Configure OSPFv3 Network Authentication
To prevent information leakage or malicious attacks to OSPFv3 devices, all packet interaction between OSPFv3 neighbors has the encrypted authentication capability. The encrypted authentication types and algorithms include: NULL (no authentication), SHA1 authentication, and MD5 authentication, which is specified by the IPSec encrypted authentication policy.
After configuring authentication, IPSec security features encrypt and authenticate OSPFv3 protocol packets.The OSPFv3 protocol can receive packets only after decryption authentication. Therefore, the OSPFv3 interfaces which establish the adjacency relationship must have the same authentication method, Spi ID, and IPSec encryption authentication policy of authentication password configuration. The OSPFv3 authentication mode can be configured on the area and interface, and its priority is from low to high: area authentication, interface authentication. That is, first use the interface authentication mode, and then, use the area authentication mode.
Configuration Condition
Before configuring OSPFv3 network authentication, ensure that:
- The IPv6 forwarding function is enabled.
- The OSPFv3 protocol is enabled.
Configure OSPFv3 Area Authentication
Configuring the area authentication in the OSPFv3 process area can make all interfaces in the area use the area authenticaton mode, and effectively avoid configuring the same network authentication mode in the interface repeatedly.
Table 8-10 Configure OSPFv3 area authentication
Step
|
Command
|
Description
|
Enter the global configuration mode.
|
configure terminal
|
-
|
Enter the OSPFv3 configuration mode.
|
ipv6 router ospf process-id [vrf vrf-name ]
|
-
|
Configure the area authentication mode.
|
area area-id ipsec-tunnel tunnel-name
|
Mandatory
By default, OSPFv3 is not configured with the area authentication.
|
Configure OSPFv3 Interface Authentication
If an interface has multiple OSPFv3 instances, you can specify the authentication mode and password for one instance. If you do not specify the interface authentication instance in the interface, adopt the specified authentication mode in the area.
Table 8-11 Configure OSPFv3 interface authentication
Step
|
Command
|
Description
|
Enter the global configuration mode.
|
configure terminal
|
-
|
Enter the interface configuration mode.
|
interface interface-name
|
-
|
Configure the interface authentication mode.
|
ipv6 ospf ipsec-tunnel tunnel-name {instance-id instance-id}
|
Mandatory
By default, OSPFv3 is not configured with the interface authentication mode.
|