Cisco Systems IOS XR Laptop User Manual


 
Implementing IS-IS on Cisco IOS XR Software
How to Implement IS-IS on Cisco IOS XR Software
RC-108
Cisco IOS XR Routing Configuration Guide
Configuring Authentication for IS-IS
This task explains how to configure authentication for IS-IS. This task is optional.
Authentication is available to limit the establishment of adjacencies by using the hello-password
configuration, and to limit the exchange of LSPs by using the LSP password.
IS-IS supports plain-text authentication, which does not provide security against hackers or other
unauthorized users. Plain-text authentication allows you to configure a password to prevent unauthorized
networking devices from forming adjacencies with this router. The password is exchanged as plain text
and is potentially visible to an agent able to view the IS-IS packets.
IS-IS stores a configured password using simple encryption. However, the plain-text form of the
password is used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible
to a process that can view IS-IS packets. The passwords can be entered in plain text (preceded by a 0) or
encrypted (preceded by a 7) form.
To set the domain password, configure the lsp-password for Level 2; to set the area password, configure
the lsp-password for Level 1.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. lsp-password {hmac-md5 | text} {clear | encrypted} password [level {1 | 2}] [send-only] [snp
send-only]
4. interface type instance
5. hello-password {hmac-md5 | text} {clear | encrypted} password [level {1 | 2}] [send-only]
6. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
router isis
instance-id
Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
You can change the level of routing to be performed by
a particular routing instance using the is-type
command.