[c-nsp] Finding source of ISIS authentication failure

daniel.dib at reaper.nu daniel.dib at reaper.nu
Mon Jul 1 14:07:29 EDT 2013


 

As pointed out to me by Ytti I was doing interface authentication
and you are doing LSP autentication. I changed my lab and got the
following debug from debug isis update-packets: 

ISIS-Upd: Rec L1 LSP
0000.0000.0002.00-00, seq 4, ht 1199,
ISIS-Upd: from SNPA c201.22dc.0000
(FastEthernet0/0)
%CLNS-4-AUTH_FAIL: ISIS: LSP authentication failed


So there you have the system ID which was 000.0000.0002 for my NET
which was 49.0001.0000.0000.0002 

This URL seems to explain it pretty
well:


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f36.shtml#tshoot
[3] 

Best regards, 

Daniel Dib 

CCIE #37149 

2013-07-01 19:33 skrev
daniel.dib at reaper.nu: 

> When testing on 12.4 code I get the following
from debug isis
> adj-packets and debug isis authentication information:

> 
> ISIS-Adj: Rec
> L2 IIH from c201.0d84.0000 (FastEthernet0/0), cir
type L1L2, cir id
> 0000.0000.0002.01, length 1497
> ISIS-AuthInfo:
Packet failed the md5
> check, 1497 bytes, type 16
> ISIS-Adj:
Authentication failed 
> 
> So the MAC
> address and interface is
recorded. Don't you have these debugs or do
> your debugs not show this
information? 
> 
> Best regards, 
> 
> Daniel Dib
> 
> CCIE #37149 
> 
>
2013-07-01 18:31 skrev John Neiberger:
> 
>> This box is
> 
> running
12.2(33)SRC code. The TAC engineer and I haven't really
> 
>> found
> 
>
a good way to find what we're looking for. I have found some debugsthat
confirm that we're having an authentication problem but they alsodon't
show the source of the problem. Not even an interface.




Links:
------
[1] http://puck.nether.net/pipermail/cisco-nsp/
[2]
https://puck.nether.net/mailman/listinfo/cisco-nsp
[3]
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f36.shtml#tshoot


More information about the cisco-nsp mailing list