beautypg.com

Configuring isis-spb authentication, Configuring isis-spb adjacency authentication, Configuring isis-spb area authentication – H3C Technologies H3C S12500 Series Switches User Manual

Page 39

background image

31

Configuring ISIS-SPB authentication

ISIS-SPB authentication helps improve security in an SPBM network. It includes adjacency authentication

and area authentication.

Configuring ISIS-SPB adjacency authentication

ISIS-SPB adjacency authentication guarantees that SPBM nodes establish adjacencies only with
trustworthy neighbors.
SPBM nodes send adjacency authentication information (including the authentication method and

password) in ISIS-SPB hello packets. The recipient establishes or maintains an adjacency with the sender

only if the received authentication settings match its local authentication settings.
For two devices to establish an adjacency, you must configure the same authentication method and

password on them.
To prevent loss of adjacencies, use the following procedure when you modify adjacency authentication

settings:

1.

Disable adjacency authentication for incoming ISIS-SPB hello packets on the neighbor devices.

2.

Modify the authentication settings on the local end.

3.

Modify the authentication settings on the remote end.

4.

Enable adjacency authentication for incoming ISIS-SPB hello packets on the neighbor devices.

To configure ISIS-SPB adjacency authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet

interface view or Layer 2
aggregate interface view.

interface interface-type
interface-number

N/A

3.

Set an adjacency
authentication method and

password.

spbm authentication-mode { md5 |
simple } { cipher cipher-string | plain
plain-string }

By default, adjacency
authentication is disabled. No

authentication method or

password is configured.

4.

(Optional.) Disable

adjacency authentication for
incoming IS-IS hello packets.

spbm authentication send-only

By default, the device
authenticates incoming IS-IS hello
packets if adjacency

authentication is enabled.

Configuring ISIS-SPB area authentication

ISIS-SPB area authentication guarantees that SPBM nodes learn topology data only from trustworthy

neighbors.
ISIS-SPB sends area authentication information (including the authentication method and password) in

topology advertisement packets (LSP, CSNP, and PSNP). The recipients accept a topology advertisement

packet only if the authentication settings in the packet match their local authentication settings.
For correct authentication, make sure the authentication method and password is the same across the
SPBM network.
To prevent temporary drops of topology advertisement packets, use the following procedure when you

modify authentication settings:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: