Enabling the logging of neighbor state changes, Enhancing is-is network security, Configuration prerequisites – H3C Technologies H3C S10500 Series Switches User Manual

162

To do…

Use the command...

Remarks

Enter interface view

interface interface-type
interface-number

—

Configure a DIS name

isis dis-name symbolic-name

Optional
Not configured by default.
This command takes effect only on a
router with dynamic system ID to host

name mapping configured.
This command is not supported on P2P
interfaces.

Enabling the logging of neighbor state changes

Follow these steps to enable the logging of neighbor state changes:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter IS-IS view

isis [ process-id ] [ vpn-instance

vpn-instance-name ]

—

Enable the logging of neighbor
state changes

log-peer-change

Required
Enabled by default

NOTE:

With this feature enabled, the router delivers information about neighbor state changes to the terminal for
display.

Enhancing IS-IS network security

To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication

involves neighbor relationship authentication, area authentication and routing domain authentication.

Configuration prerequisites

Before enhancing IS-IS network security, complete the following tasks:

•

Configure network layer addresses for interfaces to make neighboring nodes accessible to each

other at the network layer.

•

Enable IS-IS

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified

mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
Follow these steps to configure neighbor relationship authentication: