Got it

How to configure the keychain for the IS-IS

Latest reply: Dec 20, 2018 03:07:16 684 4 10 0 0

As we know that IS-IS support multi authentication. It is classified as follows:

Based on packet types, the authentication is classified as follows:

l  Interface authentication: is configured in the interface view to authenticate Level-1 and Level-2 IS-to-IS Hello PDUs (IIHs).

l  Area authentication: is configured in the IS-IS process view to authenticate Level-1 CSNPs, PSNPs, and LSPs.

l  Routing domain authentication: is configured in the IS-IS process view to authenticate Level-2 CSNPS, PSNPs, and LSPs.

Based on the authentication modes of packets, the authentication is classified into the following types:

l  Simple authentication: The authenticated party directly adds the configured password to packets for authentication. This authentication mode provides the lowest password security.

l  MD5 authentication: uses the MD5 algorithm to encrypt a password before adding the password to the packet, which improves password security.

l  Keychain authentication: further improves network security with a configurable key chain that changes with time.

l  HMAC-SHA256 authentication: uses the HMAC-SHA256 algorithm to encrypt a password before adding the password to the packet, which improves password security.

The keychain authentication is more secure,we can configure it as below:

#

keychain core mode absolute

 #

 key-id 1

  algorithm hmac-md5

  key-string cipher   Huawei@123456

  send-time 00:00   2018-12-01 duration infinite

  receive-time 00:00   2018-12-01 duration infinite

#

isis 1

domain-authentication-mode keychain core

#

interface interface-type interface-number

isis authentication-mode keychain core

#

commit

#

Note: when we configure the keychain authentication, the algorithm is must been configured.



  • x
  • convention:

YOO
Created Dec 20, 2018 01:49:39

It is very helpful on configuring the key chain for IS-IS
View more
  • x
  • convention:

Yolanda_617
Created Dec 20, 2018 02:09:40

It is very helpful
View more
  • x
  • convention:

user_2915719
Created Dec 20, 2018 02:51:40

MD5 is an outdated algorithm and proved to be not secure, it's recommended to use more secure algorithms like SHA series..How to configure the keychain for the IS-IS-2824085-1
View more
  • x
  • convention:

dagui
Created Dec 20, 2018 03:07:16

What does MD5 mean? Can you introduce it?
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.