Authentication; Simple Authentication - Juniper IGP - CONFIGURATION GUIDE V11.1.X Configuration Manual

Software for e series broadband services routers ip, ipv6, and igp configuration guide
Table of Contents

Advertisement

requires all the tables to be updated. Consequently, the static tables are likely to
become rapidly outdated.
The router supports dynamic resolution of hostnames to system identifiers. You can
use the clns host command to map the hostname to the NSAP address, and therefore
to the system ID. This mapping is inserted in the dynamic hostname type-length-value
tuple (TLV type 137), and subsequently advertised when LSPs are transmitted. The
value field contains the hostname, preferably the fully qualified domain name (FQDN)
of the host, or a subset of the FQDN. You can display the TLV by issuing the show
isis database detail command.

Authentication

The router supports two authentication methods for IS-IS: simple authentication and
hash function–based message authentication code (HMAC) MD5 authentication.
These authentication methods prevent unauthorized routers from injecting false
routing information into your network or forming adjacencies with your router.
By default, IS-IS authentication is disabled on the router until you enable it with the
commands described in the following sections.

Simple Authentication

Simple authentication uses a text password (authentication key) that can be entered
in encrypted or unencrypted form. The receiving router uses this authentication key
to verify the packet.
You can configure the password for simple authentication by using the following
commands:
These commands enable simple authentication of LSPs and (for the isis
authentication-key command) hello packets only; they do not enable authentication
of CSNP and PSNP packets. To enable authentication of CSNPs or PSNPs, you must
issue either the area-authentication command or the domain-authentication
command. For information, see "Enabling and Disabling Authentication of CSNPs
and PSNPs" on page 332.
The area-authentication-key command assigns a password used by neighboring
routers to authenticate IS-IS level 1 link-state PDUs (LSPs), complete sequence
number PDUs (CSNPs), and partial sequence number PDUs (PSNPs). This
command also enables simple authentication of level 1 LSPs.
The domain-authentication-key command assigns a password used by neighboring
routers to authenticate IS-IS level 2 LSPs, CSNPs, and PSNPs. This command also
enables simple authentication of level 2 LSPs.
The isis authentication-key command assigns a password associated with a
specific interface for authentication of IS-IS level 1 or level 2 hello packets. This
command also enables simple authentication of level 1 or level 2 hello packets.
Chapter 6: Configuring IS-IS
329
Overview

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IGP - CONFIGURATION GUIDE V11.1.X and is the answer not in the manual?

Questions and answers

Table of Contents