R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

159

Ste

Command

Remarks

2. Configure the source IP address

of BFD echo packets.

bfd echo-source-ip ip-address

By default, the source IP address

of BFD echo packets is not

configured.

3. Enter interface view.

interface interface-type

interface-number

N/A

4. Enable BFD for IS-IS PIC.

isis primary-path-detect bfd echo

By default, BFD for IS-IS PIC is

disabled.

Enhancing IS-IS network security

To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication

involves neighbor relationship authentication, area authentication, and routing domain authentication.

Configuration prerequisites

Before the configuration, complete the following tasks:

• Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.

• Enable IS-IS.

Configuring neighbor relationship authentication

With neighbor relationship authentication configured, an interface adds the password in the specified

mode into hello packets to the peer and checks the password in the received hello packets. If the

authentication succeeds, it forms the neighbor relationship with the peer.

The authentication mode and password at both ends must be identical.

To prevent packet exchange failure in case of an authentication password change, configure the

interface not to check the authentication information in the received packets.

To configure neighbor relationship authentication:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Specify the authentication

mode and password.

isis authentication-mode { md5 | simple |

gca key-id { hmac-sha-1 | hmac-sha-224

| hmac-sha-256 | hmac-sha-384 |

hmac-sha-512 } } { cipher cipher-string |

plain plain-string } [ level-1 | level-2 ] [ ip

| osi ]

By default, no authentication

is configured.

4. (Optional.) Configure the

interface not to check the

authentication information in

the received hello packets.

isis authentication send-only [ level-1 |

level-2 ]

When the authentication

mode and password are

configured, the interface

checks the authentication

information in the received

packets by default.