isis hello-auth (on a port)

Specify the authentication type used for Intermediate-System-to-Intermediate-System (IS-IS) hello packets on the interface. The type can be one of the following: none, hmac-md5, or hmac-sha-256.

Syntax

default isis hello-auth
isis hello-auth type { none | simple | hmac-md5 | hmac-sha-256 }
isis hello-auth type { none | simple | hmac-md5 | hmac-sha-256 } key WORD<1-16>
isis hello-auth type { none | simple | hmac-md5 | hmac-sha-256 } key WORD<1-16> key-id <1-255>
no isis hello-auth

Command Parameters

key WORD<1-16>

Specifies the authentication key (password) used by the receiving router to verify the packet.

key-id <1-255>

Specifies the optional key ID.

type { none | simple | hmac-md5 | hmac-sha-256}

Specifies the authentication type used for IS-IS hello packets on the interface. The type can be one of the following: none, simple, hmac-md5, or hmac-sha-256. The default type is none. Use the no or default options to set the hello-auth type to none.

If simple is selected, you can also specify a key value. Simple password authentication uses a text password in the transmitted packet. The receiving router uses an authentication key (password) to verify the packet.
If hmac-md5 is selected, you can also specify a key value and key-id. MD5 authentication creates an encoded checksum in the transmitted packet. The receiving router uses an authentication key (password) to verify the MD5 checksum of the packet.
If hmac-sha-256 is selected, you can also specify a key value and key-id. With SHA-256 authentication, the switch adds an HMAC-SHA256 digest to each Hello packet. The switch that receives the Hello packet computes the digest of the packet and compares it with the received digest. If the digests match, the packet is accepted. If the digests do not match, the receiving switch discards the packet.

Default

The default is no authentication type (none).

Command Mode

GigabitEthernet Interface Configuration