IS-IS MD5 authentication with Juniper JUNOS 7.0

ping.zhao · ‎02-06-2005

1. Does anyone known how to configure IS-IS MD5 authentication with Juniper JUNOS 7.0?

2. I did configuration in Cisco BOX as:

!

key chain isis_key

key 1

key-string juniper

!

router isis

net 49.0001.1921.6800.0001.00

is-type level-2-only

authentication mode md5

authentication key-chain isis_key

metric-style wide

log-adjacency-changes all

passive-interface Dialer1

!

3. In Juniper BOX as:

}

protocols {

isis {

traceoptions {

file isis size 8m;

flag error;

}

reference-bandwidth 10g;

lsp-lifetime 65535;

level 2 {

authentication-key "$9$km5FCtOcyKn/yKM8dVqmf"; ## SECRET-DATA

authentication-type md5; ## SECRET-DATA

wide-metrics-only;

}

interface all;

interface fxp1.0 {

level 1 disable;

}

5. in IOS got msg:

Feb 7 07:08:48.868: %CLNS-4-AUTH_FAIL: ISIS: CSNP authentication failed

6. in JUNOS trace log as:

golab@j_r1# run show log isis | match internet

Feb 7 14:25:30 ERROR: IIH from internet with no matching areas, interface fe-0/0/1.0

7. Can anyone help? thanks

ping.zhao · ‎02-07-2005

It's work, in JUNOS when authentication enabled, they do IIH,SNP,LSP packets. But in IOS authentication in interfaces it does IIH, in IS-IS instace it does SNP, LSP, not IIH. so in IOS must do authentication in Interface and Instance both.

!

interface Ethernet0/0

ip router isis

isis metric 100

isis authentication mode md5

isis authentication key-chain isis_key

!