Use this command to configure IS-IS authentication mode on an interface.
| md5 | Specifies MD5 as the IS-IS authentication mode for the interface. |
| text | Specifies text as the IS-IS authentication mode for the interface. |
| level-1 | (Optional) Specifies that the authentication mode configuration should be restricted to level 1. |
| level-2 | (Optional) Specifies that the authentication mode configuration should be restricted to level 2. |
If no level option is specified, the mode configuration is applied to both level 1 and level 2.
Interface configuration.
The IS-IS MD5 mode authentication provides a cryptographic hash MD5 digest to each IS-IS PDU, preventing unauthorized routing messages to enter the IS-IS domain.
IS-IS has five packet types: link state packet (LSP), LAN Hello, Serial Hello, CSNP, and PSNP. The MD5 authentication or the clear text password authentication is applied to each IS-IS PDU type. The IS-IS authentication defaults to level 1 and level 2 and can be restricted to level 1 or level 2.
The authentication mode for the interface can be configured without a preexisting key chain or password configuration, but interface level authentication is not enable until either a key chain or password is configured for the interface.
The “no” form of this command removes the interface IS-IS authentication mode configuration.
This example shows how to configure VLAN 100 IS-IS authentication to MD5 for a level 1 instance:
System(rw)->configure System(rw-config)->interface vlan 100 System(rw-config-intf-vlan.0.100)->isis authentication mode md5 level-1 System(rw-config-intf-vlan.0.100)->
Print
this page
Email this topic
Feedback
View PDF
Download EPUB