ospfv3 authentication-mode
Function
The ospfv3 authentication-mode command configures an authentication mode and a password for an OSPFv3 interface.
The undo ospfv3 authentication-mode command deletes the authentication mode and password configured for an OSPFv3 interface.
By default, no authentication mode or password are configured for any OSPFv3 interface.
By default, authentication is not configured for OSPFv3 interface. Configuring authentication is recommended to ensure system security.
Format
ospfv3 authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name } [ instance instance-id ]
undo ospfv3 authentication-mode { hmac-sha256 key-id key-id [ plain plain-text | cipher cipher-text ] | keychain keychain-name } [ instance instance-id ]
Parameters
| Parameter | Description | Value |
|---|---|---|
hmac-sha256 |
Configures the HMAC-SHA256 authentication mode. NOTE:
HAMC-SHA256 authentication mode is better and more secure than other authentication modes. To ensure high security, HAMC-SHA256 authentication algorithm is recommended. |
N/A |
key-id key-id |
Specifies the key ID for authentication, which must be the same as the one configured at the other end. |
The value is an integer ranging from 1 to 65535. |
plain |
Configures the simple password type. Only a simple password can be entered, and the password is displayed in simple text in the configuration file. NOTE:
When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simple text if you select simple text mode, which has a high risk. To ensure device security, change the password periodically. |
N/A |
plain-text |
Specifies a simple password. |
The value is a string of 1 to 255 characters. |
cipher |
Configures the ciphertext password type. You can enter either a password in simple text mode or ciphertext mode, but the password is displayed in ciphertext in the configuration file. |
N/A |
cipher-text |
Specifies a ciphertext password. |
The value can be a string of 1 to 255 characters for simple passwords and 20 to 392 characters for ciphertext passwords. |
keychain |
Configures keychain authentication. |
N/A |
keychain-name |
Specifies a keychain name. |
The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string. |
instance instance-id |
Specifies the instance ID of the interface. |
The value ranges from 0 to 255, with default value 0. |
Views
Ethernet interface view, Ethernet sub-interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view, Tunnel interface view, Dialer interface view, VLANIF interface view
Usage Guidelines
Usage Scenario
Due to inherent defects and flawed implementation of the TCP/IP protocol suite, there are an increasing number of attacks, which poses greater threats on TCP/IP networks than ever before. The attacks on network devices may lead to network failures. To configure an authentication mode and a password for an OSPFv3 interface to improve OSPFv3 network security, run the ospfv3 authentication-mode command.
Precautions
OSPFv3 interface authentication takes precedence over OSPFv3 area authentication.
To configure OSPFv3 area authentication, run the authentication-mode command.