Change the timer for ospf authentication changes – Brocade BigIron RX Series Configuration Guide User Manual

Page 846

background image

768

BigIron RX Series Configuration Guide

53-1002484-04

Configuring OSPF

26

NOTE

If you want the software to assume that the value you enter is the clear-text form, and to encrypt
display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software
to use the default behavior.

If you specify encryption option 1, the software assumes that you are entering the encrypted form
of the password or authentication string. In this case, the software decrypts the password or string
you enter before using the value for authentication. If you accidentally enter option 1 followed by the
clear-text version of the password or string, authentication will fail because the value used by the
software will not match the value you intended to use.

Change the timer for OSPF authentication changes

When you make an OSPF authentication change, the software uses the authentication-change
timer to gracefully implement the change. The software implements the change in the following
ways:

Outgoing OSPF packets – After you make the change, the software continues to use the old
authentication to send packets, during the remainder of the current authentication-change
interval. After this, the software uses the new authentication for sending packets.

Inbound OSPF packets – The software accepts packets containing the new authentication and
continues to accept packets containing the older authentication for two authentication-change
intervals. After the second interval ends, the software accepts packets only if they contain the
new authentication key.

The default authentication-change interval is 300 seconds (5 minutes). You change the interval to
a value from 0 – 14400 seconds.

OSPF provides graceful authentication change for all the following types of authentication changes
in OSPF:

Changing authentication methods from one of the following to another of the following:

Simple text password

MD5 authentication

No authentication

Configuring a new simple text password or MD5 authentication key

Changing an existing simple text password or MD5 authentication key

To change the authentication-change interval, enter a command such as the following at the
interface configuration level of the CLI.

BigIron RX(config-if-e10000-2/5)# ip ospf auth-change-wait-time 400

Syntax: [no] ip ospf auth-change-wait-time <secs>

The <secs> parameter specifies the interval and can be from 0 – 14400 seconds. The default is
300 seconds (5 minutes).

NOTE

For backward compatibility, the ip ospf md5-authentication key-activation-wait-time <seconds>
command is still supported.

See also other documents in the category Brocade Computer Accessories: