Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Logo CNTTShop.vn
KD: 0862 158 859 - 0966 658 525 Purchase: 0906 051 599
Danh mục sản phẩm

Configure IS-IS Neighboring Authentication

Network Requirements

  • Enable the authentication on the interface to enable the devices configured with the same password establishing the neighbor relationship.
  • Device1 is the Level-1 router, Device2 is the Level-1-2 router, and Device1 and Device2 are in the same area, Area 10. Device3 is the Level-2 router in Area 20. Device2 connects the two areas.

Network Topology

Networking of the IS-IS neighbor authentication

Figure 9–5 Networking of the IS-IS neighbor authentication

Configuration Steps

Step 1: Configure the IP address of the interfaces. (Omitted)

Step 2: Configure the IS-IS and enable the process on the interface.

#Configure the IS-IS process as 100, area number as 10, and type as Level-1 and enable the process on the interface on Device1.

Device1#configure terminal
Device1(config)#router isis 100
Device1(config-isis)#net 10.0000.0000.0001.00
Device1(config-isis)#is-type level-1
Device1(config-isis)#metric-style wide
Device1(config-isis)#exit
Device1(config)#interface vlan2
Device1(config-if-vlan2)#ip router isis 100
Device1(config-if-vlan2)#exit
Device1(config)#interface vlan3
Device1(config-if-vlan3)#ip router isis 100
Device1(config-if-vlan3)#exit

#Configure the IS-IS process as 100, area number as 10, and type as Level-1-2 and enable the process on the interface on Device2.

Device2#configure terminal
Device2(config)#router isis 100
Device2(config-isis)#net 10.0000.0000.0002.00
Device2(config-isis)#metric-style wide
Device2(config-isis)#exit
Device2(config)#interface vlan2
Device2(config-if-vlan2)#ip router isis 100
Device2(config-if-vlan2)#exit
Device2(config)#interface vlan3
Device2(config-if-vlan3)#ip router isis 100
Device2(config-if-vlan3)#exit

#Configure the IS-IS process as 100, area number as 20, and type as Level-2 and enable the process on the interface on Device3.

Device3#configure terminal
Device3(config)#router isis 100
Device3(config-isis)#net 20.0000.0000.0003.00
Device3(config-isis)#is-type level-2
Device3(config-isis)#metric-style wide
Device3(config-isis)#exit
Device3(config)#interface vlan2
Device3(config-if-vlan2)#ip router isis 100
Device3(config-if-vlan2)#exit
Device3(config)#interface vlan3
Device3(config-if-vlan3)#ip router isis 100
Device3(config-if-vlan3)#exit

#View the IS-IS neighboring information of Device1.

Device1#show isis neighbors 
IS-IS Instance 100 Neighbors (Counter 1): 
Type   System ID      Interface  State Holdtime Level IETF-NSF Priority Circuit ID 
L1-LAN 0000.0000.0002 vlan3      Up    29 sec   L1    capable  64       0000.0000.0001.01

#View the IS-IS neighboring information on Device2.

Device2#show isis neighbors 
IS-IS Instance 100 Neighbors (Counter 2): 
Type   System ID      Interface  State Holdtime Level IETF-NSF Priority Circuit ID 
L2-LAN 0000.0000.0003 vlan2      Up    9 sec    L2    capable  64       0000.0000.0003.01 
L1-LAN 0000.0000.0001 vlan3      Up    7 sec    L1    capable  64       0000.0000.0001.01

#View the IS-IS neighboring information of Device3.

Device3#show isis neighbors  
IS-IS Instance 100 Neighbors (Counter 1): 
Type   System ID      Interface  State Holdtime Level IETF-NSF Priority Circuit ID 
L2-LAN 0000.0000.0002 vlan2      Up    24 sec   L2    capable  64       0000.0000.0003.01

Step 3: Configure the authentication.

#Configure the MD5 authentication and password admin on the interface of Device2.

Device2(config)#interface vlan2
Device2(config-if-vlan2)#isis authentication mode md5
Device2(config-if-vlan2)#isis authentication key 0 admin
Device2(config-if-vlan2)#exit
Device2(config)#interface vlan3
Device2(config-if-vlan3)#isis authentication mode md5
Device2(config-if-vlan3)#isis authentication key 0 admin
Device2(config-if-vlan3)#exit

#View the IS-IS neighbor of Device2.

Device2#show isis neighbors 
IS-IS Instance 100 Neighbors (Counter 0): 
Type System ID     Interface    State Holdtime Level IETF-NSF Priority Circuit ID

At this time, Device1 and Device3 are not configured with the authentication. Device2 does not establish the IS-IS neighbor.

