beautypg.com

Configuration prerequisites, Configuring neighbor relationship authentication, Configuring area authentication – H3C Technologies H3C S12500-X Series Switches User Manual

Page 161: Configuring routing domain authentication

background image

147

283B

Configuration prerequisites

Before the configuration, complete the following tasks:

Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

Enable IS-IS.

284B

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type interface-number N/A

3.

Specify the authentication
mode and password.

isis authentication-mode { md5 | simple }
{ cipher cipher-string | plain plain-string }

[ level-1 | level-2 ] [ ip | osi ]

By default, no authentication
is configured.

285B

Configuring area authentication

Area authentication prevents the router from installing routing information from untrusted routers into the

Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1
packets (LSP, CSNP, and PSNP) and checks the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
To configure area authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

3.

Specify the area

authentication mode and
password.

area-authentication-mode { md5 |
simple } { cipher cipher-string | plain

plain-string } [ ip | osi ]

By default, no area authentication
is configured.

286B

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing

domain. A router with the authentication configured encapsulates the password in the specified mode
into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: