Configuring ISIS-SPB adjacency authentication
ISIS-SPB adjacency authentication guarantees that SPBM nodes establish adjacencies only with trustworthy neighbors.
SPBM nodes send adjacency authentication information (including the authentication method and password) in ISIS-SPB hello packets. The recipient establishes or maintains an adjacency with the sender only if the received authentication settings match its local authentication settings.
For two devices to establish an adjacency, you must configure the same authentication method and password on them.
To prevent loss of adjacencies, use the following procedure when you modify adjacency authentication settings:
Disable adjacency authentication for incoming ISIS-SPB hello packets on the neighbor devices.
Modify the authentication settings on the local end.
Modify the authentication settings on the remote end.
Enable adjacency authentication for incoming ISIS-SPB hello packets on the neighbor devices.
To configure ISIS-SPB adjacency authentication:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. | interface interface-type interface-number | N/A |
3. Set an adjacency authentication method and password. | spbm authentication-mode { md5 | simple } { cipher | plain } string | By default, adjacency authentication is disabled. No authentication method or password is configured. |
4. (Optional.) Disable adjacency authentication for incoming IS-IS hello packets. | spbm authentication send-only | By default, the device authenticates incoming IS-IS hello packets if adjacency authentication is enabled. |