Can I configure OSPF authentication on an interface of an S series switch

1

Two S series switches supporting OSPF can only use primary interface IP addresses to establish an OSPF adjacency relationship. If secondary interface IP addresses are added to the OSPF configuration, corresponding routes can be advertised.

Other related questions:
Configure OSPF neighbor authentication on an S series switch
OSPF authentication of S series switches includes area authentication and interface authentication. 1. Area authentication Run the authentication-mode command in an OSPF area view to set the authentication mode and password for the OSPF area. For example: [HUAWEI] ospf 100 [HUAWEI-ospf-100] area 0 [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode md5 1 cipher huawei 2. Interface authentication The interface authentication mode is used among neighbor switches to set the authentication mode and password. Its priority is higher than that of the area authentication mode. Run the ospf authentication-mode command in the interface view to set the authentication mode and password for adjacent switches. For example: [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ospf authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-Vlanif100]ospf authentication-mode md5 1 cipher huawei Note: When configuring area authentication or interface authentication, all switches involved must have the same authentication mode and password. If not, the switches may fail to set up an OSPF neighbor relationship.

Differences between interface authentication and area authentication for OSPF on S series switches
Rules for OSPF authentication on S series switches supporting OSPF are as follows: If an interface is configured with authentication, the authentication method configured on the interface is used. If the authentication is set to null, the interface is not authenticated. If the interface is not configured with authentication (null does not indicate no configuration), area authentication is used. If the area is not configured with authentication either, no authentication is performed.

Can I configure only an OSPF non-backbone area on S series switches
OSPF partitions an AS into different areas to resolve the problem of frequent LSDB updates and improve network efficiency. An area is regarded as a logical group, and each group is identified by an area ID. A switch, not a link, resides at the border of an area. A network segment or link belongs only to one area. The area to which each OSPF-enabled interface belongs must be specified. On an OSPF network, the backbone area connects to all other OSPF areas and transmits inter-area routes. A single non-backbone area (for example, Area 3) can be configured to implement intra-area communication. However, if multiple non-backbone areas are configured, a backbone area is required to enable communication between the non-backbone areas. Therefore, all devices on a small network can be added to Area 0 (the backbone area). You are advised not to configure a single non-backbone area.

Can I specify an authentication domain on an interface of an S series switch
You can specify a user authentication domain (the default domain) on an interface of an S series switch (a non-S1700 switch) running V200R005 or a later version. The switch then can assign a user who does not provide the domain name when being authenticated to the specified authentication domain for authentication.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top