Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring BFD Authentication for IS-IS

Requirements

Before you begin, configure IS-IS on both routers. See Example: Configuring IS-IS for information about the required IS-IS configuration.

Overview

In this example, a BFD authentication keychain is configured with meticulous keyed MD5 authentication.

Figure 1 shows the topology used in this example.

Figure 1: IS-IS BFD Authentication Topology

CLI Quick Configuration shows the configuration for both of the devices in Figure 1. The section Step-by-Step Procedure describes the steps on Device R1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

1. Configure the authentication keychain.
   [edit security authentication-key-chains key-chain secret123]user@R1# set description for-isis-bfduser@R1# set key 1 secret "$9$cW-yrv"user@R1# set key 1 start-time "2012-5-31.13:00:00 -0700"user@R1# set key 2 secret "$9$m5T3"user@R1# set key 2 start-time "2013-5-31.13:00:00 -0700"user@R1# set key 3 secret "$9$mTQn"user@R1# set key 3 start-time "2014-5-31.13:00:00 -0700"
2. Enable BFD.
   [edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection]user@R1# set minimum-interval 100
3. Apply the authentication keychain.
   [edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection]user@R1# set authentication key-chain secret123
4. Set the authentication type.
   [edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection]user@R1# set authentication algorithm meticulous-keyed-md5

Results

From configuration mode, confirm your configuration by entering the show protocols and show security commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying IS-IS BFD Authentication

Purpose

Verify the status of IS-IS BFD authentication.

Action

From operational mode, enter the show bfd session extensive command.

                                                  Detect   Transmit
Address                  State     Interface      Time     Interval  Multiplier
10.0.0.2                 Down      ge-1/2/0.0     0.300     1.000        3   
 Client ISIS L1, TX interval 0.100, RX interval 0.100, Authenticate 
        keychain secret123, algo meticulous-keyed-md5, mode strict
 Client ISIS L2, TX interval 0.100, RX interval 0.100, Authenticate 
        keychain secret123, algo meticulous-keyed-md5, mode strict
 Session down time 00:35:13, previous up time 00:12:17
 Local diagnostic None, remote diagnostic None
 Remote state Up, version 1
 Logical system 2, routing table index 85
 Min async interval 0.100, min slow interval 1.000
 Adaptive async TX interval 0.100, RX interval 0.100
 Local min TX interval 1.000, minimum RX interval 0.100, multiplier 3
 Remote min TX interval 0.100, min RX interval 0.100, multiplier 3
 Local discriminator 2, remote discriminator 1
 Echo mode disabled/inactive, no-absorb, no-refresh
 Authentication enabled/active, keychain secret123, algo meticulous-keyed-md5, mode strict
  Session ID: 0x100101

1 sessions, 2 clients
Cumulative transmit rate 1.0 pps, cumulative receive rate 10.0 pps

Meaning

The output shows that BFD authentication is enabled on IS-IS Level 1 and Level 2.