No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R013C00

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, IP Routing Table Management, and PBR.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Interface Authentication Mode

Configuring an Interface Authentication Mode

Context

Interface authentication, using an authentication mode and a password, is performed among neighboring switches. The priority of interface authentication is higher than that of area authentication.

If plain is selected in the interface authentication configuration, the password is stored in plaintext in the configuration file. For security purposes, you are advised to select cipher to store the password in ciphertext.

Simple authentication, MD5 authentication, and HMAC-MD5 ciphertext authentication have potential security risks. HMAC-SHA256 ciphertext authentication is recommended.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The OSPF interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

  4. Run any of the following commands to configure an authentication mode or null authentication on an interface as required:

    • Run ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]

      Simple authentication is configured for the OSPF interface.

      • simple: indicates that simple authentication is used.
      • plain: indicates that the password is stored in plaintext.
      • cipher: indicates that the password is stored in ciphertext. For MD5 authentication or HMAC-MD5 authentication, the password is stored in ciphertext by default.
    • Run ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]

      An authentication mode is configured for the OSPF interface.

      • md5: indicates that MD5 ciphertext authentication is used.

      • hmac-md5: indicates that HMAC-MD5 ciphertext authentication is used.
      • hmac-sha256: indicates that HMAC-SHA256 ciphertext authentication is used.
    • Run ospf authentication-mode null

      Null authentication is configured on the OSPF interface.

    • Run ospf authentication-mode keychain keychain-name

      Keychain authentication is configured for the OSPF interface.

      NOTE:

      Before using Keychain authentication, you need to configure Keychain information in the system view. To enable switches to successfully establish an OSPF neighbor relationship, ensure that key-id, algorithm, and key-string in the local ActiveSendKey are the same as those in the remote ActiveRecvKey.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065744

Views: 66020

Downloads: 50

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next