Configuration Prerequisites; Configuring Neighbor Relationship Authentication; Configuring Area Authentication - HPE FlexNetwork HSR6800 Configuration Manual
Layer 3-ip routing configuration guide
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (503 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Configuration prerequisites
Before the configuration, complete the following tasks:
•
Configure network layer addresses for interfaces to make neighboring nodes accessible to
each other at the network layer.
•
Enable IS-IS.
Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the
authentication succeeds, it forms the neighbor relationship with the peer.
Follow these guidelines when you configure neighbor relationship authentication:
•
The authentication mode and password at both ends must be identical.
•
The level-1 and level-2 keywords are configurable on an interface that has IS-IS enabled with
the isis enable command.
•
If you configure an authentication mode and a password without specifying a level, the
authentication mode and password apply to both Level-1 and Level-2.
•
If neither ip nor osi is specified, the OSI related fields in LSPs are checked.
To configure neighbor relationship authentication:
Step
Enter system view.
1.
Enter interface view.
2.
Specify the authentication
3.
mode and password.
Configuring area authentication
Area authentication enables a router not to install routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode into
Level-1 packets (LSP, CSNP, and PSNP) and check the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:
Step
Enter system view.
1.
Enter IS-IS view.
2.
Specify the area
3.
authentication mode and
password.
Command
system-view
interface interface-type
interface-number
isis authentication-mode { md5 |
simple } [ cipher ] password [ level-1 |
level-2 ] [ ip | osi ]
Command
system-view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
area-authentication-mode { md5 |
simple } [ cipher ] password [ ip |
osi ]
148
Remarks
N/A
N/A
By default, no
authentication is
configured.
Remarks
N/A
N/A
By default, no area authentication
is configured.
Advertisement
Table of Contents
Troubleshooting
