No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R010C00

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, OSPFv3, IS-IS(IPv4), IS-IS(IPv6), BGP, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Authentication Mode

Configuring an Authentication Mode

Context

OSPFv3 supports keychain and HMAC-SHA256 authentication modes. The following procedure uses keychain authentication as an example.

Before you configure keychain authentication, run the keychain command to configure a keychain, the key-id command to configure a key ID, the key-string command to configure a password, and the algorithm command to configure an algorithm. If these commands are not run, OSPFv3 authentication will fail.

If plain is selected during the authentication mode configuration, the password is saved in the configuration file in plain text. This is a security risk. It is recommended that you select cipher to save the password in cipher text.

Procedure

  • Configure OSPFv3 area authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run:

      area area-id

      The OSPFv3 area view is displayed.

    4. Run:

      authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name }

      OSPFv3 area authentication is configured.

      NOTE:

      If you use OSPFv3 area authentication, the authentication and password configurations on all switch in the same area must be the same.

  • Configure OSPFv3 process authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run:

      authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name }

      OSPFv3 process authentication is configured.

  • Configure OSPFv3 interface authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. (Optional) On an Ethernet interface, run undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

    4. Run:

      ospfv3 authentication-mode { hmac-sha256 key-id key-id { plain plain-text | [ cipher ] cipher-text } | keychain keychain-name } [ instance instance-id ]

      OSPFv3 interface authentication is configured.

      NOTE:

      OSPFv3 interface authentication takes precedence over OSPFv3 area authentication.

      If you use HMAC-SHA256 authentication, the authentication and password configurations on all the interfaces on the same network segment must be the same.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141900

Views: 191300

Downloads: 194

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next