Authentication Strategies; Configure Authentication At Different Hierarchical Levels For Ospf Version 2 - Cisco NCS 5500 Series Configuration Manuals
Routing configuration ios xr release 6.3.x
Hide thumbs
Also See for NCS 5500 Series:
- Configuration manual (172 pages) ,
- Hardware installation manual (146 pages) ,
- Manual (25 pages)
Table of Contents
Advertisement
Authentication Strategies
Configures the IPv4 address of OSPF neighbors interconnecting to nonbroadcast networks.
or
Configures the link-local IPv6 address of OSPFv3 neighbors.
• The ipv6-link-local-address argument must be in the form documented in RFC 2373 in which the address is
specified in hexadecimal using 16-bit values between colons.
• The priority keyword notifies the router that this neighbor is eligible to become a DR or BDR. The priority
value should match the actual priority setting on the neighbor router. The neighbor priority default value is zero.
• Neighbors with no specific cost configured assumes the cost of the interface, based on the cost command.
• The database-filter keyword filters outgoing LSAs to an OSPF neighbor. If you specify the all keyword,
incoming and outgoing LSAs are filtered. Use with extreme caution since filtering may cause the routing topology
to be seen as entirely different between two neighbors, resulting in " black-holing" or routing loops.
Step 14
Repeat Step 13 for all neighbors on the interface.
—
Step 15
commit
Authentication Strategies
Authentication can be specified for an entire process or area, or on an interface or a virtual link. An interface
or virtual link can be configured for only one type of authentication, not both. Authentication configured for
an interface or virtual link overrides authentication configured for the area or process.
If you intend for all interfaces in an area to use the same type of authentication, you can configure fewer
commands if you use the authentication command in the area configuration submode (and specify the
message-digest keyword if you want the entire area to use MD5 authentication). This strategy requires fewer
commands than specifying authentication for each interface.
Configure Authentication at Different Hierarchical Levels for OSPF Version 2
This task explains how to configure MD5 (secure) authentication on the OSPF router process, configure one
area with plain text authentication, and then apply one interface with clear text (null) authentication.
Note
Authentication configured at the interface level overrides authentication configured at the area level and the
router process level. If an interface does not have authentication specifically configured, the interface inherits
the authentication parameter value from a higher hierarchical level.
Before you begin
If you choose to configure authentication, you must first decide whether to configure plain text or MD5
authentication, and whether the authentication applies to all interfaces in a process, an entire area, or specific
interfaces. See
authentication and when you should use a specific method for your network.
Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
58
OSPF Hierarchical CLI and CLI Inheritance, on page 103
Implementing OSPF
for information about each type of
Advertisement
Table of Contents
