160
3. Specify the authentication
mode and key.
isis
authentication-mode
{ {
gca
key-id
{
hmac-sha-1
|
hmac-sha-224
|
hmac-sha-256
|
hmac-sha-384
|
hmac-sha-512
} [
nonstandard
] |
md5
|
simple
} {
cipher
|
plain
} string |
keychain
keychain-name } [
level-1
|
level-2
] [
ip
|
osi
]
By default, no
authentication is
configured.
4. (Optional.) Configure the
interface not to check the
authentication information in
the received hello packets.
isis authentication send-only
[
level-1
|
level-2
]
When the authentication
mode and key are
configured, the interface
checks the authentication
information in the received
packets by default.
Configuring area authentication
Area authentication prevents the router from installing routing information from untrusted routers into
the Level-1 LSDB. The router encapsulates the authentication key in the specified mode in Level-1
packets (LSP, CSNP, and PSNP). It also checks the key in received Level-1 packets.
Routers in a common area must have the same authentication mode and key.
To prevent packet exchange failure in case of an authentication key change, configure IS-IS not to
check the authentication information in the received packets.
To configure area authentication:
1. Enter system view.
N/A
2. Enter IS-IS view.
isis
[ process-id ] [
vpn-instance
vpn-instance-name ]
N/A
3. Specify the area
authentication mode and
key.
area-authentication-mode
{ {
gca
key-id {
hmac-sha-1
|
hmac-sha-224
|
hmac-sha-256
|
hmac-sha-384
|
hmac-sha-512
} [
nonstandard
] |
md5
|
simple
} {
cipher
|
plain
} string
|
keychain
keychain-name } [
ip
|
osi
]
By default, no area authentication
is configured.
4. (Optional.) Configure the
interface not to check the
authentication
information in the
received Level-1
packets, including LSPs,
CSNPs, and PSNPs.
area-authentication send-only
When the authentication mode
and key are configured, the
interface checks the
authentication information in the
received packets by default.
Configuring routing domain authentication
Routing domain authentication prevents untrusted routing information from entering into a routing
domain. A router with the authentication configured encapsulates the key in the specified mode into
Level-2 packets (LSP, CSNP, and PSNP) and check the key in received Level-2 packets.
All the routers in the backbone must have the same authentication mode and key.
To prevent packet exchange failure in case of an authentication key change, configure IS-IS not to
check the authentication information in the received packets.