Enabling the logging of neighbor state changes, Enhancing is-is network security, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

517

Step Command

Remarks

6.

Configure a DIS name. isis dis-name symbolic-name

Optional.
Not configured by default.
This command takes effect only on a router with

dynamic system ID to host name mapping
configured.
This command is not supported on P2P
interfaces.

Enabling the logging of neighbor state changes

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter IS-IS view.

isis [ process-id ] [ vpn-instance
vpn-instance-name ]

N/A

3.

Enable the logging of
neighbor state changes.

log-peer-change

Enabled by default.

NOTE:

With this feature enabled, the router delivers information about neighbor state changes to the terminal for
display.

Enhancing IS-IS network security

To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication

involves neighbor relationship authentication, area authentication and routing domain authentication.

Configuration prerequisites

Before this configuration, complete the following tasks:

•

Configure network layer addresses for interfaces, and to make sure that all neighboring nodes can
reach each other at the network layer.

•

Enable IS-IS.

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified

mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and password at both ends must be identical.
To configure neighbor relationship authentication: