check this link....it helped me understand ISIS authentication...
http://www.debugall.co.uk/2008/12/13/isis-security/
On Wed, Jul 1, 2009 at 9:29 AM, Rin<rintrum_at_gmail.com> wrote:
> Hi group,
>
>
>
> Two questions regarding ISIS authentication:
>
> 1. If the question ask to authenticate 5 ISIS PDU types (LAN Hello,
> point-to-point Hello, LSP, CSNP, PSNP), should I configure authentication
> under interface mode or routing process mode? The documentation states "The
> interface-related PDUs (LAN Hello, Point-to-Point Hello, CSNP, and PSNP) can
> be enabled with authentication on different interfaces, with different
> levels and different passwords." -->this means enabling authentication on
> interface will not authenticate LSP messages. So I reckon to authentication
> all 5 PDU types, I must configure under routing process mode like:
>
> router isis
>
> authentication mode md5
>
> authentication key-chain ISIS
>
> 2. When using old-style to configure ISIS domain password, should I add
> the keyword authenticate snp so that CSNP & PSPN are authenticated? I'm not
> really understand this statement from the documentation: "This password is
> inserted in Level 2 PDU link-state PDUs (LSPs), complete sequence number
> PDUs (CSNPs), and partial sequence number PDUs (PSNPs). If you specify the
> authenticate snp keyword along with either the validate or send-only
> keyword, the IS-IS routing protocol will insert the password into sequence
> number PDUs (SNPs)"
>
> Thanks
>
> Rin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 01 2009 - 10:09:32 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:21 ART