Configuring OSPFv3 authentication
OSPFv3 uses keychain authentication to prevent routing information from being leaked and routers from being attacked.
OSPFv3 adds the Authentication Trailer option into outgoing packets, and uses the authentication information in the option to authenticate incoming packets. Only packets that pass the authentication can be received. If a packet fails the authentication, the OSPFv3 neighbor relationship cannot be established.
The authentication mode specified for an OSPFv3 interface has a higher priority than the mode specified for an OSPFv3 area.
Configuring OSPFv3 area authentication
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter OSPFv3 view. | ospfv3 [ process-id | vpn-instance vpn-instance-name ] * | N/A |
3. Enter OSPFv3 area view. | area area-id | N/A |
4. Specify an authentication mode for the area. | authentication-mode keychain keychain-name | By default, no authentication is performed for the area. For more information about keychains, see Security Configuration Guide. |
Configuring OSPFv3 interface authentication
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Specify an authentication mode for the interface. | ospfv3 authentication-mode keychain keychain-name [ instance instance-id ] | By default, no authentication is performed for the interface. For more information about keychains, see Security Configuration Guide. |