Configuring the Interface Authentication Mode
Context
Interface authentication, using an authentication mode and a password, is performed among neighboring switches. The priority of interface authentication is higher than that of area authentication.
If plain is selected in the interface authentication configuration, the password is stored in plain text in the configuration file, which brings security risks. It is recommended that you select cipher to store the password in cipher text.
Simple authentication, MD5 authentication, and HMAC-MD5 cipher text authentication have potential security risks. HMAC-SHA256 cipher text authentication is recommended.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The OSPF interface view is displayed.
- On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
The mode switching function takes effect when the interface only has attribute configurations (for example, shutdown and description configurations). Alternatively, if configuration information supported by both Layer 2 and Layer 3 interfaces exists (for example, mode lacp and lacp system-id configurations), no configuration that is not supported after the working mode of the interface is switched can exist. If unsupported configurations exist on the interface, delete the configurations first and then run the undo portswitch command.
If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.
- Run any of the following commands to configure an interface authentication mode as required:
-
Run ospf authentication-mode simple [ plain plain-text | [ cipher ] cipher-text ]
Simple authentication is configured for the OSPF interface.
- simple: indicates simple authentication.
- plain: indicates that the password is stored in plain text. In simple authentication, the password is stored in plain text by default.
- cipher: indicates that the password is stored in cipher text. In MD5 or HMAC-MD5 authentication, the password is stored in cipher text by default.
-
Run ospf authentication-mode { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ]
The specified authentication mode is configured for the OSPF interface.
-
md5: indicates the MD5 cipher text authentication mode.
- hmac-md5: indicates the HMAC-MD5 cipher text authentication mode.
- hmac-sha256: indicates the HMAC-SHA256 cipher text authentication mode.
-
-
Run ospf authentication-mode null
No authentication is performed on the OSPF interface.
-
Run ospf authentication-mode keychain keychain-name
Keychain authentication is configured for the OSPF interface.
Before using keychain authentication, you need to configure keychain information in the system view. To establish an OSPF neighbor relationship, you need to ensure that key-id, algorithm, and key-string in the local ActiveSendKey are the same as those in the remote ActiveRecvKey.
-
- Run commit
The configuration is committed.
