IS-IS认证

实验配置

复制代码
实验配置。

(1)配置IP地址。

R1的配置:

<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname AR1
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]interface g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 13.1.1.1 24
[AR1-GigabitEthernet0/0/1]quit
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 1.1.1.1 32
[AR1-LoopBack0]quit
 

R2的配置:

<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname AR2
[AR2]interface g0/0/1
[AR2-GigabitEthernet0/0/1]ip address 12.1.1.2 24
[AR2-GigabitEthernet0/0/1]quit
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 24.1.1.2 24
[AR2-GigabitEthernet0/0/0]quit
[AR2]interface LoopBack 0
[AR2-LoopBack0]ip address 2.2.2.2 32
[AR2-LoopBack0]quit
 

R3的配置:

<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname AR3
[AR3]interface g0/0/0
[AR3-GigabitEthernet0/0/0]ip address 13.1.1.3 24
[AR3-GigabitEthernet0/0/0]quit
[AR3]interface g0/0/1
[AR3-GigabitEthernet0/0/1]ip address 35.1.1.3 24
[AR3-GigabitEthernet0/0/1]quit
[AR3]interface LoopBack 0
[AR3-LoopBack0]ip address 3.3.3.3 32
[AR3-LoopBack0]quit
 

R4的配置

<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname AR4
[AR4]interface g0/0/1
[AR4-GigabitEthernet0/0/1]ip address 24.1.1.4 24
[AR4-GigabitEthernet0/0/1]quit
[AR4]interface g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 45.1.1.4 24
[AR4-GigabitEthernet0/0/0]quit
[AR4]interface LoopBack 0
[AR4-LoopBack0]ip address 4.4.4.4 32
[AR4-LoopBack0]quit
 

R5的配置

<Huawei>system-view
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname AR5
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]ip address 35.1.1.5 24
[AR5-GigabitEthernet0/0/0]quit
[AR5]interface g0/0/1
[AR5-GigabitEthernet0/0/1]ip address 45.1.1.5 24
[AR5-GigabitEthernet0/0/1]quit
[AR5]interface LoopBack 0
[AR5-LoopBack0]ip address 5.5.5.5 32
[AR5-LoopBack0]quit
 

(2)配置IS-IS。

R1的配置:

[AR1]isis
[AR1-isis-1]network-entity 49.0123.0000.0000.0001.00  //配置NET地址
[AR1-isis-1]is-level level-1  //路由器的类型为 Level-1
[AR1-isis-1]cost-style wide  //设置宽度量值
[AR1-isis-1]quit
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]isis enable
[AR1-GigabitEthernet0/0/0]quit
[AR1]interface g0/0/1
[AR1-GigabitEthernet0/0/1]isis enable
[AR1-GigabitEthernet0/0/1]quit
[AR1]interface LoopBack 0
[AR1-LoopBack0]isis enable 
[AR1-LoopBack0]quit
 

R2的配置:

[AR2]isis
[AR2-isis-1]network-entity 49.0123.0000.0000.0002.00
[AR2-isis-1]cost-style wide
[AR2-isis-1]quit
[AR2]interface g0/0/1
[AR2-GigabitEthernet0/0/1]isis enable
[AR2-GigabitEthernet0/0/1]quit
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]isis enable
[AR2-GigabitEthernet0/0/0]quit
[AR2]interface LoopBack 0
[AR2-LoopBack0]isis enable
[AR2-LoopBack0]quit
 

R3的配置:

<AR3>sys
[AR3]isis
[AR3-isis-1]network-entity 49.0123.0000.0000.0003.00
[AR3-isis-1]cost-style wide
[AR3-isis-1]quit
[AR3]interface g0/0/0
[AR3-GigabitEthernet0/0/0]isis enable
[AR3-GigabitEthernet0/0/0]quit
[AR3]interface g0/0/1
[AR3-GigabitEthernet0/0/1]isis enable
[AR3-GigabitEthernet0/0/1]quit
[AR3]interface LoopBack 0
[AR3-LoopBack0]isis enable
[AR3-LoopBack0]quit
 

R4的配置:

[AR4]isis
[AR4-isis-1]network-entity 49.0045.0000.0000.0004.00
[AR4-isis-1]is-level level-2
[AR4-isis-1]cost-style wide
[AR4-isis-1]quit
[AR4]interface g0/0/1
[AR4-GigabitEthernet0/0/1]isis enable
[AR4-GigabitEthernet0/0/1]quit
[AR4]interface g0/0/0
[AR4-GigabitEthernet0/0/0]isis enable
[AR4-GigabitEthernet0/0/0]quit
[AR4]interface LoopBack 0
[AR4-LoopBack0]isis enable
[AR4-LoopBack0]quit
 

