Change the timer for ospf authentication changes – Brocade TurboIron 24X Series Configuration Guide User Manual

Brocade TurboIron 24X Series Configuration Guide

623

53-1003053-01

Configuring OSPF

NOTE

If you want the software to assume that the value you enter is the clear-text form, and to encrypt
display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software
to use the default behavior.

If you specify encryption option 1, the software assumes that you are entering the encrypted form
of the password or authentication string. In this case, the software decrypts the password or string
you enter before using the value for authentication. If you accidentally enter option 1 followed by
the clear-text version of the password or string, authentication will fail because the value used by
the software will not match the value you intended to use.

Change the timer for OSPF authentication changes

When you make an OSPF authentication change, the software uses the authentication-change
timer to gracefully implement the change. The software implements the change in the following
ways:

•

Outgoing OSPF packets – After you make the change, the software continues to use the old
authentication to send packets, during the remainder of the current authentication-change
interval. After this, the software uses the new authentication for sending packets.

•

Inbound OSPF packets – The software accepts packets containing the new authentication and
continues to accept packets containing the older authentication for two authentication-change
intervals. After the second interval ends, the software accepts packets only if they contain the
new authentication key.

The default authentication-change interval is 300 seconds (5 minutes). You change the interval to
a value from 0 – 14400 seconds.

OSPF provides graceful authentication change for all the following types of authentication changes
in OSPF:

•

Changing authentication methods from one of the following to another of the following:

•

Simple text password

•

MD5 authentication

•

No authentication

•

Configuring a new simple text password or MD5 authentication key

•

Changing an existing simple text password or MD5 authentication key

To change the authentication-change interval, enter a command such as the following at the
interface configuration level of the CLI.

TurboIron(config-if-5)#ip ospf auth-change-wait-time 400

Syntax: [no] ip ospf auth-change-wait-time <secs>

The <secs> parameter specifies the interval and can be from 0 – 14400 seconds. The default is
300 seconds (5 minutes).

NOTE

For backward compatibility, the ip ospf md5-authentication key-activation-wait-time <seconds>
command is still supported.