无
现场反馈之前OSPFv3邻居建立正常,因客户要求,OSPFv3邻居需使能接口认证,实现高安全,但现场在两侧S125X接口下使能认证后,发现邻居无法建
#
keychain OSPFv3_O mode absolute
key 1
key-string cipher $c$3$txDRm6SEXFyqtu6bSj0fLNFZ8nk=
authentication-algorithm md5
#
interface Vlan-interface1021
ip binding vpn-instance O
ip address 10.1.10.6 255.255.255.252
ospf authentication-mode md5 1 cipher $c$3$A1+N5G083T3wsyMyvTHOyPX3xR0j39nrBrNXjKbdww==
ospf network-type p2p
ospfv3 20 area 0.0.0.30
ospfv3 network-type p2p
ospfv3 authentication-mode keychain OSPFv3_O
ipv6 address 2109:::1000:0:AC6:A42/126
#
配置问题,S125X OSPFv3仅支持HMAC-SHA-256认证算法,和平台相关,不支持md5。同时,要求配置对应key的生命周期,否则对应key不生效。
keychain OSPFv3_O mode absolute
key 1
key-string cipher $c$3$txDRm6SEXFyqtu6bSj0fLNFZ8nk=
authentication-algorithm md5
send-lifetime utc start-time start-date { duration { duration-value | infinite } | to end-time end-date }
accept-lifetime utc start-time start-date { duration { duration-value | infinite } | to end-time end-date }
#
interface Vlan-interface1021
ip binding vpn-instance O
ip address 10.1.10.6 255.255.255.252
ospf authentication-mode md5 1 cipher $c$3$A1+N5G083T3wsyMyvTHOyPX3xR0j39nrBrNXjKbdww==
ospf network-type p2p
ospfv3 20 area 0.0.0.30
ospfv3 network-type p2p
ospfv3 authentication-mode keychain OSPFv3_O
ipv6 address 2109:::1000:0:AC6:A42/126
#
修改对应key的算法为HMAC-SHA-256,同时添加对应key的生命周期后,问题解决
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作