IS-IS 中間系統到中間系統的認證
ISIS認證
1.接口認證 ---L1和L2的IIH hello報文進行認證
2.區域認證 ---針對L1的SNP和LSP進行認證
3.路由域認證 ---針對L2的SNP和LSP進行認證
方式三種:
1.null
2.明文
3.MD5
配置:
接口認證:
接口下明文認證 --hello報文認證,如果認證不一致,導致不能建立鄰接關係
interface GigabitEthernet0/0/1
isis authentication-mode simple cipher huawei ip
[AR4]dis isis error
Hello packet errors:
Mismatched Max Area Addr: 0 Bad Authentication : 6
接口密文認證:
interface GigabitEthernet0/0/1
isis authentication-mode md5 cipher qytang ip
2、區域認證 --針對L1的SNP和LSP進行認證
如果認證不通過,鄰居關係正常,但是沒有路由
ISIS
authentication-mode simple cipher huawei ip
[AR4]dis isis brief
ISIS Protocol Information for ISIS(1)
-------------------------------------
SystemId: 0000.0000.0004 System Level: L1
Area-Authentication-mode: SIMPLE
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup
區域密文認證:
isis 1
area-authentication-mode md5 cipher huawei ip
[AR4]dis isis br
[AR4]dis isis brief
ISIS Protocol Information for ISIS(1)
-------------------------------------
SystemId: 0000.0000.0004 System Level: L1
Area-Authentication-mode: MD5
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup
[AR4]dis isis error
Statistics of error packets for ISIS(1)
---------------------------------------
LSP packet errors:
Bad Authentication : 4 Bad Auth Count : 0
3、路由域的認證 ---針對L2的SNP和LSP進行認證
如果認證不通過,鄰居關係正常,但是沒有路由
路由域的明文認證:
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0001.00
domain-authentication-mode simple cipher huawei ip
[AR1]dis isis brief
ISIS Protocol Information for ISIS(1)
-------------------------------------
SystemId: 0000.0000.0001 System Level: L2
Area-Authentication-mode: NULL
Domain-Authentication-mode: SIMPLE
路由域的密文認證:
isis 1
domain-authentication-mode md5 cipher huawei ip
[AR1]dis isis brief
ISIS Protocol Information for ISIS(1)
-------------------------------------
SystemId: 0000.0000.0001 System Level: L2
Area-Authentication-mode: NULL
Domain-Authentication-mode: MD5
[AR1]dis isis error
Statistics of error packets for ISIS(1)
---------------------------------------
LSP packet errors:
Bad Authentication : 42 Bad Auth Count : 0
More Protocol TLV : 0 Bad Nbr TLV : 0
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.