4000 Router Series Layer 3 - IP Routing Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

101

102

103

104

105

106

107

108

109

110

undo authentication-mode

Default

No authentication is performed for an area.

Views

OSPF area view

Predefined user roles

network-admin

Parameters

hmac-md5: Specifies the HMAC-MD5 authentication mode.

md5: Specifies the MD5 authentication mode.

simple: Specifies the simple authentication mode.

key-id: Specifies a key by its ID in the range of 0 to 255.

cipher: Sets a ciphertext key.

plain: Sets a plaintext key.

password: Specifies a password. In simple authentication mode, a plaintext password is a case-sensitive

string of 1 to 8 characters, and a ciphertext password is a case-sensitive string of 33 to 41 characters. In

MD5/HMAC-MD5 authentication mode, a plaintext password is a case-sensitive string of 1 to 16

characters, and a ciphertext password is a case-sensitive string of 33 to 53 characters.

Usage guidelines

Routers that reside in the same area must have the same authentication mode and password.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

You can specify either MD5/HMAC-MD5 authentication or simple authentication for an OSPF area. For

MD5/HMAC-MD5 authentication, you can configure multiple keys by executing this command multiple

times, and each command must have a unique key ID and key string.

To modify the key of an OSPF area, perform the following key rollover configurations:

1. Configure a new MD5 authentication key for the area on the local device. If the new key is not

configured on neighbor devices, MD5 authentication key rollover is triggered. During key rollover,

OSPF sends multiple packets that contain both the new and old MD5 authentication keys to make

sure all neighbor devices can pass the authentication.

2. Configure the new MD5 authentication key on all neighbor devices. When the local device

receives packets with the new key from all neighbor devices, it exits MD5 key rollover.

3. Delete the old MD5 authentication key from the local device and all its neighbors. This operation

helps prevent attacks from devices that use the old key for communication and reduces system

resources and bandwidth consumption caused by key rollover.

Examples

# Configure OSPF Area 0 to use the MD5 authentication mode, and set the key ID to 15 and plaintext

authentication password to abc.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] area 0

[Sysname-ospf-100-area-0.0.0.0] authentication-mode md5 15 plain abc