R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

160

Configuring area authentication

Area authentication prevents the router from installing routing information from untrusted routers into the

Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1

packets (LSP, CSNP, and PSNP). It also checks the password in received Level-1 packets.

Routers in a common area must have the same authentication mode and password.

To prevent packet exchange failure in case of an authentication password change, configure IS-IS not to

check the authentication information in the received packets.

To configure area authentication:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter IS-IS view.

isis [ process-id ] [ vpn-instance

vpn-instance-name ]

N/A

3. Specify the area

authentication mode and

password.

area-authentication-mode { md5 |

simple | gca key-id { hmac-sha-1 |

hmac-sha-224 | hmac-sha-256 |

hmac-sha-384 | hmac-sha-512 } }

{ cipher cipher-string | plain

plain-string } [ ip | osi ]

By default, no area authentication

is configured.

4. (Optional.) Configure the

interface not to check the

authentication information

in the received Level-1

packets, including LSPs,

CSNPs, and PSNPs.

area-authentication send-only

When the authentication mode

and password are configured, the

interface checks the authentication

information in the received packets

by default.

Configuring routing domain authentication

Routing domain authentication prevents untrusted routing information from entering into a routing

domain. A router with the authentication configured encapsulates the password in the specified mode

into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.

All the routers in the backbone must have the same authentication mode and password.