Configure IS-IS Network Authentication
Configuration Condition
Before configuring the IS-IS network authentication, first complete the following tasks:
- Configure the IP address of the interface to enable the neighboring nodes to be reachable at the network layer.
- Enable the IS-IS protocol.
Configure IS-IS Neighboring Authentication
When the neighbor relationship authentication is enabled for the IS-IS, the authentication information will be added to the delivered Hello packet and the received Hello packet will be authenticated. If the authentication fails, the neighbor relationship will not be established. This can prevent the neighbor relationship being established with the unreliable devices.
Table 9-33 Configure the IS-IS neighboring authentication
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Enter the interface configuration mode
|
interface interface-name
|
-
|
|
Configure the Hello packet authentication mode
|
isis authentication mode { md5 | sm3 | text } [ level-1 | level-2 ]
|
Mandatory
By default, the authentication function is not enabled.
|
|
Configure the Hello packet authentication password
|
isis authentication key { 0 | 7 } password [ level-1 | level-2 ]
|
Either
By default, the authentication password is not configured. The authentication password can be configured using the password chain. For details about the password chain configuration, refer to the password chain configuration chapter in the configuration manual.
|
|
isis authentication key-chain key-chain-name [ level-1 | level-2 ]
|
Configure IS-IS Route Authentication
When the routing information authentication is enabled for the IS-IS, the authentication information will be added to the LSP and SNP packets and the received LSP and SNP packets will be authenticated. If the authentication fails, the packet will be dropped directly. This can prevent the unreliable routing information spreading to the IS-IS network.
Table 9-34 Configure the IS-IS route authentication
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Enter the IS-IS configuration mode
|
router isis [area-tag]
|
-
|
|
Configure the authentication mode of the routing information packet
|
authentication mode { md5 | sm3 | text } [ level-1 | level-2 ]
|
Mandatory
By default, the authentication function is not enabled.
|
|
Configure the authentication password of the routing information packet
|
authentication key { 0 | 7 } password [ level-1 | level-2 ]
|
Either
By default, the authentication password is not configured. The authentication password can be configured using the password chain. For details about the password chain configuration, refer to the password chain configuration chapter in the configuration manual.
|
|
authentication key-chain key-chain-name [ level-1 | level-2 ]
|
Switch
.png){kind=icon}
.png){kind=logo}
