Example for Configuring Keychain Authentication for Non-TCP Application

Networking Requirements

As shown in Figure 1, it is required to enable IS-IS and keychain authentication on all interfaces of Device A and Device B. The routers interconnect with each other using IS-IS.

Figure 1 Keychain

Interface 1 in this example represents GE 0/1/0.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure IS-IS basic functions.

  2. Configure keychain basic functions.

  3. Configure the application IS-IS on both the routers to use keychain.

Data Preparation

To complete the configuration, you need the following data:

  • keychain name

  • key-id

  • algorithm and key-string

  • send and receive time

  • receive tolerance

Procedure

  1. Configure Device A.

    # Configure IS-IS basic functions. The configuration details are not mentioned here.

    # Configuring Keychain.

    [~DeviceA] keychain huawei mode absolute
[*DeviceA-keychain-huawei] receive-tolerance 100
[*DeviceA-keychain-huawei] key-id 1
[*DeviceA-keychain-huawei-keyid-1] algorithm hmac-sha-256
[*DeviceA-keychain-huawei-keyid-1] key-string cipher abcDEF-13579
[*DeviceA-keychain-huawei-keyid-1] send-time 14:30 2017-10-10 to 14:50 2017-10-10
[*DeviceA-keychain-huawei-keyid-1] receive-time 14:40 2017-10-10 to 14:50 2017-10-10
[*DeviceA-keychain-huawei-keyid-1] default send-key-id
[*DeviceA-keychain-huawei-keyid-1] commit
[~DeviceA-keychain-huawei-keyid-1] quit
[~DeviceA-keychain-huawei] quit

    # Configuring Keychain Authentication for IS-IS.

    [~DeviceA] interface gigabitethernet 0/1/0
[*DeviceA-GigabitEthernet0/1/0] ip address 192.168.1.1 24
[*DeviceA-GigabitEthernet0/1/0] isis authentication-mode keychain huawei
[*DeviceA-GigabitEthernet0/1/0] commit
[~DeviceA-GigabitEthernet0/1/0] quit

  2. # Configure Device B

    # Configure IS-IS basic functions. The configuration details are not mentioned here.

    # Configuring Keychain.

    [~DeviceB] keychain huawei mode absolute
[*DeviceB-keychain-huawei] receive-tolerance 100
[*DeviceB-keychain-huawei] key-id 1
[*DeviceB-keychain-huawei-keyid-1] algorithm hmac-sha-256
[*DeviceB-keychain-huawei-keyid-1] key-string cipher abcDEF-13579
[*DeviceB-keychain-huawei-keyid-1] send-time 14:40 2017-10-10 to 14:50 2017-10-10
[*DeviceB-keychain-huawei-keyid-1] receive-time 14:30 2017-10-10 to 14:50 2017-10-10
[*DeviceB-keychain-huawei-keyid-1] default send-key-id
[*DeviceB-keychain-huawei-keyid-1] commit
[~DeviceB-keychain-huawei-keyid-1] quit
[~DeviceB-keychain-huawei] quit

    # Configuring Keychain Authentication for IS-IS.

    [~DeviceB] interface gigabitethernet 0/1/0
[~DeviceB-GigabitEthernet0/1/0] ip address 192.168.1.2 24
[*DeviceB-GigabitEthernet0/1/0] isis authentication-mode keychain huawei
[*DeviceB-GigabitEthernet0/1/0] commit
[~DeviceB-GigabitEthernet0/1/0] quit

Configuration File

  • Device A configuration file

    #
 sysname DeviceA
#
keychain huawei mode absolute
receive-tolerance 100
 key-id 1
  algorithm hmac-sha-256
  key-string cipher @%@%b{br9\zi%X+/Y@:Y>Lw(L\v#@%@%
  send-time 14:30 2017-10-10 to 14:50 2017-10-10
  receive-time 14:40 2017-10-10 to 14:50 2017-10-10
  default send-key-id
#
interface gigabitethernet0/1/0
 ip address 192.168.1.1 24
 isis authentication-mode keychain huawei
#
return

  • Device B configuration file

    #
 sysname DeviceB
#
keychain huawei mode absolute
receive-tolerance 100
 key-id 1
  algorithm hmac-sha-256
  key-string cipher @%@%VBNCG\zi%X+/Y@:YMHKJES/@%@%
  send-time 14:40 2017-10-10 to 14:50 2017-10-10
  receive-time 14:30 2017-10-10 to 14:50 2017-10-10
  default send-key-id
#
interface Gigabitethernet0/1/0
 ip address 192.168.1.2 24
 isis authentication-mode keychain huawei
#
return
Parent Topic: Configuration Examples for Keychain
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >