F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
445
Ste
p
Command
Remarks
435. Enter system view. system-view N/A
436. Enter IS-IS view.
isis [ process-id ] [ vpn-instance
vpn-instance-name ]
N/A
437. Enable the logging of
neighbor state changes.
log-peer-change
By default, the logging of
neighbor state is enabled.
177B
Enhancing IS-IS network security
To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication
involves neighbor relationship authentication, area authentication, and routing domain authentication.
695BConfiguration prerequisites
Before the configuration, complete the following tasks:
• Configure network layer addresses for interfaces to ensure IP connectivity between neighboring
nodes.
• Enable IS-IS.
696BConfiguring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the password in the specified
mode into hello packets to the peer and checks the password in the received hello packets. If the
authentication succeeds, it forms the neighbor relationship with the peer.
Follow these guidelines when you configure neighbor relationship authentication:
• The authentication mode and password at both ends must be identical.
• The level-1 and level-2 keywords are configurable on an interface that has IS-IS enabled with the
isis enable command.
• If you configure an authentication mode and a password without specifying a level, the
authentication mode and password apply to both Level-1 and Level-2.
• If neither ip nor osi is specified, the OSI related fields in LSPs are checked.
To configure neighbor relationship authentication:
Ste
p
Command
Remarks
438. Enter system view.
system-view N/A
439. Enter interface view.
interface interface-type interface-number N/A
440. Specify the
authentication mode
and password.
isis authentication-mode { md5 | simple }
[ cipher ] password [ level-1 | level-2 ] [ ip |
osi ]
By default, no authentication
is configured.