No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S1720, S2700, S5700, and S6720 V200R011C10

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, OSPFv3, IS-IS(IPv4), IS-IS(IPv6), BGP, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Interface Authentication Mode

Configuring an Interface Authentication Mode

Context

Interface authentication is used among neighbor switches by setting an authentication mode and a password. The priority of interface authentication is higher than that of area authentication.

If plain is selected, the password is saved in plaintext in the configuration file. To improve security, select cipher to save the password in ciphertext.

Simple, MD5 authentication, and HMAC-MD5 cipher text authentication have potential security risks. HMAC-SHA256 ciphertext authentication is recommended.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The OSPF interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.
    NOTE:

    Only the S5720HI, S5720EI, S6720EI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.

  4. Run any of the following commands to configure an interface authentication mode as required:

    • Run ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]

      Simple authentication is configured for the OSPF interface.

      • simple indicates that simple authentication is used.
      • plain that the password is saved in plaintext.
      • cipher indicates that the password is saved in ciphertext. For MD5 or HMAC-MD5 authentication, the authentication mode is in ciphertext by default.
    • Run ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]

      An authentication mode is configured for the OSPF interface.

      • md5 indicates that the MD5 ciphertext authentication mode is used.

      • hmac-md5 indicates that the HMAC-MD5 ciphertext authentication mode is used.
      • hmac-sha256 indicates that the HMAC-SHA256 ciphertext authentication mode is used.
    • Run ospf authentication-mode null

      The OSPF interface is not authenticated.

    • Run ospf authentication-mode keychain keychain-name

      Keychain authentication is configured for the OSPF interface.

      NOTE:

      Before using Keychain authentication, configure Keychain information in the system view. To successfully establish an OSPF neighbor relationship, ensure that the key-id, algorithm, and key-string of the local ActiveSendKey are the same as those of the remote ActiveRecvKey.

      Only the S5720EI, S5720HI, S6720S-EI, and S6720EI support keychain keychain-name.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178171

Views: 315027

Downloads: 1110

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next