R0106-HP MSR Router Series Layer 3 - IP Routing Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

162

undo ospf authentication-mode { hmac-md5 | md5 } key-id

For simple authentication:

ospf authentication-mode simple { cipher cipher-string | plain plain-string }

undo ospf authentication-mode simple

Default

No authentication is performed.

Views

Interface view

Predefined user roles

network-admin

Parameters

hmac-md5: Specifies HMAC-MD5 authentication.

md5: Specifies MD5 authentication.

simple: Specifies simple authentication.

key-id: Specifies a key by its ID in the range of 1 to 255.

cipher: Sets a ciphertext key.

cipher-string: Specifies a ciphertext key. This argument is case sensitive. If simple is specified, the key must

be a string of 33 to 41 characters. If md5 or hmac-md5 is specified, the key must be a string of 33 to 53

characters.

plain: Sets a plaintext key.

plain-string: Specifies a plaintext key. This argument is case sensitive. If simple is specified, the key must

be a string of 1 to 8 characters. If md5 or hmac-md5 is specified, the key must be a string of 1 to 16

characters.

Usage guidelines

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

The interfaces attached to the same network segment must have the same key. You can specify either

MD5/HMAC-MD5 authentication or simple authentication for an OSPF interface. For

MD5/HMAC-MD5 authentication, you can configure multiple keys by executing this command multiple

times, and each command must have a unique key ID and key string.

To modify the key of an OSPF interface, perform the following key rollover configurations:

1. Configure a new MD5/HMAC-MD5 authentication key for the interface. If the new key is not

configured on neighbor devices, MD5/HMAC-MD5 authentication key rollover is triggered.

During key rollover, OSPF sends multiple packets that contain both the new and old

MD5/HMAC-MD5 authentication keys to make sure all neighbor devices can pass the

authentication.

2. Configure the new MD5/HMAC-MD5 authentication key on all neighbor devices. When the local

device receives packets with the new key from all neighbor devices, it exits MD5 key rollover.

3. Delete the old MD5/HMAC-MD5 authentication key from the local device and all its neighbors.

This operation helps prevent attacks from devices that use the old key for communication and

reduce system resources and bandwidth consumption caused by key rollover.