#Configure the MD5 authentication and password admin on the valn3 interface of Device1.

Device1(config)#interface vlan3
Device1(config-if-vlan3)#isis authentication mode md5
Device1(config-if-vlan3)#isis authentication key 0 admin
Device1(config-if-vlan3)#exit

#Configure the MD5 authentication and password admin on the valn2 interface of Device3.

Device3(config)#interface vlan2
Device3(config-if-vlan2)#isis authentication mode md5
Device3(config-if-vlan2)#isis authentication key 0 admin
Device3(config-if-vlan2)#exit

Step 4: Check the result.

#View the IS-IS neighboring information of Device1.

Device1#show isis neighbors 
IS-IS Instance 100 Neighbors (Counter 1): 
Type   System ID      Interface State Holdtime Level IETF-NSF Priority Circuit ID 
L1-LAN 0000.0000.0002 vlan3     Up    29 sec   L1    capable  64       0000.0000.0001.01

It can be observed that the IS-IS neighbor is successfully established between Device1 and Device2. It indicates that the authentication succeeds.

#View the IS-IS neighboring information on Device2.

Device2#show isis neighbors 
IS-IS Instance 100 Neighbors (Counter 2): 
Type   System ID      Interface  State Holdtime Level IETF-NSF Priority Circuit ID 
L2-LAN 0000.0000.0003 vlan2      Up    9 sec    L2    capable  64       0000.0000.0003.01 
L1-LAN 0000.0000.0001 vlan3      Up    7 sec    L1    capable  64       0000.0000.0001.01

It can be observed that the IS-IS neighbor is successfully established between Device2 and Device1/Device3. It indicates that the authentication succeeds.

#View the IS-IS neighboring information of Device3.

Device3#show isis neighbors  
IS-IS Instance 100 Neighbors (Counter 1): 
Type   System ID      Interface  State Holdtime Level IETF-NSF Priority Circuit ID 
L2-LAN 0000.0000.0002 vlan2      Up    24 sec   L2    capable  64       0000.0000.0003.01

It can be observed that the IS-IS neighbor is successfully established between Device3 and Device2. It indicates that the authentication succeeds.

#View the routing information of Device2. Device2 can normally receives the routing advertised by Device1 and Device3.

Device2#show ip route 
Codes: C - connected, S - static, R - RIP, O - OSPF, OE-OSPF External, M - Management 
       D - Redirect, E - IRMP, EX - IRMP external, o - SNSP, B - BGP, i-IS-IS  
 
Gateway of last resort is not set 
 
i 10.1.1.0/24 [115/20] via 100.1.1.1, 16:58:26, vlan3 
C 100.1.1.0/24 is directly connected, 18:39:58, vlan3
C 127.0.0.0/8 is directly connected, 20:16:34, lo0 
C 200.1.1.0/24 is directly connected, 18:39:37, vlan2
i 210.1.1.0/24 [115/20] via 200.1.1.2, 16:57:56, vlan2 
 
Device2#show isis ipv4 route  
IS-IS Instance 100, VRF Kernel, IPv4 routes table (Counter 4):
L1 10.1.1.0/24, flags none, metric 20, from learned, installed 
     via 100.1.1.1, vlan3, neighbor 0000.0000.0001 
L1 100.1.1.0/24, flags none, metric 10, from network connected 
     via 0.0.0.0, vlan3 
L1 200.1.1.0/24, flags none, metric 10, from network connected 
     via 0.0.0.0, vlan2 
L2 210.1.1.0/24, flags none, metric 20, from learned, installed 
     via 200.1.1.2, vlan2, neighbor 0000.0000.0003

Danh mục sản phẩm

Bộ Phát Wifi
Thiết Bị Chuyển Mạch Switch
Module Quang
Tường Lửa Firewall
Router Cân Bằng Tải
Máy Chủ Server
Phụ Kiện Server
Logo Công Ty TNHH Việt Thái Dương

Công Ty TNHH Công Nghệ Việt Thái Dương

CNTTShop.vn đã đăng ký bộ công thương DMCA.com Protection Status

Văn phòng Hà Nội:

NTT03, Line1, Thống Nhất Complex,
Thanh Xuân, Hà Nội.

Điện thoại:  0962.052.874

Email:  kd2@cnttshop.vn

Văn phòng TPHCM:

Số 31B, Đường 1, Phường An Phú,
Quận 2 (Thủ Đức), TP HCM.

Điện thoại:  0967.415.023

Email:  kd5@cnttshop.vn