IS-IS 中间系统到中间系统的认证

ISIS认证

1.接口认证 ---L1和L2的IIH hello报文进行认证

2.区域认证 ---针对L1的SNP和LSP进行认证

3.路由域认证 ---针对L2的SNP和LSP进行认证


方式三种：
1.null
2.明文
3.MD5

配置：
接口认证：
接口下明文认证  --hello报文认证，如果认证不一致，导致不能建立邻接关系

interface GigabitEthernet0/0/1
 isis authentication-mode simple cipher  huawei ip

[AR4]dis isis error
Hello packet errors:
Mismatched Max Area Addr: 0           Bad Authentication      : 6

接口密文认证：
interface GigabitEthernet0/0/1
 isis authentication-mode md5 cipher qytang ip



2、区域认证 --针对L1的SNP和LSP进行认证
如果认证不通过，邻居关系正常，但是没有路由
ISIS
  authentication-mode simple cipher huawei ip


[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1    
Area-Authentication-mode: SIMPLE
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup



区域密文认证：
isis 1
 area-authentication-mode md5 cipher huawei ip

[AR4]dis isis br
[AR4]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0004      System Level: L1    
Area-Authentication-mode: MD5
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup


[AR4]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:         
Bad Authentication      : 4           Bad Auth Count          : 0   




3、路由域的认证 ---针对L2的SNP和LSP进行认证

如果认证不通过，邻居关系正常，但是没有路由

路由域的明文认证：
isis 1
 is-level level-2
 network-entity 49.0001.0000.0000.0001.00
 domain-authentication-mode simple cipher huawei ip

[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2    
Area-Authentication-mode: NULL
Domain-Authentication-mode: SIMPLE

路由域的密文认证：

isis 1
 domain-authentication-mode md5 cipher huawei ip


[AR1]dis isis brief

                     ISIS Protocol Information for ISIS(1)
                     -------------------------------------
SystemId: 0000.0000.0001      System Level: L2    
Area-Authentication-mode: NULL
Domain-Authentication-mode: MD5


[AR1]dis isis error

                    Statistics of error packets for ISIS(1)
                    ---------------------------------------
LSP packet errors:
       
Bad Authentication      : 42          Bad Auth Count          : 0           
More Protocol TLV       : 0           Bad Nbr TLV             : 0