示例:为 IS-IS 配置 BFD 身份验证
此示例说明如何为 IS-IS 配置 BFD 身份验证。
要求
开始之前,请在两个路由器上配置 IS-IS。有关所需 IS-IS 配置 的信息,请参阅示例:配置 IS-IS。
概述
在此示例中,BFD 身份验证密钥链配置了一丝不苟的密钥 MD5 身份验证。
图 1 显示了此示例中使用的拓扑。
图 1:IS-IS BFD 身份验证拓扑
CLI 快速配置 显示了 图 1 中这两台设备的配置。 第 #configuration228__isis-bfd-auth-逐步 说明部分介绍了设备 R1 上的步骤。
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层级的 [edit]
CLI 中。
设备 R1
set security authentication-key-chains key-chain secret123 description for-isis-bfd set security authentication-key-chains key-chain secret123 key 1 secret $ABC123 set security authentication-key-chains key-chain secret123 key 1 start-time "2012-5-31.13:00:00 -0700" set security authentication-key-chains key-chain secret123 key 2 secret $ABC123 set security authentication-key-chains key-chain secret123 key 2 start-time "2013-5-31.13:00:00 -0700" set security authentication-key-chains key-chain secret123 key 3 secret $ABC123 set security authentication-key-chains key-chain secret123 key 3 start-time "2014-5-31.13:00:00 -0700" set protocols isis interface ge-1/2/0.0 bfd-liveness-detection minimum-interval 100 set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication key-chain secret123 set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication algorithm meticulous-keyed-md5
设备 R2
set security authentication-key-chains key-chain secret123 description for-isis-bfd set security authentication-key-chains key-chain secret123 key 1 secret $ABC123 set security authentication-key-chains key-chain secret123 key 1 start-time "2012-5-31.13:00:00 -0700" set security authentication-key-chains key-chain secret123 key 2 secret $ABC123 set security authentication-key-chains key-chain secret123 key 2 start-time "2013-5-31.13:00:00 -0700" set security authentication-key-chains key-chain secret123 key 3 secret $ABC123 set security authentication-key-chains key-chain secret123 key 3 start-time "2014-5-31.13:00:00 -0700" set protocols isis interface ge-1/2/0.0 bfd-liveness-detection minimum-interval 100 set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication key-chain secret123 set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication algorithm meticulous-keyed-md5
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 CLI 用户指南中的在配置模式下使用 CLI 编辑器。
要配置 IS-IS BFD 身份验证:
配置身份验证密钥链。
[edit security authentication-key-chains key-chain secret123] user@R1# set description for-isis-bfd user@R1# set key 1 secret “$ABC123” user@R1# set key 1 start-time "2012-5-31.13:00:00 -0700" user@R1# set key 2 secret “$ABC123” user@R1# set key 2 start-time "2013-5-31.13:00:00 -0700" user@R1# set key 3 secret “$ABC123” user@R1# set key 3 start-time "2014-5-31.13:00:00 -0700"
启用 BFD。
[edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection] user@R1# set minimum-interval 100
应用身份验证密钥链。
[edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection] user@R1# set authentication key-chain secret123
设置身份验证类型。
[edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection] user@R1# set authentication algorithm meticulous-keyed-md5
结果
在配置模式下,输入和 show security
命令以确认show protocols
您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以更正配置。
user@R1# show protocols
isis {
interface ge-1/2/0.0 {
bfd-liveness-detection {
minimum-interval 100;
authentication {
key-chain secret123;
algorithm meticulous-keyed-md5;
}
}
}
}
user@R1# show security
authentication-key-chains {
key-chain secret123 {
description for-isis-bfd;
key 1 {
secret “$ABC123”’;
start-time "2012-5-31.13:00:00 -0700";
}
key 2 {
secret “$ABC123”’;
start-time "2013-5-31.13:00:00 -0700";
}
key 3 {
secret “$ABC123”;
start-time "2014-5-31.13:00:00 -0700";
}
}
}
完成设备配置后,请在配置模式下输入 提交 。
验证
确认配置工作正常。
验证 IS-IS BFD 身份验证
目的
验证 IS-IS BFD 身份验证的状态。
行动
在操作模式下,输入 show bfd session extensive
命令。
user@R1> show bfd session extensive Detect Transmit Address State Interface Time Interval Multiplier 10.0.0.2 Down ge-1/2/0.0 0.300 1.000 3 Client ISIS L1, TX interval 0.100, RX interval 0.100, Authenticate keychain secret123, algo meticulous-keyed-md5, mode strict Client ISIS L2, TX interval 0.100, RX interval 0.100, Authenticate keychain secret123, algo meticulous-keyed-md5, mode strict Session down time 00:35:13, previous up time 00:12:17 Local diagnostic None, remote diagnostic None Remote state Up, version 1 Logical system 2, routing table index 85 Min async interval 0.100, min slow interval 1.000 Adaptive async TX interval 0.100, RX interval 0.100 Local min TX interval 1.000, minimum RX interval 0.100, multiplier 3 Remote min TX interval 0.100, min RX interval 0.100, multiplier 3 Local discriminator 2, remote discriminator 1 Echo mode disabled/inactive, no-absorb, no-refresh Authentication enabled/active, keychain secret123, algo meticulous-keyed-md5, mode strict Session ID: 0x100101 1 sessions, 2 clients Cumulative transmit rate 1.0 pps, cumulative receive rate 10.0 pps
意义
输出显示,在 IS-IS 级别 1 和级别 2 上启用了 BFD 身份验证。