RE: Isis authentication - New Feature

From: Tom Lijnse (Tom.Lijnse@globalknowledge.nl)
Date: Tue Apr 19 2005 - 06:58:03 GMT-3

• Next message: Lee Donald: "RE: Recorded IPv6 Seminar Access"
• Previous message: Shinji Kanehori: "MPLS experimental bit manipulation"
• Maybe in reply to: gladston@br.ibm.com: "Isis authentication - New Feature"
• Next in thread: gladston@br.ibm.com: "RE: Isis authentication - New Feature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Key to this is the last quote in your email:

quoted
When area authentication is configured, the password is carried in the
L1 LSPs...

With the old commands you had to be aware that "Area" authentication
means authentication of level-1 LSPs, "Domain" means authentication of
level-2 LSPs and authentication on the interface authenticates hellos.

So when a task requires "Area authentication" that means that you're
required to authenticate all level-1 LSPs for that area. In the new
syntax that is expressed by simply using the level-1 keyword under the
routing process like this:

router isis
 authentication mode md5 level-1
 authentication key-chain TEST level-1

Hope this helps,

Tom Lijnse

CCIE#11031
Global Knowledge

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: maandag 18 april 2005 22:34
To: ccielab@groupstudy.com
Subject: Isis authentication - New Feature

Do the Area and Domain authentication still make sense after the new
feature MD5 for ISIS authentication?

The explanation on DOC CD for this new feature does not talk about
Domain or Area authentication.

If it does, how would it be Area authentication using MD5?

I just found examples explaining MD5 authentication for interface and
routing process, and within the routing process there is no option for
domain or area.

Would a question like this be possible?
"Configure area authentication using MD5"

New Feature
====================
quoted
IS-IS has five packet types: link state packet (LSP), LAN Hello, Serial
Hello, CSNP, and PSNP. The IS-IS HMAC-MD5 authentication or the clear
text password authentication can be applied to all five types of PDU.
The authentication can be enabled on different IS-IS levels
independently. The interface-related PDUs (LAN Hello, Serial Hello,
CSNP, and PSNP) can be enabled with authentication on different
interfaces, with different levels and different passwords.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwf
t/release/122s14/ftismd5.htm
====================

===================
quoted
When area authentication is configured, the password is carried in the
L1 LSPs...

http://www.cisco.com/warp/public/97/isis_authent.html#areaauth
===================

• Next message: Lee Donald: "RE: Recorded IPv6 Seminar Access"
• Previous message: Shinji Kanehori: "MPLS experimental bit manipulation"
• Maybe in reply to: gladston@br.ibm.com: "Isis authentication - New Feature"
• Next in thread: gladston@br.ibm.com: "RE: Isis authentication - New Feature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:00 GMT-3