Alcatel-Lucent 6850 Switch User Manual


 
Configuring IS-IS Configuring IS-IS
page 3-20 OmniSwitch 6800/6850/9000 Advanced Routing Configuration Guide December 2007
MD5 Authentication
MD5 authentication can be used to protect the system from malicious actions. MD5 authentication can be
used to encrypt information sent over the network. MD5 authentication works by using shared secret key.
Key is used to sign the packets with an MD5 checksum, so that the packets cannot be forged or tampered
with. Since the key is not included in the packet, snooping the key is not possible.
To enable MD5 authentication with plain text key on a router, enter the ip isis auth-type command, as
shown:
-> ip isis auth-type md5 key 12345
Here, only routers with MD5 authentication and password “12345” will be able to use the configured
interface.
You can also use the encrypt-key parameter to configure the password by supplying the encrypted form
of the password.
-> ip isis auth-type md5 encrypt-key 31fa061a5de5d1a8
If the encrypt-key parameter is used to configure the password through the CLI, then its value should be
the same as the one that appears in the configuration snapshot.
Note. Only valid system generated values are accepted as encrypt-key.
Global Authentication
The authentication check for all the IS-IS PDUs can be enabled or disabled globally by using the ip isis
auth-check command.
To enable the authentication check for IS-IS PDUs, enter the following:
-> ip isis auth-check enable
If enabled, IS-IS PDUs that fail to match either of the authentication type and key requirements are
rejected.
To disable the authentication check for IS-IS PDUs, enter the following:
-> ip isis auth-check disable
If disabled, the authentication PDUs are generated and the IS-IS PDUs are authenticated on receipt. An
error message will be generated in case of a mismatch; but PDUs will not be rejected.
Note. By default, authentication check is enabled.
IS-IS authentication can be enabled globally for Hello, CSNP, and PSNP packets.
To enable the authentication of Hello PDUs globally, enter the following:
-> ip isis hello-auth
To enable the authentication of CSNP PDUs globally, enter the following:
-> ip isis csnp-auth