As we know that IS-IS support the authentication as below:
Based on packet types, the authentication is classified as follows:
l Interface authentication: is configured in the interface view to authenticate Level-1 and Level-2 IS-to-IS Hello PDUs (IIHs).
l Area authentication: is configured in the IS-IS process view to authenticate Level-1 CSNPs, PSNPs, and LSPs.
l Routing domain authentication: is configured in the IS-IS process view to authenticate Level-2 CSNPS, PSNPs, and LSPs.
Based on the authentication modes of packets, the authentication is classified into the following types:
l Simple authentication: The authenticated party directly adds the configured password to packets for authentication. This authentication mode provides the lowest password security.
l MD5 authentication: uses the MD5 algorithm to encrypt a password before adding the password to the packet, which improves password security.
l Keychain authentication: further improves network security with a configurable key chain that changes with time.
l HMAC-SHA256 authentication: uses the HMAC-SHA256 algorithm to encrypt a password before adding the password to the packet, which improves password security.
Keychain authentication is more secure and easy to configure,we can configure it for IS-IS as below:
#
keychain core mode absolute
#
key-id 1
algorithm hmac-md5
key-string cipher Huawei@12345
send-time 00:00 2018-12-01 duration infinite
receive-time 00:00 2018-12-01 duration infinite
#
isis 1
domain-authentication-mode keychain core
#
interface interface-type interface-number
isis authentication-mode keychain core
#
