Follow these steps to configure neighbor relationship authentication:
To do...
Enter system view
Enter interface view
Specify the authentication
mode and password
The level-1 and level-2 keywords in the isis authentication-mode command are only supported on
VLAN interfaces of switches, and the interfaces must be configured with the isis enable command first.
Configuring Area Authentication
Area authentication enables a router not to install routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode into Level-1
packets (LSP, CSNP, PSNP) and check the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
Follow these steps to configure area authentication:
To do...
Enter system view
Enter IS-IS view
Specify the area
authentication mode and
password
Configuring Routing Domain Authentication
Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the password in the specified mode
into Level-2 packets (LSP, CSNP, PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
Follow these steps to configure routing domain authentication:
To do...
Enter system view
Enter IS-IS view
Use the command...
system-view
interface interface-type
interface-number
isis authentication-mode { simple |
md5 } password [ level-1 | level-2 ]
[ ip | osi ]
Use the command...
system-view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
area-authentication-mode
{ simple | md5 } password [ ip |
osi ]
Use the command...
system-view
isis [ process-id ]
[ vpn-instance
vpn-instance-name ]
1-30
Remarks
––
––
Required
Not authentication is
configured by default.
Remarks
––
––
Required
No area authentication is
configured by default.
Remarks
––
––