Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure IS-IS Network Authentication

Configuration Condition

Before configuring the IS-IS network authentication, first complete the following tasks:

  • Configure the IP address of the interface to enable the neighboring nodes to be reachable at the network layer.
  • Enable the IS-IS protocol.

Configure IS-IS Neighboring Authentication

When the neighbor relationship authentication is enabled for the IS-IS, the authentication information will be added to the delivered Hello packet and the received Hello packet will be authenticated. If the authentication fails, the neighbor relationship will not be established. This can prevent the neighbor relationship being established with the unreliable devices.

Table 9-33 Configure the IS-IS neighboring authentication

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the interface configuration mode

interface interface-name

-

Configure the Hello packet authentication mode

isis authentication mode { md5 | sm3 | text } [ level-1 | level-2 ]

Mandatory

By default, the authentication function is not enabled.

Configure the Hello packet authentication password

isis authentication key { 0 | 7 } password [ level-1 | level-2 ]

Either

By default, the authentication password is not configured. The authentication password can be configured using the password chain. For details about the password chain configuration, refer to the password chain configuration chapter in the configuration manual.

isis authentication key-chain key-chain-name [ level-1 | level-2 ]

Configure IS-IS Route Authentication

When the routing information authentication is enabled for the IS-IS, the authentication information will be added to the LSP and SNP packets and the received LSP and SNP packets will be authenticated. If the authentication fails, the packet will be dropped directly. This can prevent the unreliable routing information spreading to the IS-IS network.

Table 9-34 Configure the IS-IS route authentication

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the IS-IS configuration mode

router isis [area-tag]

-

Configure the authentication mode of the routing information packet

authentication mode { md5 | sm3 | text } [ level-1 | level-2 ]

Mandatory

By default, the authentication function is not enabled.

Configure the authentication password of the routing information packet

authentication key { 0 | 7 } password [ level-1 | level-2 ]

Either

By default, the authentication password is not configured. The authentication password can be configured using the password chain. For details about the password chain configuration, refer to the password chain configuration chapter in the configuration manual.

authentication key-chain key-chain-name [ level-1 | level-2 ]