To do...
Set the overload bit
Configuring IS-IS Authentication
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS
authentication involves neighbor relationship authentication, area authentication and routing domain
authentication.
Configuration Prerequisites
Complete the following tasks before this configuration:
Configure network layer addresses for interfaces to make neighboring nodes accessible to each
other at the network layer.
Enable IS-IS.
Configuring Neighbor Relationship Authentication
With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the
authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
Follow these steps to configure neighbor relationship authentication:
To do...
Enter system view
Enter interface view
Specify the authentication
mode and password
Configuring Area Authentication
Area authentication enables a router not to install routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode into Level-1
packets (LSP, CSNP, PSNP) and check the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
Follow these steps to configure area authentication:
To do...
Enter system view
Use the command...
set-overload [ on-startup [ [ start-from-nbr
system-id [ timeout1 [ nbr-timeout ] ] ] | timeout2 ]
[ allow { external | interlevel } * ]
Use the command...
system-view
interface interface-type
interface-number
isis authentication-mode { md5 |
simple } password [ level-1 | level-2 ]
[ ip | osi ]
Use the command...
system-view
1-31
Remarks
Required
Not set by
default
Remarks
––
––
Required
Not authentication is
configured by default.
Remarks
––