ISIS authentication

Hi group,

Two questions regarding ISIS authentication:

1. If the question ask to authenticate 5 ISIS PDU types (LAN Hello,
point-to-point Hello, LSP, CSNP, PSNP), should I configure authentication
under interface mode or routing process mode? The documentation states "The
interface-related PDUs (LAN Hello, Point-to-Point Hello, CSNP, and PSNP) can
be enabled with authentication on different interfaces, with different
levels and different passwords." -->this means enabling authentication on
interface will not authenticate LSP messages. So I reckon to authentication
all 5 PDU types, I must configure under routing process mode like:

router isis

 authentication mode md5

 authentication key-chain ISIS

2. When using old-style to configure ISIS domain password, should I add
the keyword authenticate snp so that CSNP & PSPN are authenticated? I'm not
really understand this statement from the documentation: "This password is
inserted in Level 2 PDU link-state PDUs (LSPs), complete sequence number
PDUs (CSNPs), and partial sequence number PDUs (PSNPs). If you specify the
authenticate snp keyword along with either the validate or send-only
keyword, the IS-IS routing protocol will insert the password into sequence
number PDUs (SNPs)"

Thanks

Rin

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 01 2009 - 13:29:08 ART