Change the timer for ospf authentication changes – Brocade Virtual ADX Switch and Router Guide (Supporting ADX v03.1.00) User Manual

116

Brocade Virtual ADX Switch and Router Guide

53-1003246-01

Configuring OSPF

6

•

1 – Assumes that the password or authentication string you enter is the encrypted form, and
decrypts the value before using it.

NOTE

If you want the software to assume that the value you enter is the clear-text form, and to encrypt
display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software
to use the default behavior.

If you specify encryption option 1, the software assumes that you are entering the encrypted form
of the password or authentication string. In this case, the software decrypts the password or string
you enter before using the value for authentication. If you accidentally enter option 1 followed by the
clear-text version of the password or string, authentication will fail because the value used by the
software will not match the value you intended to use.

Change the timer for OSPF authentication changes

When you make an OSPF authentication change, the software uses the authentication-change
timer to gracefully implement the change. The software implements the change in the following
ways:

•

Outgoing OSPF packets – After you make the change, the software continues to use the old
authentication to send packets, during the remainder of the current authentication-change
interval. After this, the software uses the new authentication for sending packets.

•

Inbound OSPF packets – The software accepts packets containing the new authentication and
continues to accept packets containing the older authentication for two authentication-change
intervals. After the second interval ends, the software accepts packets only if they contain the
new authentication key.

The default authentication-change interval is 300 seconds (5 minutes). You change the interval to
a value from 0 – 14400 seconds.

OSPF provides graceful authentication change for all the following types of authentication changes
in OSPF:

•

Changing authentication methods from one of the following to another of the following:

•

Simple text password

•

MD5 authentication

•

No authentication

•

Configuring a new simple text password or MD5 authentication key

•

Changing an existing simple text password or MD5 authentication key

To change the authentication-change interval, enter a command such as the following at the
interface configuration level of the CLI.

Virtual ADX(config-if-2)# ip ospf auth-change-wait-time 400

Syntax: [no] ip ospf auth-change-wait-time secs

The secs parameter specifies the interval and can be from 0 – 14400 seconds. The default is 300
seconds (5 minutes).