Re: ISIS MD5 authentication

From: Roy Dempsey (roy.dempsey@gmail.com)
Date: Thu Mar 10 2005 - 19:37:51 GMT-3

• Next message: ccie2be: "RE: navigating to Technical Tips"
• Previous message: CCIE_Exam: "Need CCIE partner"
• Maybe in reply to: Roy Dempsey: "ISIS MD5 authentication"
• Next in thread: Chuck Ryan: "Re: ISIS MD5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks,

Interesting email. Looks like there's nothing available for verifying
interface level authentication....

On Thu, 10 Mar 2005 12:58:07 -0500, ccie2be <ccie2be@nyc.rr.com> wrote:
> I was just going through some old posts and noticed this one.
>
> *********************************************************************
> Since area authentication adds a password to the LSPs in the level-1
> database, that's where you can see it configured. As you can see this
> router has area authentication configured:
>
> R5#sh run | b ^router isis
> router isis
> net 49.0001.5555.5555.5555.00
> is-type level-1
> area-password cisco
>
> Now when you look at the LSP for this router in the level-1 database you
> can see that it has authentication configured:
>
> R5#sh isis database R5.00-00 level-1 detail
>
> IS-IS Level-1 LSP R5.00-00
> LSPID LSP Seq Num LSP Checksum LSP Holdtime
> ATT/P/OL
> R5.00-00 * 0x000000D3 0xD475 896 0/0/0
> Auth: Length: 6
> Area Address: 49.0001
> NLPID: 0xCC
> Hostname: R5
> IP Address: 133.1.1.5
> Metric: 10 IP 133.1.1.0 255.255.255.0
> Metric: 10 IP 133.1.2.0 255.255.255.0
> Metric: 10 IS R4.00
>
> There's a line saying 'Auth: Length: 6' which is not there when
> authentication is not configured.
>
> In a similar way domain authentication is visible in the level-2
> database with an extra TLV in the LSPs. Only for the interface level
> authentication I have not been able to find a decent show command.
>
> Regards,
>
> Tom Lijnse
> CCIE #11031
> Global Knowledge Netherlands
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Roy
> Dempsey
> Sent: Thursday, March 10, 2005 12:49 PM
> To: Cisco certification
> Subject: ISIS MD5 authentication
>
> Hi,
>
> Is there are a way to verify ISIS authentication? I'm testing key
> chain authentication between 2 hosts which were working without it.
> I've created a key chain and attached it to the interface using isis
> authentication mode and isis authentication key-chain commands.
>
> The ISIS neighbors didn't go down, and are still adjacent. However I
> don't see any mention of authentication when debugging adjacencies,
> and I can't find a show command that mentions it.
>
> I'm sure there must be a way to verify it...
>
> Thanks
> Roy
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "RE: navigating to Technical Tips"
• Previous message: CCIE_Exam: "Need CCIE partner"
• Maybe in reply to: Roy Dempsey: "ISIS MD5 authentication"
• Next in thread: Chuck Ryan: "Re: ISIS MD5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:44 GMT-3