Configuring ISIS-SPB area authentication

ISIS-SPB area authentication guarantees that SPBM nodes learn topology data only from trustworthy neighbors.

ISIS-SPB sends area authentication information (including the authentication method and password) in topology advertisement packets (LSP, CSNP, and PSNP). The recipients accept a topology advertisement packet only if the authentication settings in the packet match their local authentication settings.

For correct authentication, make sure the authentication method and password is the same across the SPBM network.

To prevent temporary drops of topology advertisement packets, use the following procedure when you modify authentication settings:

  1. Disable area authentication for incoming ISIS-SPB topology advertisement packets on the neighbor devices.

  2. Modify the authentication settings on the local end.

  3. Modify the authentication settings on the remote end.

  4. Enable area authentication for incoming ISIS-SPB topology advertisement packets on the neighbor devices.

To configure ISIS-SPB area authentication:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter SPBM view.

spbm

N/A

3. Set an authentication method and password.

area-authentication-mode { md5 | simple } { cipher | plain } string

By default, area authentication is disabled. No authentication method or password is configured.

4. (Optional.) Disable area authentication for incoming ISIS-SPB packets.

area-authentication send-only

By default, the device authenticates incoming ISIS-SPB packets if area authentication is enabled.