From: Voss, David (dvoss@heidrick.com)
Date: Wed Mar 19 2003 - 19:10:53 GMT-3
ISIS AUTHENTICATION 60-SECOND GUIDE
Plain Text Only
Case Sensitive
Levels of Authentication: Area, Link, Domain
Area Authentication - L1
Usage: Authentication Between Routers in the Same Area
Configuration: router isis process
Example: area-password cisco
Applies To: Level 1 LSP, CSNP, PSNP
Misconfiguration: Adjacenies WILL form, Routes WILL NOT pass
Effects:
A router CONFIGURED with this authentication will only accept routes from
other routers configured with the same authentication.
A router NOT CONFIGURED with this authentication WILL accept routes from
other routers that are configured with this authentication.
Link Authentication - INTERFACE
Usage: Authentication Between 2 Routers
Configuration: on the interface
Example: isis password cisco level-1 -or- isis password cisco level-2 -or-
perform both commands
Applies To: Adjacencies for Level-1 or Level-2
Misconfiguration: Adjacenties WILL NOT form, Routes WILL NOT pass
Effects:
A router configured incorrectly with not be able to establish adjacenies
Domain Authentication - L2
Usage: Authentication Between Router in Different Areas
Configuration: router isis process
Example: domain-password cisco
Applies To: Level-2 LSP, CSNP, PSNP
Misconfiguration: Adjacenties WILL form, Routes WILL NOT pass
Effects:
A router CONFIGURED with this authentication will only accept routes from
other routers configured with the same authentication.
A router NOT CONFIGURED for authentication WILL accept routes from other
routers that are configured with this authentication.
Key Point: Routers NOT configured for AREA or DOMAIN passwords WILL still
receive routes from routers who have AREA or DOMAIN passwords configured.
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:42 GMT-3