Enabling the logging of neighbor state changes, Enhancing is-is network security, Configuration prerequisites – H3C Technologies H3C S12500 Series Switches User Manual

161

Step Command

Remarks

6.

Configure a DIS
name.

isis dis-name symbolic-name

Optional.
Not configured by default.
This command takes effect

only on a router with dynamic
system ID to host name

mapping configured.
This command is not

supported on P2P interfaces.

Enabling the logging of neighbor state changes

Logging of neighbor state changes enables the router to output neighbor state changes to the console

terminal.
To enable the logging of neighbor state changes:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance

vpn-instance-name ]

N/A

3.

Enable the logging of
neighbor state

changes.

log-peer-change

Enabled by default.

Enhancing IS-IS network security

To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication

involves neighbor relationship authentication, area authentication, and routing domain authentication.

Configuration prerequisites

Complete the following tasks before this configuration:

•

Configure network layer addresses for interfaces to ensure IP connectivity between neighboring
nodes.

•

Enable IS-IS.

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified

mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.
Follow these guidelines when you configure neighbor relationship authentication:

•

The authentication mode and password at both ends must be identical.