beautypg.com

Configuring area authentication, Configuring routing domain authentication – H3C Technologies H3C S10500 Series Switches User Manual

Page 178

background image

163

To do…

Use the command…

Remarks

Enter system view

system-view

Enter interface view

interface interface-type interface-number

Specify the authentication mode
and password

isis authentication-mode { md5 | simple }
password [ level-1 | level-2 ] [ ip | osi ]

Required
Not authentication is
configured by default.

NOTE:

The level-1 and level-2 keywords are configurable on an interface that has IS-IS enabled.

If you configure an authentication mode and a password without specifying a level, the authentication
mode and password apply to both Level-1 and Level-2.

If neither ip nor osi is specified, the OSI related fields in LSPs are checked.

Configuring area authentication

Area authentication enables a router not to install routing information from untrusted routers into the

Level-1 LSDB. The router encapsulates the authentication password in the specified mode into Level-1

packets (LSP, CSNP, and PSNP) and checks the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
Follow these steps to configure area authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter IS-IS view

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

Specify the area authentication
mode and password

area-authentication-mode { md5 |
simple } password [ ip | osi ]

Required
No area authentication is
configured by default.

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing

domain. A router with the authentication configured encapsulates the password in the specified mode

into Level-2 packets (LSP, CSNP, PSNP) and check the password in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and password.
Follow these steps to configure routing domain authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter IS-IS view

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

Specify the routing domain
authentication mode and

password

domain-authentication-mode
{ md5 | simple } password [ ip |

osi ]

Required
No routing domain authentication
is configured by default.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: