HP FlexFabric 12500 Command Reference Manual page 99

Routing switch series, mpls

Hide thumbs Also See for FlexFabric 12500:

Configuration manual (402 pages)

Network management and monitoring command reference (320 pages)

Command reference manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

page of 157

/ 157
Contents
Table of Contents
Bookmarks

Table of Contents

dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40

seconds. The dead interval configured on the two ends of the sham link must be identical and be at least

four times the hello interval.

hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds.

The default is 10 seconds. The hello interval configured on the two ends of the sham link must be

identical.

hmac-md5: Enables HMAC-MD5 authentication.

md5: Enables MD5 authentication.

simple: Enables simple authentication.

key-id: Specifies a key ID in the range of 1 to 255.

cipher: Sets a ciphertext key.

cipher-string: Specifies a ciphertext key. This argument is case sensitive. If simple is specified, it must be

a string of 33 to 41 characters. If md5 or hmac-md5 is specified, it must be a string of 33 to 53

characters.

plain: Sets a plaintext key.

plain-string: Specifies a plaintext key. This argument is case sensitive. If simple is specified, it must be a

string of 1 to 8 characters. If md5 or hmac-md5 is specified, it must be a string of 1 to 16 characters.

retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600

seconds. The default is 5 seconds.

trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to

3600 seconds. The default is 1 second.

Usage guidelines

When a backdoor link exists between the two sites of a VPN, you can create a sham link between PEs

to forward VPN traffic through the sham link on the backbone rather than the backdoor link. A sham link

is considered an OSPF intra-area route.

This command can configure MD5/HMAC-MD5 or simple authentication for the sham link, but not both.

For MD5/HMAC-MD5 authentication, you can configure multiple keys by executing this command

multiple times, but a key-id can correspond with only one key.

To modify the MD5/HMAC-MD5 authentication key of a sham link, follow these steps:

Configure a new key for the sham link on the local device. If the neighbor on the sham link has not

been configured with the new key, this configuration triggers a key rollover process, during which,

OSPF advertises both the new and old keys so the neighbor can pass authentication and the

neighbor relationship is maintained.

Configure the same key for the sham link on the neighbor. After the local device receives a packet

carrying the new key from the neighbor, it quits the key rollover process.

Execute the undo sham-link command on the local device and the neighbor to remove the old key.

This operation can avoid attacks to the sham link that uses the old key and reduce bandwidth

consumption by key rollover.

Examples

# Create a sham link with the source address 1.1.1.1 and destination address 2.2.2.2.

<Sysname> system-view

[Sysname] ospf

[Sysname-ospf-1] area 0

Table of Contents

This manual is also suitable for:

Flexfabric 12500e

HP FlexFabric 12500 Command Reference Manual page 99

Related Manuals for HP FlexFabric 12500

Related Products for HP FlexFabric 12500

This manual is also suitable for:

Table of Contents