domain-password CISCO
2) The interface level
isis authentication mode text level-2
isis password CISCO
What do the above do ?
I read on IEOC forum that these only authenticate the Hello PDU
whereas the Authentication on the ISIS instance authenticates LSP, CSNP, and PSNP PDUs
Whatever ??? I will investigate further...
3) The new way , key-chain and stuff, like RIP
key chain ISIS_LEVEL2
key 1
key-string CISCO
!
router isis
authentication mode text level-2
authentication key-chain ISIS_LEVEL2 level-2
More information on the CCO link here
There are three types of passwords
1)
Interface x
isis password CISCO --> Used to Initialise the Link.
2)
router isis
area-password CISCO --> used to authenticate links in the given area ( 49.xxxx)
=> Caveat area-password cannot be used for L2 adj
"If directly connected routers have area-authentication configured on one side of a link, CLNS IS-IS adjacency is formed between the two routes. However, the router on which area-authentication is configured, does not accept L1 LSPs from the CLNS neighbor with no area-authentication configured. However, the neighbor with no area-authentication does continue to accept both L1 and L2 LSPs."
3)
router isis
domain-password CISCO --> Used to authenticate links in the given domain (49)
=>Caveat
"If you configure domain authentication on one router, it rejects the L2 LSPs from routers that do not have domain authentication configured. Routers that do not have authentication configured accept the LSPs from the router that does have authentication configured."
No comments:
Post a Comment