本案例采用ENSP模拟器来模拟ISIS接口明文认证,实现路由器之间ISIS路由协议的安全对接,保障网络的安全。
特别说明:明文认证安全性没有MD5认证高,推荐使用MD5认证。
1、按照网络拓扑图配置IP地址。
2、配置R1、R2路由器的ISIS及接口明文认证
R1:
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>u t d
Info: Current terminal debugging is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]int gi 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]int gi 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.0.1 30
[R1-GigabitEthernet0/0/1]quit
[R1]isis 1
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]quit
[R1]int gi 0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]quit
[R1]int gi 0/0/1
[R1-GigabitEthernet0/0/1]isis enable
[R1-GigabitEthernet0/0/1]isis authentication-mode simple weijianing //在接口启用ISIS明文认证,密钥为weijianing
[R1-GigabitEthernet0/0/1]quit
R2:
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>u t d
Info: Current terminal debugging is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]int gi 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[R2-GigabitEthernet0/0/0]quit
[R2]int gi 0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.0.2 30
[R2-GigabitEthernet0/0/1]quit
[R2]isis 1
[R2-isis-1]netwo
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]quit
[R2]int gi 0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]quit
[R2]int gi 0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R2-GigabitEthernet0/0/1]isis authentication-mode simple weijianing
[R2-GigabitEthernet0/0/1]quit
分别查看R1、R2均已建立ISIS邻居关系:
查看R1、R2的路由表,均已通过ISIS学习到对端发布的路由:
PC分别填写IP地址,且能相互PING通:
至此,华为路由器ISIS接口明文认证典型组网配置案例已完成!
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作