Configuring The Optional Checksum - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
----End
7.22.3 Configuring the Optional Checksum
The optional checksum encapsulates optional checksum Type-Length-Values (TLVs) into
Sequence Number Protocol Data Units (SNPs) and Hello packets to ensure packet correctness,
improving network security.
Context
The optional checksum encapsulates optional checksum TLVs into the Complete Sequence
Numbers Protocol Data Units (CSNPs), Partial Sequence Number Protocol Data Units (PSNPs),
and Hello packets sent by IS-IS devices. When the peer device receives the encapsulated packets,
it checks whether TLVs carried in the packets are correct. If TLVs are not correct, the peer device
discards the packets for network security.
Issue 02 (2014-09-30)
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface interface-type interface-number
The interface view is displayed.
3.
Run:
isis authentication-mode { simple { [ plain ] plain-text | cipher plain-
cipher-text } | md5 { [ cipher ] plain-cipher-text | plain plain-text } }
[ Level-1 areas | level-2 ] [ ip | osi ] [ send-only ]
Or
isis authentication-mode keychain keychain-name [ Level-1 areas |
level-2 ] [ send-only ]
or
isis authentication-mode hmac-sha256 key-id key-id { plain plain-text |
[ cipher ] plain-cipher-text } [ level-1 | level-2 ] [ send-only ]
The IS-IS authentication mode and password are configured on the interface.
When you select parameters, note the following rules:
– If send-only is specified correctly, the router only encapsulates the sent Hello
packets with authentication information rather than checks whether the received
Hello packets pass authentication. The neighbor relationships can be set up when
the authentication is not necessary or packets pass the authentication.
– If send-only is not configured, ensure that passwords of all interfaces with the
same level in the same network are consistent.
– Level-1 areas and level-2 can be set only on Ethernet interfaces.
– When IS-IS interfaces are Level-1-2 interfaces and Level-1 areas or level-2 is not
specified in the command, authentication modes and passwords are configured for
both Level-1 areas and Level-2 Hello packets.
NOTE
Characters @%@% are used as the prefix and suffix of existing passwords with variable
lengths. Therefore, characters @%@% cannot be configured together at the beginning or end
of a simple text password.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 IS-IS Configuration
641
Hide quick links:
Advertisement
