Configuring area authentication, Configuring routing domain authentication – H3C Technologies H3C S12500 Series Switches User Manual

Page 178

Advertising
background image

162

The level-1 and level-2 keywords are configurable on an interface that has had IS-IS enabled with

the isis enable command.

If you configure an authentication mode and a password without specifying a level, the
authentication mode and password apply to both Level-1 and Level-2.

If neither ip nor osi is specified, the OSI related fields in LSPs are checked.

To configure neighbor relationship authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type interface-number N/A

3.

Specify the authentication

mode and password.

isis authentication-mode { md5 | simple }
[ cipher ] password [ level-1 | level-2 ]
[ ip | osi ]

By default, no authentication
is configured.

Configuring area authentication

Area authentication enables a router not to install routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode into Level-1

packets (LSP, CSNP, and PSNP) and check the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

3.

Specify the area
authentication mode and

password.

area-authentication-mode { md5 |
simple } password [ ip | osi ]

By default, no area authentication
is configured.

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing

domain. A router with the authentication configured encapsulates the password in the specified mode
into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
To configure routing domain authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals