Configure OSPFv3 Network Authentication

To prevent information leakage or malicious attacks to OSPFv3 devices, all packet interaction between OSPFv3 neighbors has the encrypted authentication capability. The encrypted authentication types and algorithms include: NULL (no authentication), SHA1 authentication, and MD5 authentication, which is specified by the IPSec encrypted authentication policy.

After configuring authentication, IPSec security features encrypt and authenticate OSPFv3 protocol packets.The OSPFv3 protocol can receive packets only after decryption authentication. Therefore, the OSPFv3 interfaces which establish the adjacency relationship must have the same authentication method, Spi ID, and IPSec encryption authentication policy of authentication password configuration. The OSPFv3 authentication mode can be configured on the area and interface, and its priority is from low to high: area authentication, interface authentication. That is, first use the interface authentication mode, and then, use the area authentication mode.

Configuration Condition

Before configuring OSPFv3 network authentication, ensure that:

• The IPv6 forwarding function is enabled.
• The OSPFv3 protocol is enabled.

Configure OSPFv3 Area Authentication

Configuring the area authentication in the OSPFv3 process area can make all interfaces in the area use the area authenticaton mode, and effectively avoid configuring the same network authentication mode in the interface repeatedly.

Table 8-10 Configure OSPFv3 area authentication

Configure OSPFv3 Interface Authentication

If an interface has multiple OSPFv3 instances, you can specify the authentication mode and password for one instance. If you do not specify the interface authentication instance in the interface, adopt the specified authentication mode in the area.

Table 8-11 Configure OSPFv3 interface authentication