Configuring Ospf Authentication - HP MSR Series Configuration Manual
Layer 3 - ip routing
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
a link to a transit network, or a virtual link. On such links, a maximum cost value of 65,535 is used.
Neighbors do not send packets to the stub router as long as they have a route with a smaller cost.
To configure a router as a stub router:
Step
1.
Enter system view.
2.
Enter OSPF view.
3.
Configure the router as a
stub router.
Configuring OSPF authentication
Perform this task to configure OSPF area and interface authentication.
OSPF adds the configured password into outgoing OSPF packets, and uses the password to authenticate
incoming OSPF packets. Only OSPF packets that pass the authentication can be received. If a packet
fails the authentication, the OSPF neighbor relationship cannot be established.
If you configure OSPF authentication for both an area and an interface in that area, the interface uses the
OSPF authentication configured on it.
You must configure the same authentication mode and password for all routers on the same network
segment.
To modify the MD5/HMAC-MD5 authentication password without tearing down OSPF neighbor
connections, perform the following key rollover configurations:
1.
Configure a new MD5/HMAC-MD5 authentication password. If the neighbors have not been
configured with the new password, this configuration triggers a key rollover process, during which,
OSPF advertises both the new and old passwords so all neighbors can pass the authentication.
2.
Configure the new MD5/HMAC-MD5 authentication password on all neighbors. After OSPF
receives packets carrying the new password from all neighbors, it quits the key rollover process.
3.
Remove the old MD5/HMAC-MD5 authentication password from the local device and all its
neighbors. This operation can avoid attacks that use the old password and reduce bandwidth
consumption by key rollover.
Configuring OSPF area authentication
Step
1.
Enter system view.
2.
Enter OSPF view.
3.
Enter area view.
4.
Configure OSPF area
authentication mode.
Command
system-view
ospf [ process-id | router-id router-id |
vpn-instance vpn-instance-name ] *
stub-router
Command
system-view
ospf [ process-id | router-id router-id |
vpn-instance vpn-instance-name ] *
area area-id
•
Configure simple authentication:
authentication-mode simple [ cipher |
plain ] password
•
Configure MD5 authentication:
authentication-mode { hmac-md5 |
md5 } key-id [ cipher | plain ] password
77
Remarks
N/A
N/A
By default, the router is not a stub
router in any OSPF process.
Remarks
N/A
N/A
N/A
Use either method.
By default, no
authentication is
configured.
Advertisement
Table of Contents
Troubleshooting
