HP 3500YL User Manual

IP Routing Features

Configuring OSPF

OSPF MD5 Authentication.

Syntax: ip ospf md5-auth-key-chain < chain-name-string >

no ip ospf [ ip-address ] authentication

Used in the VLAN interface context to configure MD5
authentication for all interfaces in the VLAN or for a specific
subnet. The MD5 authentication takes effect immediately, and
all OSPF packets transmitted on the interface contain the
designated key. All OSPF packets received on the interface are
checked for the key. If it is not present, then the packet is
dropped. To disable MD5 authentication on an interface, use
the

no form of the command.

Note: Before using this authentication option, you must
configure one or more key chains on the routing switch by
using the Key Management System (KMS) described in the
chapter titled “Key Management System” in the Access
Security Guide for your routing switch
[ ip-address ]: Used in subnetted VLAN contexts where you want
to assign or remove MD5 authentication associated with a
specific subnet. Omit this option when you want the command
to apply to all interfaces configured in the VLAN.
< chain-name-string >: The name of a key generated using the
key-chain < chain_name > key < key_id > command. To change the
MD5 authentication configured on an interface, re-execute the
command with the new MD5 key.

Use

show ip ospf interface < ip-address > to view the current

authentication setting. (Refer to pages 5-102 and 5-104.)

Note: To replace the MD5 method with the password method
on a given interface, overwrite the MD5 configuration by
using the password form of the command shown in the next
syntax description. (It is not necessary to disable the currently
configured OSPF MD5 authentication.)

Default: Disabled

5-87