Does the switch support OSPF MD5 authentication on an interface

3

For example, if interface Vlanif10 of SwitchA and interface Vlanif20 of SwitchB are on the same network segment, perform these steps to configure OSPF MD5 authentication:

# Configure SwitchA.

system-view
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ospf authentication-mode md5
# Configure SwitchB.

system-view
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ospf authentication-mode md5

Other related questions:
Problem and solution when an OSPF neighbor relationship fails to be established between the interconnected firewall and NE40E if OSPF MD5 authentication is configured on the devices
The reason that an OSPF neighbor relationship fails to be established between the interconnected firewall and NE40E if OSPF MD5 authentication is configured on the devices is that OSPF authentication is configured but not enabled on the firewall interface. You need to configure authentication-mode md5 in the corresponding area to enable the OSPF authentication mechanism. OSPF authentication needs to be configured only on the interface connecting the NE40E to the firewall.

What are the functions of BGP MD5 authentication on S series switches
Q: What are the functions of BGP MD5 authentication, and the simple and cipher parameters? A: BGP MD5 authentication is designed to prevent TCP attacks. The MD5 password and TCP+BGP packets are input for calculation and then result A is saved in a TCP packet. The TCP peer resolves the result to check whether the TCP packet is a fake one. If so, it discards this TCP packet to guarantee stable TCP connection. The simple and cipher parameters only determine in which mode a password is displayed. If the simple parameter is configured, the password is displayed in plain text. If the cipher parameter is configured, the password is displayed in cipher text. If the same password is configured on both ends, the two ends adopt the same password for communication.

Differences between interface authentication and area authentication for OSPF on S series switches
Rules for OSPF authentication on S series switches supporting OSPF are as follows: If an interface is configured with authentication, the authentication method configured on the interface is used. If the authentication is set to null, the interface is not authenticated. If the interface is not configured with authentication (null does not indicate no configuration), area authentication is used. If the area is not configured with authentication either, no authentication is performed.

What is the relationship between OSPF interface authentication and area authentication
The basic principles of OSPF authentication are as follows: If authentication is configured on the interface, use the authentication on the interface. If null is configured on the interface, no authentication is performed on the interface. If no authentication is performed on the interface (Null does not mean that no authentication is configured), the authentication configured on the area is used. If no authentication is configured on the area, either, no authentication will be performed.

Can I configure OSPF authentication on an interface of an S series switch
Two S series switches supporting OSPF can only use primary interface IP addresses to establish an OSPF adjacency relationship. If secondary interface IP addresses are added to the OSPF configuration, corresponding routes can be advertised.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top