No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Unicast Routing

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R009

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IS-IS Authentication

IS-IS Authentication

To ensure network security, IS-IS authentication encrypts IS-IS packets by adding the authentication field to packets. When a local router receives IS-IS packets from a remote router, the local router discards the packets if the authentication passwords do not match. This protects the local router.

Authentication Types

Based on the types of packets, the authentication is classified as follows:

  • Interface authentication: authenticates Level-1 and Level-2 Hello packets sent and received on IS-IS interfaces using the specified authentication mode and password.

    NOTE:

    You can configure a router to perform interface authentication in the following ways:

    • A router sends authentication packets carrying the authentication TLV and verifies the authentication information about the received packets.

    • A router sends authentication packets carrying the authentication TLV but does not verify the authentication information about the received packets.

  • Area authentication: authenticates Level-1 LSPs and Level-1 SNPs transmitted in an IS-IS area using the specified authentication mode and password.

  • Routing domain authentication: authenticates Level-2 LSPs and Level-2 SNPs transmitted in an IS-IS routing domain using the specified authentication mode and password.

    NOTE:

    In area authentication and routing domain authentication, you can configure a router to authenticate LSPs and SNPs separately in the following ways:

    • A router sends LSPs and SNPs carrying the authentication TLV and verifies the authentication information about the received LSPs and SNPs.

    • A router sends LSPs carrying the authentication TLV and verifies the authentication information about the received LSPs. The router sends SNPs carrying the authentication TLV but does not verify the authentication information about the received SNPs.

    • A router sends LSPs carrying the authentication TLV and verifies the authentication information about the received LSPs. The router sends SNPs without the authentication TLV and does not verify the authentication information about the received SNPs.

    • A router sends LSPs and SNPs carrying the authentication TLV but does not verify the authentication information about the received LSPs and SNPs.

Based on the authentication modes of packets, authentication is classified into the following types:

  • Plain text authentication: is a simple authentication mode in which passwords are directly added to packets. This authentication is insecure.

  • MD5 authentication: uses the MD5 algorithm to encrypt passwords before they are added to packets, which improves password security.

  • Keychain authentication: further improves network security with configurable key chain that changes with time.

Mode in Which Authentication Information Is Carried

IS-IS provides a TLV to carry authentication information, with the type of the TLV specified as 10.

  • Type: is defined by the ISO as 10, with a length of 1 byte.

  • Length: indicates the length of the authentication TLV, which is 1 byte.

  • Value: indicates the authentication contents of 1 to 254 bytes, including the authentication type and password.

    The authentication type is 1 byte:

    • Type 0 is reserved.

    • Type 1 indicates plain text authentication.

    • Type 54 indicates MD5 authentication.

    • Type 255 indicates routing domain private authentication methods.

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1000174069

Views: 111982

Downloads: 250

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next