R0106-HP MSR Router Series MPLS Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

241

242

243

244

245

246

247

248

249

250

234

Views

OSPF area view

Predefined user roles

network-admin

Parameters

source-ip-address: Specifies the source IP address of the sham link.

destination-ip-address: Specifies the destination IP address of the sham link.

cost cost: Specifies the cost of the sham link, in the range of 1 to 65535. The default cost is 1.

dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40

seconds. The dead interval configured on the two ends of the sham link must be identical and be at least

four times the hello interval.

hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds.

The default is 10 seconds. The hello interval configured on the two ends of the sham link must be

identical.

hmac-md5: Enables HMAC-MD5 authentication.

md5: Enables MD5 authentication.

simple: Enables simple authentication.

key-id: Specifies a key ID in the range of 1 to 255.

cipher: Sets a ciphertext key.

cipher-string: Specifies a ciphertext key. This argument is case sensitive. If simple is specified, it must be

a string of 33 to 41 characters. If md5 or hmac-md5 is specified, it must be a string of 33 to 53

characters.

plain: Sets a plaintext key.

plain-string: Specifies a plaintext key. This argument is case sensitive. If simple is specified, it must be a

string of 1 to 8 characters. If md5 or hmac-md5 is specified, it must be a string of 1 to 16 characters.

retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600

seconds. The default is 5 seconds.

trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to

3600 seconds. The default is 1 second.

Usage guidelines

When a backdoor link exists between the two sites of a VPN, you can create a sham link between PEs

to forward VPN traffic through the sham link on the backbone rather than the backdoor link. A sham link

is considered an OSPF intra-area route.

This command can configure MD5/HMAC-MD5 or simple authentication for the sham link, but not both.

For MD5/HMAC-MD5 authentication, you can configure multiple keys by executing this command

multiple times, but a key-id can correspond with only one key.

To modify the MD5/HMAC-MD5 authentication key of a sham link, follow these steps:

1. Configure a new key for the sham link on the local device. If the neighbor on the sham link has not

been configured with the new key, this configuration triggers a key rollover process, during which,

OSPF advertises both the new and old keys so the neighbor can pass authentication and the

neighbor relationship is maintained.