Re: ISIS show command for authentication

From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Nov 19 2004 - 09:58:02 GMT-3

• Next message: Alec: "Re: Standard compression methods"
• Previous message: Tom Lijnse: "RE: ISIS show command for authentication"
• Maybe in reply to: ccie2be: "ISIS show command for authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks, Tom.

That solves the mystery for 2 of the 3 authentications.

In the scenario I was doing, it happened that I only had link
authenticiation configured, so I guess the only way to see if it's working
is by doing a debug and NOT seeing a problem.

Thanks again. Tim
----- Original Message -----
From: "Tom Lijnse" <Tom.Lijnse@globalknowledge.nl>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Friday, November 19, 2004 7:40 AM
Subject: RE: ISIS show command for authentication

Hi Tim,

Since area authentication adds a password to the LSPs in the level-1
database, that's where you can see it configured. As you can see this
router has area authentication configured:

R5#sh run | b ^router isis
router isis
 net 49.0001.5555.5555.5555.00
 is-type level-1
 area-password cisco

Now when you look at the LSP for this router in the level-1 database you
can see that it has authentication configured:

R5#sh isis database R5.00-00 level-1 detail

IS-IS Level-1 LSP R5.00-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime
ATT/P/OL
R5.00-00 * 0x000000D3 0xD475 896 0/0/0
  Auth: Length: 6
  Area Address: 49.0001
  NLPID: 0xCC
  Hostname: R5
  IP Address: 133.1.1.5
  Metric: 10 IP 133.1.1.0 255.255.255.0
  Metric: 10 IP 133.1.2.0 255.255.255.0
  Metric: 10 IS R4.00

There's a line saying 'Auth: Length: 6' which is not there when
authentication is not configured.

In a similar way domain authentication is visible in the level-2
database with an extra TLV in the LSPs. Only for the interface level
authentication I have not been able to find a decent show command.

Regards,

Tom Lijnse
CCIE #11031
Global Knowledge Netherlands

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: woensdag 17 november 2004 23:00
To: Group Study
Subject: ISIS show command for authentication

Hi guys,

does a show command exists in isis that shows what authentication is
configured?

I've been looking through all the isis show commands and didn't come
with
anything.

Interestingly enough, although isis supports 3 levels of authentication,
I
couldn't find any command that shows anything about any of the isis
authentication levels, link, area, or domain.

Do such show command not exist or am I just looking in all the wrong
places?

TIA, Tim

• Next message: Alec: "Re: Standard compression methods"
• Previous message: Tom Lijnse: "RE: ISIS show command for authentication"
• Maybe in reply to: ccie2be: "ISIS show command for authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:47 GMT-3