4000 Router Series Layer 3 - IP Routing Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

161

162

163

164

165

166

167

168

169

170

156

Syntax

For MD5/HMAC-MD5 authentication:

ospf authentication-mode { hmac-md5 | md5 } key-id { cipher cipher-string | plain plain-string }

undo ospf authentication-mode { hmac-md5 | md5 } key-id

For simple authentication:

ospf authentication-mode simple { cipher cipher-string | plain plain-string }

undo ospf authentication-mode simple

Default

No authentication is performed.

Views

Interface view

Predefined user roles

network-admin

Parameters

hmac-md5: Specifies HMAC-MD5 authentication.

md5: Specifies MD5 authentication.

simple: Specifies simple authentication.

key-id: Specifies a key by its ID in the range of 1 to 255.

cipher: Sets a ciphertext key.

cipher-string: Specifies a ciphertext key. This argument is case sensitive. If simple is specified, the key must

be a string of 33 to 41 characters. If md5 or hmac-md5 is specified, the key must be a string of 33 to 53

characters.

plain: Sets a plaintext key.

plain-string: Specifies a plaintext key. This argument is case sensitive. If simple is specified, the key must

be a string of 1 to 8 characters. If md5 or hmac-md5 is specified, the key must be a string of 1 to 16

characters.

Usage guidelines

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

The interfaces attached to the same network segment must have the same key. You can specify either

MD5/HMAC-MD5 authentication or simple authentication for an OSPF interface. For

MD5/HMAC-MD5 authentication, you can configure multiple keys by executing this command multiple

times, and each command must have a unique key ID and key string.

To modify the key of an OSPF interface, perform the following key rollover configurations:

1. Configure a new MD5 authentication key for the interface. If the new key is not configured on

neighbor devices, MD5 authentication key rollover is triggered. During key rollover, OSPF sends

multiple packets that contain both the new and old MD5 authentication keys to make sure all

neighbor devices can pass the authentication.

2. Configure the new MD5 authentication key on all neighbor devices. When the local device

receives packets with the new key from all neighbor devices, it exits MD5 key rollover.