Configuring neighbor relationship authentication, Configuring area authentication, Configuring routing domain authentication – H3C Technologies H3C S7500E Series Switches User Manual
Page 179
5-34
z
Configure network layer addresses for interfaces to make neighboring nodes accessible to each
other at the network layer.
z
Enable IS-IS.
Configuring Neighbor Relationship Authentication
With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the
authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
Follow these steps to configure neighbor relationship authentication:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Enter interface view
interface interface-type
interface-number
––
Specify the authentication mode
and password
isis authentication-mode { md5 |
simple } password [ level-1 | level-2 ] [ ip
| osi ]
Required
Not authentication is
configured by default.
Configuring Area Authentication
Area authentication enables a router not to install routing information from untrusted routers into the
Level-1 LSDB. The router encapsulates the authentication password in the specified mode into Level-1
packets (LSP, CSNP, PSNP) and check the password in received Level-1 packets.
Routers in a common area must have the same authentication mode and password.
Follow these steps to configure area authentication:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Enter IS-IS view
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
––
Specify the area authentication
mode and password
area-authentication-mode { md5 |
simple } password [ ip | osi ]
Required
No area authentication is
configured by default.
Configuring Routing Domain Authentication
Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the password in the specified mode
into Level-2 packets (LSP, CSNP, PSNP) and check the password in received Level-2 packets.