authentication-mode
Use authentication-mode to specify an authentication mode for an OSPFv3 area.
Use undo authentication-mode to restore the default.
Syntax
authentication-mode keychain keychain-name
undo authentication-mode
Default
No authentication is performed for an area.
Views
OSPFv3 area view
Predefined user roles
network-admin
Parameters
keychain: Specifies the keychain authentication mode.
keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
The authentication mode specified for an OSPFv3 interface has a higher priority than the mode specified for an OSPFv3 area.
When keychain authentication is configured for an OSPFv3 area, OSPFv3 performs the following operations before sending a packet:
Obtains a valid send key from the keychain.
OSPFv3 does not send the packet if it fails to obtain a valid send key.
Uses the key ID, authentication algorithm, and key string to authenticate the packet.
If the key ID is greater than 65535, OSPFv3 does not send the packet.
When keychain authentication is configured for an OSPFv3 area, OSPFv3 performs the following operations after receiving a packet:
Uses the key ID carried in the packet to obtain a valid accept key from the keychain.
OSPFv3 discards the packet if it fails to obtain a valid accept key.
Uses the authentication algorithm and key string for the valid accept key to authenticate the packet.
If the authentication fails, OSPFv3 discards the packet.
OSPFv3 supports only the HMAC-SHA-256 authentication algorithm.
The ID of keys used for authentication can only be in the range of 0 to 65535.
Examples
# Configure OSPFv3 Area 1 to use keychain test for packet authentication.
<Sysname> system-view [Sysname] ospfv3 1 [Sysname-ospfv3-1] area 1 [Sysname-ospfv3-1-area-0.0.0.1] authentication-mode keychain test