159
1. Enter system view.
system-view
N/A
2. Configure the source IP
address of BFD echo packets.
bfd echo-source-ip
ip-address
By default, the source IP
address of BFD echo packets is
not configured.
The source IP address cannot
be on the same network
segment as any local
interface's IP address.
For more information, see High
Availability Command
Reference.
3. Enter interface view.
interface
interface-type
interface-number
N/A
4. Enable BFD echo packet
mode for IS-IS PIC.
isis primary-path-detect bfd
By default, BFD echo packet
mode is disabled for IS-IS PIC.
Enhancing IS-IS network security
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS
authentication involves neighbor relationship authentication, area authentication, and routing
domain authentication.
Configuration prerequisites
Before the configuration, complete the following tasks:
• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
• Enable IS-IS.
Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the key in the specified mode
into hello packets to the peer and checks the key in the received hello packets. If the authentication
succeeds, it forms the neighbor relationship with the peer.
The authentication mode and key at both ends must be identical.
To prevent packet exchange failure in case of an authentication key change, configure the interface
not to check the authentication information in the received packets.
To configure neighbor relationship authentication:
1. Enter system view.
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
To Next Page
Loading...
