RE: ISIS MD5 authentication

From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Mar 10 2005 - 14:58:07 GMT-3

• Next message: ccie2be: "RE: IS-IS multi-area [bcc][faked-from][bayes]"
• Previous message: simon hart: "RE: Multicast helper-map Scenario"
• Maybe in reply to: Roy Dempsey: "ISIS MD5 authentication"
• Next in thread: Roy Dempsey: "Re: ISIS MD5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was just going through some old posts and noticed this one.

*********************************************************************
Since area authentication adds a password to the LSPs in the level-1
database, that's where you can see it configured. As you can see this
router has area authentication configured:

R5#sh run | b ^router isis
router isis
 net 49.0001.5555.5555.5555.00
 is-type level-1
 area-password cisco

Now when you look at the LSP for this router in the level-1 database you
can see that it has authentication configured:

R5#sh isis database R5.00-00 level-1 detail

IS-IS Level-1 LSP R5.00-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime
ATT/P/OL
R5.00-00 * 0x000000D3 0xD475 896 0/0/0
  Auth: Length: 6
  Area Address: 49.0001
  NLPID: 0xCC
  Hostname: R5
  IP Address: 133.1.1.5
  Metric: 10 IP 133.1.1.0 255.255.255.0
  Metric: 10 IP 133.1.2.0 255.255.255.0
  Metric: 10 IS R4.00

There's a line saying 'Auth: Length: 6' which is not there when
authentication is not configured.

In a similar way domain authentication is visible in the level-2
database with an extra TLV in the LSPs. Only for the interface level
authentication I have not been able to find a decent show command.

Regards,

Tom Lijnse
CCIE #11031
Global Knowledge Netherlands

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Roy
Dempsey
Sent: Thursday, March 10, 2005 12:49 PM
To: Cisco certification
Subject: ISIS MD5 authentication

Hi,

Is there are a way to verify ISIS authentication? I'm testing key
chain authentication between 2 hosts which were working without it.
I've created a key chain and attached it to the interface using isis
authentication mode and isis authentication key-chain commands.

The ISIS neighbors didn't go down, and are still adjacent. However I
don't see any mention of authentication when debugging adjacencies,
and I can't find a show command that mentions it.

I'm sure there must be a way to verify it...

Thanks
Roy

• Next message: ccie2be: "RE: IS-IS multi-area [bcc][faked-from][bayes]"
• Previous message: simon hart: "RE: Multicast helper-map Scenario"
• Maybe in reply to: Roy Dempsey: "ISIS MD5 authentication"
• Next in thread: Roy Dempsey: "Re: ISIS MD5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:44 GMT-3