Configuring ospf authentication – H3C Technologies H3C S12500 Series Switches User Manual

90

link, a link to a transit network, or a virtual link. On such links, a maximum cost value of 65535 is used.

Thus, neighbors find that the links to the stub router have such big costs that they will not send packets to
the stub router for forwarding as long as another route with a smaller cost exists.
To configure a router as a stub router:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPF view.

ospf [ process-id | router-id router-id |
vpn-instance vpn-instance-name ] *

N/A

3.

Configure the router as a

stub router.

stub-router

By default, the router is not a stub
router in any OSPF process.

Configuring OSPF authentication

Configure OSPF packet authentication to ensure the security of packet exchange.
After authentication is configured, OSPF only receives packets that pass the authentication. Failed

packets cannot establish neighboring relationships.
To configure OSPF packet authentication, you must configure the same area authentication mode on all
the routers in an area. In addition, the authentication mode and password for all routers on the same

network segment must be identical.
OSPF authentication includes area authentication and interface authentication. Interface authentication

has higher priority than area authentication. If you configure interface authentication and area
authentication at the same time, the interface authentication configuration takes effect.
To configure OSPF authentication for an area:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPF view.

ospf [ process-id | router-id router-id |
vpn-instance vpn-instance-name ] *

N/A

3.

Enter OSPF area view.

area area-id

N/A

4.

Configure OSPF

authentication for an
area.

•

Configure the simple authentication mode for

the area:
authentication-mode simple [ cipher | plain ]

password

•

Configure the MD5 authentication mode for

the area:

authentication-mode { hmac-md5 | md5 }

[ key-id [ cipher | plain ] password ]

Use either method.
Not configured by
default.

In OSPF area authentication, to modify MD5/HMAC-MD5 authentication key ID without tearing down

OSPF neighbor connections, perform the following key rollover configurations:

1.

Configure a new MD5/HMAC-MD5 authentication key ID for the area. If the new key ID is not
configured on neighbor devices, MD5 authentication key rollover is triggered. During key rollover,