Configuring Routing Domain Authentication; Configuring Is-Is Gr - HP VSR1000 Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (364 pages) ,
- Security configuration manual (361 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Step
3.
Specify the area
authentication mode and
password.
4.
(Optional.) Configure
IS-IS not to check the
authentication information
in the received Level- 1
packets, including LSPs,
CSNPs, and PSNPs.
Configuring routing domain authentication
Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the password in the specified mode
into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
To prevent packet exchange failure in case of an authentication password change, configure IS-IS not to
check the authentication information in the received packets.
To configure routing domain authentication:
Step
1.
Enter system view.
2.
Enter IS-IS view.
3.
Specify the routing domain
authentication mode and
password.
4.
(Optional.) Configure IS-IS not
to check the authentication
information in the received
Level-2 packets, including
LSPs, CSNPs, and PSNPs.
Configuring IS-IS GR
GR ensures forwarding continuity when a routing protocol restarts.
Two routers are required to complete a GR process. The following are router roles in a GR process.
GR restarter—Graceful restarting router. It must have GR capability.
•
Command
area-authentication-mode { md5 |
simple | gca key-id { hmac-sha-1 |
hmac-sha-224 | hmac-sha-256 |
hmac-sha-384 | hmac-sha-512 } }
{ cipher cipher-string | plain
plain-string } [ ip | osi ]
area-authentication send-only
Command
system-view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
domain-authentication-mode
{ md5 | simple | gca key-id
{ hmac-sha-1 | hmac-sha-224 |
hmac-sha-256 | hmac-sha-384 |
hmac-sha-512 } } { cipher
cipher-string | plain plain-string }
[ ip | osi ]
domain-authentication send-only
152
Remarks
By default, no area authentication
is configured.
When the authentication mode
and password are configured, IS-IS
checks the authentication
information in the received packets
by default.
Remarks
N/A
N/A
By default, no routing domain
authentication is configured.
When the authentication mode
and password are configured, IS-IS
checks the authentication
information in the received packets
by default.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
