No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Keychain Authentication for Non-TCP Application

Example for Configuring Keychain Authentication for Non-TCP Application

Networking Requirements

As shown in Figure 6-3, it is required to enable IS-IS and keychain authentication on all interfaces of Device A and Device B. The routers interconnect with each other using IS-IS.

Figure 6-3 Keychain
NOTE:

Interfaces 1 in this example is GE 0/1/0.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure IS-IS basic functions.

  2. Configure keychain basic functions.

  3. Configure the application IS-IS on both the routers to use keychain.

Data Preparation

To complete the configuration, you need the following data:

  • keychain name

  • key-id

  • algorithm and key-string

  • send and receive time

  • receive tolerance

Procedure

  1. Configure Device A.

    # Configure IS-IS basic functions. The configuration details are not mentioned here.

    # Configuring Keychain.

    [~DeviceA] keychain huawei mode absolute
    [*DeviceA-keychain-huawei] receive-tolerance 100
    [*DeviceA-keychain-huawei] key-id 1
    [*DeviceA-keychain-huawei-keyid-1] algorithm md5
    [*DeviceA-keychain-huawei-keyid-1] key-string abcDEF-13579
    [*DeviceA-keychain-huawei-keyid-1] send-time 14:30 2008-10-10 to 14:50 2008-10-10
    [*DeviceA-keychain-huawei-keyid-1] receive-time 14:40 2008-10-10 to 14:50 2008-10-10
    [*DeviceA-keychain-huawei-keyid-1] default send-key-id
    [*DeviceA-keychain-huawei-keyid-1] commit
    [~DeviceA-keychain-huawei-keyid-1] quit
    [~DeviceA-keychain-huawei] quit

    # Configuring Keychain Authentication for IS-IS.

    [~DeviceA] interface gigabitethernet 0/1/0
    [*DeviceA-GigabitEthernet0/1/0] ip address 192.168.1.1 24
    [*DeviceA-GigabitEthernet0/1/0] isis authentication-mode keychain huawei
    [*DeviceA-GigabitEthernet0/1/0] commit
    [*~DeviceA-GigabitEthernet0/1/0] quit

  2. # Configure Device B

    # Configure IS-IS basic functions. The configuration details are not mentioned here.

    # Configuring Keychain.

    [~DeviceB] keychain huawei mode absolute
    [*DeviceB-keychain-huawei] receive-tolerance 100
    [*DeviceB-keychain-huawei] key-id 1
    [*DeviceB-keychain-huawei-keyid-1] algorithm md5
    [*DeviceB-keychain-huawei-keyid-1] key-string abcDEF-13579
    [*DeviceB-keychain-huawei-keyid-1] send-time 14:40 2008-10-10 to 14:50 2008-10-10
    [*DeviceB-keychain-huawei-keyid-1] receive-time 14:30 2008-10-10 to 14:50 2008-10-10
    [*DeviceB-keychain-huawei-keyid-1] default send-key-id
    [*DeviceB-keychain-huawei-keyid-1] commit
    [~DeviceB-keychain-huawei-keyid-1] quit
    [~DeviceB-keychain-huawei] quit

    # Configuring Keychain Authentication for IS-IS.

    [~DeviceB] interface gigabitethernet 0/1/0
    [~DeviceB-GigabitEthernet0/1/0] ip address 192.168.1.2 24
    [*DeviceB-GigabitEthernet0/1/0] isis authentication-mode keychain huawei
    [*DeviceB-GigabitEthernet0/1/0] commit
    [~DeviceB-GigabitEthernet0/1/0] quit

Configuration File

  • Device A configuration file

    #
     sysname Device A
    #
    keychain huawei mode absolute
    receive-tolerance 100
     key-id 1
      algorithm md5
      key-string cipher @%@%b{br9\zi%X+/Y@:Y>Lw(L\v#@%@%
      send-time 14:30 2008-10-10 to 14:50 2008-10-10
      receive-time 14:40 2008-10-10 to 14:50 2008-10-10
      default send-key-id
    #
    interface gigabitethernet0/1/0
     ip address  192.168.1.1 24
     isis authentication-mode keychain huawei
    #
    return
  • Device B configuration file

    #
     sysname Device B
    #
    keychain huawei mode absolute
    receive-tolerance 100
     key-id 1
      algorithm md5
      key-string cipher @%@%VBNCG\zi%X+/Y@:YMHKJES/@%@%
      send-time 14:40 2008-10-10 to 14:50 2008-10-10
      receive-time 14:30 2008-10-10 to 14:50 2008-10-10
      default send-key-id
    #
    interface Gigabitethernet0/1/0
     ip address 192.168.1.2 24
     isis authentication-mode keychain huawei
    #
    return
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20300

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next