Configuring Routing Domain Authentication; Configuring Is-Is Gr - HP FlexFabric 12900E Series Configuration Manual
Hide thumbs
Also See for FlexFabric 12900E Series:
- Installation manual (152 pages) ,
- Command reference manual (213 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Enter IS-IS view.
3.
Specify
authentication mode and
key.
4.
(Optional.) Configure the
interface not to check the
authentication
information
received
packets, including LSPs,
CSNPs, and PSNPs.
Configuring routing domain authentication
Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the key in the specified mode into
Level-2 packets (LSP, CSNP, and PSNP) and check the key in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and key.
To prevent packet exchange failure in case of an authentication key change, configure IS-IS not to
check the authentication information in the received packets.
To configure routing domain authentication:
Step
1.
Enter system view.
2.
Enter IS-IS view.
3.
Specify the routing domain
authentication
key.
4.
(Optional.)
interface not to check the
authentication information in
the
packets,
CSNPs, and PSNPs.
Configuring IS-IS GR
GR ensures forwarding continuity when a routing protocol restarts or an active/standby switchover
occurs.
Two routers are required to complete a GR process. The following are router roles in a GR process.
Command
system-view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
area-authentication-mode { { gca
key-id { hmac-sha-1 | hmac-sha-224
the
area
| hmac-sha-256 | hmac-sha-384 |
hmac-sha-512 } [ nonstandard ] |
md5 | simple } { cipher | plain } string
| keychain keychain-name } [ ip | osi ]
in
the
area-authentication send-only
Level-1
Command
system-view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
domain-authentication-mode
{ { gca key-id { hmac-sha-1 |
hmac-sha-224 | hmac-sha-256 |
mode
and
hmac-sha-384 | hmac-sha-512 }
[ nonstandard ] | md5 | simple }
{ cipher | plain } string | keychain
keychain-name } [ ip | osi ]
Configure
the
domain-authentication
received
Level-2
send-only
including
LSPs,
159
Remarks
N/A
N/A
By default, no area authentication
is configured.
When the authentication mode
and key are configured, the
interface
checks
authentication information in the
received packets by default.
Remarks
N/A
N/A
By default, no routing domain
authentication is configured.
When the authentication mode
and key are configured, the
interface
checks
authentication information in the
received packets by default.
the
the
Advertisement
Table of Contents
Troubleshooting