R5的配置:

<AR5>sys
[AR5]isis
[AR5-isis-1]network-entity 49.0045.0000.0000.0005.00
[AR5-isis-1]cost-style wide
[AR5-isis-1]is-level level-2
[AR5-isis-1]quit
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]quit
[AR5]interface g0/0/1
[AR5-GigabitEthernet0/0/1]isis enable
[AR5-GigabitEthernet0/0/1]quit
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]isis enable
[AR5-GigabitEthernet0/0/0]quit
[AR5]interface LoopBack 0
[AR5-LoopBack0]isis enable
[AR5-LoopBack0]quit

(3)R1和R2之间的接口用简单的明文认证。

R1的配置:

[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]isis authentication-mode simple joinlabs level-1
 

R2的配置:

[AR2]interface g0/0/1
[AR2-GigabitEthernet0/0/1]isis authentication-mode simple joinlabs level-1
 

(4)R4和R5之间的接口用MD5认证。

R4的配置:

[AR4]interface g0/0/0
[AR4-GigabitEthernet0/0/0]isis authentication-mode md5 joinlabs level-2
 

R5的配置:

[AR5]interface g0/0/1
[AR5-GigabitEthernet0/0/1]isis authentication-mode md5 joinlabs level-2
 

(5)49.0123配置区域认证。

R1的配置:

[AR1]isis
[AR1-isis-1]area-authentication-mode md5 joinlabs

R2的配置:

[AR2]isis
[AR2-isis-1]area-authentication-mode md5 joinlabs
 

R3的配置:

[AR3]isis
[AR3-isis-1]area-authentication-mode md5 joinlabs
 

(6)配置路由域认证

R2的配置:

[AR2]isis
[AR2-isis-1]domain-authentication-mode md5 1234
[AR2-isis-1]q

R3的配置:

[AR3]isis
[AR3-isis-1]domain-authentication-mode md5 1234
[AR3-isis-1]q
 

R4的配置:

[AR4]isis
[AR4-isis-1]domain-authentication-mode md5 1234
[AR4-isis-1]q
 

R5的配置:

[AR5]isis
[AR5-isis-1]domain-authentication-mode md5 1234
[AR5-isis-1]q

IS-IS认证

一、认证类型

1. 接口认证(邻接认证)

  • 作用范围:单个接口上的IS-IS报文

  • 认证对象:邻居间交换的所有IS-IS协议报文

  • 典型应用:防止非法设备建立邻接关系

2. 区域认证

  • 作用范围:整个Level-1区域

  • 认证对象:Level-1的LSP和SNP报文

  • 典型应用:保证区域内部路由信息的安全性

3. 域认证

  • 作用范围:整个Level-2域

  • 认证对象:Level-2的LSP和SNP报文

  • 典型应用:保护骨干区域路由信息

二、认证方式

1. 明文认证

  • 密码以明文形式传输

  • 配置简单但安全性低

2. MD5认证

  • 使用哈希算法加密

  • 安全性较高(但MD5现在被认为不够安全)

3. HMAC-SHA认证(较新设备支持)

  • 使用更安全的SHA算法

  • 推荐的安全认证方式

相关推荐
CaliXz27 分钟前
野草云防火墙风险分析及 Docker 使用注意事项
运维·docker·容器
计算机学无涯28 分钟前
Docker 命令简写配置
运维·docker·容器
sniper_fandc38 分钟前
网络编程—Socket套接字(TCP)
网络·tcp/ip·javaee
the_nov38 分钟前
19.TCP相关实验
linux·服务器·网络·c++·tcp/ip
kk小源1 小时前
Docker常用操作教程
运维·docker·容器
林中伊人1 小时前
家庭路由器wifi设置LAN2LAN和LAN2WAN
网络·路由器
Y淑滢潇潇2 小时前
RHCSA Linux 系统创建文件
linux·运维·服务器
XYN612 小时前
【嵌入式学习3】基于python的tcp客户端、服务器
服务器·开发语言·网络·笔记·python·学习·tcp/ip
the_nov2 小时前
20.IP协议
linux·服务器·网络·c++·tcp/ip
奔跑的废柴2 小时前
Jenkins学习(B站教程)
运维·学习·jenkins