usage Guidelines
Usage Scenario
Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 process or area to improve OSPFv3 network security, run the authentication-mode command.
Precautions
If you use area authentication, the authentication and password configurations on the interfaces of all the routers in the area must be the same.
OSPFv3 area authentication has a lower priority than OSPFv3 interface authentication.
To configure OSPFv3 interface authentication, run the ospfv3 authentication-mode command.
Example
# Configure HMAC-SHA256 authentication for OSPFv3 process 100.
<sysname> system-view
[sysname] ospfv3 100
[sysname-ospfv3-100] authentication-mode hmac-sha256 key-id 10 cipher Admin-123
# Configure HMAC-SHA256 authentication for OSPFv3 area 0.
<sysname> system-view
[sysname] ospfv3 100
[sysname-ospfv3-100] area 0
[sysname-ospfv3-100-area-0.0.0.0] authentication-mode hmac-sha256 key-id 10 cipher Admin-123