requires all the tables to be updated. Consequently, the static tables are likely to
become rapidly outdated.
The router supports dynamic resolution of hostnames to system identifiers. You can
use the
clns host
command to map the hostname to the NSAP address, and therefore
to the system ID. This mapping is inserted in the dynamic hostname type-length-value
tuple (TLV type 137), and subsequently advertised when LSPs are transmitted. The
value field contains the hostname, preferably the fully qualified domain name (FQDN)
of the host, or a subset of the FQDN. You can display the TLV by issuing the
show
isis database detail
command.
Authentication
The router supports two authentication methods for IS-IS: simple authentication and
hash function–based message authentication code (HMAC) MD5 authentication.
These authentication methods prevent unauthorized routers from injecting false
routing information into your network or forming adjacencies with your router.
By default, IS-IS authentication is disabled on the router until you enable it with the
commands described in the following sections.
Simple Authentication
Simple authentication uses a text password (authentication key) that can be entered
in encrypted or unencrypted form. The receiving router uses this authentication key
to verify the packet.
You can configure the password for simple authentication by using the following
commands:
■
The area-authentication-key command assigns a password used by neighboring
routers to authenticate IS-IS level 1 link-state PDUs (LSPs), complete sequence
number PDUs (CSNPs), and partial sequence number PDUs (PSNPs). This
command also enables simple authentication of level 1 LSPs.
■
The domain-authentication-key command assigns a password used by neighboring
routers to authenticate IS-IS level 2 LSPs, CSNPs, and PSNPs. This command also
enables simple authentication of level 2 LSPs.
■
The isis authentication-key command assigns a password associated with a
specific interface for authentication of IS-IS level 1 or level 2 hello packets. This
command also enables simple authentication of level 1 or level 2 hello packets.
These commands enable simple authentication of LSPs and (for the
isis
authentication-key
command) hello packets only; they do not enable authentication
of CSNP and PSNP packets. To enable authentication of CSNPs or PSNPs, you must
issue either the
area-authentication
command or the
domain-authentication
command. For information, see “Enabling and Disabling Authentication of CSNPs
and PSNPs” on page 332.
Overview
■
329
Chapter 6: Configuring IS-IS
Summary of Contents for IGP - CONFIGURATION GUIDE V11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 18: ...xviii List of Figures JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 20: ...xx List of Tables JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 26: ...2 Internet Protocol JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 228: ...204 Internet Protocol Routing JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 264: ...240 Monitoring RIP JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 438: ...414 Monitoring IS IS JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 439: ...Part 3 Index Index on page 417 Index 415...
Page 440: ...416 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...
Page 454: ...430 Index JUNOSe 11 0 x IP IPv6 and IGP Configuration Guide...