Improving Security Of An Is-Is Network - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
Example
Run the display isis graceful-restart status command, and you can find that IS-IS process 1
on the local router is enabled with GR and the default values of all GR parameters are used.
<HUAWEI> display isis graceful-restart status
IS-IS(1) Level-1 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 1
Restart Status: RESTART COMPLETE
IS-IS(1) Level-2 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 1
Restart Status: RESTART COMPLETE
7.22 Improving Security of an IS-IS Network
On a network that requires high security, you can configure IS-IS authentication or optional
checksum to improve the security of the IS-IS network.
7.22.1 Before You Start
Before configuring authentication or optional checksum on an Intermediate System to
Intermediate System (IS-IS) network, familiarize yourself with the usage scenario, complete the
pre-configuration tasks, and obtain the required data. This can help you complete the
configuration task quickly and accurately.
Applicable Environment
In a network that has a high requirement for security, you can configure IS-IS authentication or
optional checksum to improve security of the IS-IS network.
l
l
Pre-configuration Tasks
Before configuring IS-IS authentication, complete the following tasks:
Issue 02 (2014-09-30)
Restart information for ISIS(1)
-------------------------------
IS-IS authentication encapsulates authentication information into Hello packets, Link State
Protocol Data Units (LSPs), and Sequence Number Protocol Data Units (SNPs). After an
IS-IS device receives the packets, it checks whether the encapsulated authentication
information is correct. The IS-IS device only accepts the packets with correct authentication
information. The authentication mechanism enhances IS-IS network security. IS-IS
authentication consists of area authentication, routing domain authentication, and interface
authentication.
IS-IS authentication ensures that the data is correctly transmitted at the network layer.
IS-IS optional checksum encapsulates checksum Type-Length-Values (TLVs) into SNPs
and Hello packets. After an IS-IS device receives the packets, it checks whether the
checksum TLVs are correct. The IS-IS device only accepts the packets with correct
checksum TLVs. The authentication mechanism enhances IS-IS network security.
IS-IS optional checksum ensures that the data is correctly transmitted at the link layer.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 IS-IS Configuration
637
Hide quick links:
Advertisement
