Configuring neighbor relationship authentication, Configuring area authentication, Configuring routing domain authentication – H3C Technologies H3C S5560 Series Switches User Manual

Page 173

Advertising
background image

157

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified

mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type interface-number N/A

3.

Specify the authentication

mode and password.

isis authentication-mode { gca key-id
{ hmac-sha-1 | hmac-sha-224 |
hmac-sha-256 | hmac-sha-384 |

hmac-sha-512 } | md5 | simple } { cipher

cipher-string | plain plain-string } [ level-1
| level-2 ] [ ip | osi ]

By default, no authentication
is configured.

Configuring area authentication

Area authentication prevents the router from installing routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1

packets (LSP, CSNP, and PSNP) and checks the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

3.

Specify the area
authentication mode and

password.

area-authentication-mode { gca key-id
{ hmac-sha-1 | hmac-sha-224 |
hmac-sha-256 | hmac-sha-384 |

hmac-sha-512 } | md5 | simple }

{ cipher cipher-string | plain
plain-string } [ ip | osi ]

By default, no area authentication
is configured.

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the password in the specified mode

into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
To configure routing domain authentication:

Advertising
This manual is related to the following products:

H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals