[c-nsp] Finding source of ISIS authentication failure

daniel.dib at reaper.nu daniel.dib at reaper.nu
Mon Jul 1 14:07:29 EDT 2013


As pointed out to me by Ytti I was doing interface authentication
and you are doing LSP autentication. I changed my lab and got the
following debug from debug isis update-packets: 

ISIS-Upd: Rec L1 LSP
0000.0000.0002.00-00, seq 4, ht 1199,
ISIS-Upd: from SNPA c201.22dc.0000
%CLNS-4-AUTH_FAIL: ISIS: LSP authentication failed

So there you have the system ID which was 000.0000.0002 for my NET
which was 49.0001.0000.0000.0002 

This URL seems to explain it pretty


Best regards, 

Daniel Dib 

CCIE #37149 

2013-07-01 19:33 skrev
daniel.dib at reaper.nu: 

> When testing on 12.4 code I get the following
from debug isis
> adj-packets and debug isis authentication information:

> ISIS-Adj: Rec
> L2 IIH from c201.0d84.0000 (FastEthernet0/0), cir
type L1L2, cir id
> 0000.0000.0002.01, length 1497
> ISIS-AuthInfo:
Packet failed the md5
> check, 1497 bytes, type 16
> ISIS-Adj:
Authentication failed 
> So the MAC
> address and interface is
recorded. Don't you have these debugs or do
> your debugs not show this
> Best regards, 
> Daniel Dib
> CCIE #37149 
2013-07-01 18:31 skrev John Neiberger:
>> This box is
> running
12.2(33)SRC code. The TAC engineer and I haven't really
>> found
a good way to find what we're looking for. I have found some debugsthat
confirm that we're having an authentication problem but they alsodon't
show the source of the problem. Not even an interface.

[1] http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list