IS-IS 中間系統到中間系統的認證

ISIS認證

1.接口認證 ---L1和L2的IIH hello報文進行認證

2.區域認證 ---針對L1的SNP和LSP進行認證

3.路由域認證 ---針對L2的SNP和LSP進行認證


方式三種：
1.null
2.明文
3.MD5

配置：
接口認證：
接口下明文認證  --hello報文認證，如果認證不一致，導致不能建立鄰接關係

interface GigabitEthernet0/0/1
 isis authentication-mode simple cipher  huawei ip

[AR4]dis isis error
Hello packet errors:
Mismatched Max Area Addr: 0           Bad Authentication      : 6

接口密文認證：
interface GigabitEthernet0/0/1
 isis authentication-mode md5 cipher qytang ip



2、區域認證 --針對L1的SNP和LSP進行認證
如果認證不通過，鄰居關係正常，但是沒有路由
ISIS
  authentication-mode simple cipher huawei ip


[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1    
Area-Authentication-mode: SIMPLE
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup



區域密文認證：
isis 1
 area-authentication-mode md5 cipher huawei ip

[AR4]dis isis br
[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1    
Area-Authentication-mode: MD5
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup


[AR4]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:         
Bad Authentication      : 4           Bad Auth Count          : 0   




3、路由域的認證 ---針對L2的SNP和LSP進行認證

如果認證不通過，鄰居關係正常，但是沒有路由

路由域的明文認證：
isis 1
 is-level level-2
 network-entity 49.0001.0000.0000.0001.00
 domain-authentication-mode simple cipher huawei ip

[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2    
Area-Authentication-mode: NULL
Domain-Authentication-mode: SIMPLE

路由域的密文認證：

isis 1
 domain-authentication-mode md5 cipher huawei ip


[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2    
Area-Authentication-mode: NULL
Domain-Authentication-mode: MD5


[AR1]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:
       
Bad Authentication      : 42          Bad Auth Count          : 0           
More Protocol TLV       : 0           Bad Nbr TLV             : 0