IS-IS 中间系统到中间系统的认证

原创

cutesk 2019-01-05 16:09:43 博主文章分类：Huawei ©著作权

©著作权归作者所有：来自51CTO博客作者cutesk的原创作品，请联系作者获取转载授权，否则将追究法律责任

ISIS认证

1.接口认证 ---L1和L2的IIH hello报文进行认证

2.区域认证 ---针对L1的SNP和LSP进行认证

3.路由域认证 ---针对L2的SNP和LSP进行认证

方式三种：
1.null
2.明文
3.MD5

配置：
接口认证：
接口下明文认证 --hello报文认证，如果认证不一致，导致不能建立邻接关系

interface GigabitEthernet0/0/1
isis authentication-mode simple cipher huawei ip

[AR4]dis isis error
Hello packet errors:
Mismatched Max Area Addr: 0           Bad Authentication      : 6

接口密文认证：
interface GigabitEthernet0/0/1
isis authentication-mode md5 cipher qytang ip

2、区域认证 --针对L1的SNP和LSP进行认证
如果认证不通过，邻居关系正常，但是没有路由
ISIS
authentication-mode simple cipher huawei ip

[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1
Area-Authentication-mode: SIMPLE
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup

区域密文认证：
isis 1
area-authentication-mode md5 cipher huawei ip

[AR4]dis isis br
[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1
Area-Authentication-mode: MD5
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup

[AR4]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:
Bad Authentication      : 4           Bad Auth Count          : 0

3、路由域的认证 ---针对L2的SNP和LSP进行认证

如果认证不通过，邻居关系正常，但是没有路由

路由域的明文认证：
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0001.00
domain-authentication-mode simple cipher huawei ip

[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2
Area-Authentication-mode: NULL
Domain-Authentication-mode: SIMPLE

路由域的密文认证：

isis 1
domain-authentication-mode md5 cipher huawei ip

[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2
Area-Authentication-mode: NULL
Domain-Authentication-mode: MD5

[AR1]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:

Bad Authentication      : 42          Bad Auth Count          : 0
More Protocol TLV       : 0           Bad Nbr TLV             : 0