[j-nsp] ISIS Authentication Problems
Mark Tinka
mtinka at globaltransit.net
Fri Mar 9 11:38:21 EST 2012
On Saturday, March 10, 2012 12:07:29 AM John Neiberger
wrote:
> Nevermind, I just found the answer to my question. In
> IOS, if you add authentication to the interface it only
> authenticates the hello packets. If you add
> authentication to the routing instance, it authenticates
> LSPs but not hellos. If you want everything to be
> authenticated you have to configure authentication on
> the interface and on the routing instance.
That's right; in IOS and IOS XE, you'd configure
authentication just as you've mentioned, illustrated below
for IPv4 and IPv6:
key chain some-name-you-like
key 1
key-string <password-here>
!
interface GigabitEthernet0/0
<snip>
...
isis authentication mode md5 level-2
isis authentication key-chain some-name-you-like level-2
!
!
router isis 1
<snip>
...
authentication mode md5
authentication key-chain some-name-you-like level-2
!
Of course, in the above, you'd define whether you're
enabling authentication just on one or both levels.
This will be compatible with both Junos and IOS XR.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20120310/12564b0a/attachment.sig>
More information about the juniper-nsp
mailing list