The optional-checksum enable command enables IS-IS to configure Hello packets and SNP packets to carry optional checksum TLVs and to check received IS-IS packets and SNP packets.
The undo optional-checksum enable command restores IS-IS packets to default settings.
By default, Hello packets and SNPs do not carry checksum TLVs and the receiver does not check received packets.
Usage Scenario
To prevent the attack of malicious packets and to ensure packets are correctly received on an IS-IS network, you can configure the optional-checksum enable command to enable IS-IS routers to send SNP packets and Hello packets carrying optional checksum TLVs. After the peer device receives the packets, it checks whether the carried optional checksum TLVs are correct. If the TLVs are not correct, the peer device rejects the packets.
Prerequisites
You have run the isis command to create an IS-IS process and entered the IS-IS view.
Precautions
If MD5 authentication or Keychain authentication with valid MD5 authentication is configured on an IS-IS interface or area, IS-IS routers send Hello packets and SNP packets carrying no checksum TLVs and verify the checksum of the received packets.