Foundry Networks Switch and Router Installation And Configuration Manual page 594

Foundry Switch and Router Installation and Configuration Guide
Encrypted Display of the Authentication String or MD5 Authentication Key
The optional 0 | 1 parameter with the authentication-key and md5-authentication key-id parameters affects
encryption.
For added security, software release 07.1.10 and later encrypts display of the password or authentication string.
Encryption is enabled by default. The software also provides an optional parameter to disable encryption of a
password or authentication string, on an individual OSPF area or OSPF interface basis.
When encryption of the passwords or authentication strings is enabled, they are encrypted in the CLI regardless of
the access level you are using. In the Web management interface, the passwords or authentication strings are
encrypted at the read-only access level but are visible at the read-write access level.
The encryption option can be omitted (the default) or can be one of the following.
• 0 – Disables encryption for the password or authentication string you specify with the command. The
password or string is shown as clear text in the running-config and the startup-config file. Use this option of
you do not want display of the password or string to be encrypted.
• 1 – Assumes that the password or authentication string you enter is the encrypted form, and decrypts the
value before using it.
NOTE: If you want the software to assume that the value you enter is the clear-text form, and to encrypt display
of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software to use the default
behavior.
If you specify encryption option 1, the software assumes that you are entering the encrypted form of the password
or authentication string. In this case, the software decrypts the password or string you enter before using the
value for authentication. If you accidentally enter option 1 followed by the clear-text version of the password or
string, authentication will fail because the value used by the software will not match the value you intended to use.
Block Flooding of Outbound LSAs on Specific OSPF Interfaces
By default, the Layer 3 Switch floods all outbound LSAs on all the OSPF interfaces within an area. You can
configure a filter to block outbound LSAs on an OSPF interface. This feature is particularly useful when you want
to block LSAs from some, but not all, of the interfaces attached to the area.
After you apply filters to block the outbound LSAs, the filtering occurs during the database synchronization and
flooding.
If you remove the filters, the blocked LSAs are automatically re-flooded. You do not need to reset OSPF to re-
flood the LSAs.
NOTE: You cannot block LSAs on virtual links.
USING THE CLI
To apply a filter to an OSPF interface to block flooding of outbound LSAs on the interface, enter the following
command at the Interface configuration level for that interface.
BigIron(config-if-1/1)# ip ospf database-filter all out
The command in this example blocks all outbound LSAs on the OSPF interface configured on port 1/1.
Syntax: [no] ip ospf database-filter all out
To remove the filter, enter a command such as the following:
BigIron(config-if-1/1)# no ip ospf database-filter all out
USING THE WEB MANAGEMENT INTERFACE
You cannot configure filters to block flooding on OSPF interfaces using the Web management interface.
17 - 20 December 2000