Configure Remote IS-IS Hello Authentication on a Port

About this task

Perform this procedure to configure authentication type used for remote Intermediate-System-to-Intermediate-System (IS-IS) hello packets on the interface. The type can be one of the following: none, simple, hmac-md5, or hmac-sha-256.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the hello authentication type:

    isis remote hello-auth type {none | simple | hmac-md5 | hmac-sha-256} [key WORD<1-16>] [key-id <1-255>]

Example

Configuring the simple authentication type for remote IS-IS hello packets on port 1/2:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface gigabitEthernet 1/2
Switch:1(config-if)#isis remote hello-auth type simple key Test key-id 125 

Variable Definitions

The following table defines parameters for the isis remote hello-auth command.

Variable Value
key WORD<1-16>

Specifies the authentication key (password) that the receiving router uses to verify the packet.

key-id <1-255>

Specifies the optional key ID.

type {none | simple | hmac-md5 | hmac-sha-256}

Specifies the authentication type used for remote IS-IS hello packets on the interface. The type can be one of the following:

  • Simple - Simple password authentication uses a text password in the transmitted packet. The receiving router uses an authentication key (password) to verify the packet. You can also specify a key value.

  • hmac-md5 - MD5 authentication creates an encoded checksum in the transmitted packet. The receiving router uses an authentication key (password) to verify the MD5 checksum of the packet. You can also specify a key value and key-id.

  • hmac-sha-256 - With SHA-256 authentication, the switch adds an HMAC-SHA256 digest to each Hello packet. The switch that receives the Hello packet computes the digest of the packet and compares it with the received digest. If the digests match, the packet is accepted. If the digests do not match, the receiving switch discards the packet. You can also specify a key value and key-id.

The default type is none.