Manualshelf

R3303-HP HSR6800 Routers Layer 3 - IP Routing Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
919293949596979899100
82
Configuring OSPF authentication
Configure OSPF packet authentication to ensure the security of packet exchange.
After authentication is configured, OSPF only receives packets that pass authentication. Failed packets
cannot establish neighboring relationships.
You must configure the same authentication mode and password on all routers on the same network
segment.
If you configure OSPF authentication for both an area and an interface in that area, the interface uses the
OSPF authentication configured on it.
To modify the key of an OSPF area or interface, perform the following key rollover configurations:
1. Configure a new MD5/HMAC-MD5 authentication key on the local device. If the new key is not
configured on neighbor devices, MD5/HMAC-MD5 authentication key rollover is triggered.
During key rollover, OSPF sends multiple packets that contain both the new and old
MD5/HMAC-MD5 authentication keys to make sure all neighbor devices can pass the
authentication.
2. Configure the new MD5/HMAC-MD5 authentication key on all neighbor devices. When the local
device receives packets with the new key from all neighbor devices, it exits MD5 key rollover.
3. Delete the old MD5/HMAC-MD5 authentication key from the local device and all its neighbors.
This operation helps prevent attacks from devices that use the old key for communication and
reduces system resources and bandwidth consumption caused by key rollover.
Configuring OSPF area authentication
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPF view.
ospf [ process-id | router-id router-id |
vpn-instance vpn-instance-name ] *
N/A
3. Enter area view.
area area-id N/A
4. Configure area authentication
mode.
Configure MD5 authentication:
authentication-mode simple [ cipher |
plain ] password
Configure simple authentication:
ospf authentication-mode { hmac-md5 |
md5 } key-id [ cipher | plain ] password
Use either method.
By default, no
authenticatio
n is
configured.
Configuring OSPF interface authentication
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A