Enabling the logging of neighbor state changes, Enhancing is-is network security, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual
Page 542: Configuring neighbor relationship authentication
517
Step Command
Remarks
6.
Configure a DIS name. isis dis-name symbolic-name
Optional.
Not configured by default.
This command takes effect only on a router with
dynamic system ID to host name mapping
configured.
This command is not supported on P2P
interfaces.
Enabling the logging of neighbor state changes
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter IS-IS view.
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
3.
Enable the logging of
neighbor state changes.
log-peer-change
Enabled by default.
NOTE:
With this feature enabled, the router delivers information about neighbor state changes to the terminal for
display.
Enhancing IS-IS network security
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication
involves neighbor relationship authentication, area authentication and routing domain authentication.
Configuration prerequisites
Before this configuration, complete the following tasks:
•
Configure network layer addresses for interfaces, and to make sure that all neighboring nodes can
reach each other at the network layer.
•
Enable IS-IS.
Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the
authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication: