Configuring neighbor relationship authentication
With neighbor relationship authentication configured, an interface adds the key in the specified mode into hello packets to the peer and checks the key in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.
The authentication mode and key at both ends must be identical.
To prevent packet exchange failure in case of an authentication key change, configure the interface not to check the authentication information in the received packets.
To configure neighbor relationship authentication:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Specify the authentication mode and key. | isis authentication-mode { { gca key-id { hmac-sha-1 | hmac-sha-224 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 } [ nonstandard ] | md5 | simple } { cipher | plain } string | keychain keychain-name } [ level-1 | level-2 ] [ ip | osi ] | By default, no authentication is configured. |
4. (Optional.) Configure the interface not to check the authentication information in the received hello packets. | isis authentication send-only [ level-1 | level-2 ] | When the authentication mode and key are configured, the interface checks the authentication information in the received packets by default. |