R0106-HP MSR Router Series Layer 3 - IP Routing Command Reference(V7)
247
hmac-sha-224: Specifies the HMAC-SHA-224 algorithm.
hmac-sha-256: Specifies the HMAC-SHA-256 algorithm.
hmac-sha-384: Specifies the HMAC-SHA-384 algorithm.
hmac-sha-512: Specifies the HMAC-SHA-512 algorithm.
cipher: Sets a ciphertext password.
cipher-string: Specifies a ciphertext password, a case-sensitive string of 33 to 53 characters.
plain: Sets a plaintext password.
plain-string: Specifies a plaintext password, a case-sensitive string of 1 to 16 characters.
level-1: Configures the password for Level-1.
level-2: Configures the password for Level-2.
ip: Checks IP-related fields in LSPs and SNPs.
osi: Checks OSI-related fields in LSPs and SNPs.
Usage guidelines
The password in the specified mode is inserted into all outbound hello packets and is used for
authenticating inbound hello packets. Only if the authentication succeeds can the neighbor relationship
be formed.
For two routers to become neighbors, the authentication mode and password at both ends must be
identical.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text.
If you configure a password without specifying a level, the password applies to both Level-1 and Level-2.
If neither ip nor osi is specified, the OSI-related fields in LSPs are checked.
The level-1 and level-2 keywords are configurable on an interface that has had IS-IS enabled with the isis
enable command.
Examples
# On GigabitEthernet 2/1/1, configure the authentication mode as simple, and set the plaintext
password to 123456.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] isis authentication-mode simple plain 123456
Related commands
• area-authentication-mode
• domain authentication-mode
• isis authentication send-only
isis bfd enable
Use isis bfd enable to enable BFD.
Use undo isis bfd enable to disable BFD.