Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
0
Helpful
3
Replies

Enable IS-IS HMAC-MD5 authentication

Go to solution
avosdo
Level 1
Level 1

‎02-25-2013 01:12 AM - edited ‎03-04-2019 07:07 PM

Hello

We would like to enable IS-IS HMAC-MD5 authentication on an production network for LSP authentication including LSP, CSNP and PSNP.

The problem is that when we are applying the command  "authentication mode md5" under the isis process there is authentications failure and the router loses all routes from routing table. Is there any way to enable authentication without the router losing the routing or to "delay" the authentication until all routers are configured.


key chain IS-IS

key 1

  key-string xxx

router isis

authentication mode md5

authentication key-chain IS-IS

Best Regards

Antonis.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-25-2013 02:56 AM

Hello Antonis,

the ISIS configuration guide suggests the use of interface level command

isis authentication send-only

in order to ensure a smooth transition to a network to all routers using authentication. The command provides the capability to send authenticated PDUs and to receive non authenticated PDUs.

see

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-scty.html#GUID-C7D24C37-83C2-41BB-ADA2-5DCA8C241EDC

Also in key chain configuration mode you should be able to configure a start time for key validity and an end time if necessary.

This should also provide the capability of key rollover without isssues.

Hope to help

Giuseppe

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-25-2013 02:56 AM

Hello Antonis,

the ISIS configuration guide suggests the use of interface level command

isis authentication send-only

in order to ensure a smooth transition to a network to all routers using authentication. The command provides the capability to send authenticated PDUs and to receive non authenticated PDUs.

see

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-scty.html#GUID-C7D24C37-83C2-41BB-ADA2-5DCA8C241EDC

Also in key chain configuration mode you should be able to configure a start time for key validity and an end time if necessary.

This should also provide the capability of key rollover without isssues.

Hope to help

Giuseppe

0 Helpful

Go to solution
avosdo
Level 1
Level 1
In response to Giuseppe Larosa

‎02-26-2013 04:52 AM

Thank you Giuseppe

I will give it a try and let you know.

Regards

Antonis.

0 Helpful

Go to solution
avosdo
Level 1
Level 1
In response to Giuseppe Larosa

‎03-29-2013 11:50 AM

Giuseppe

Hello again. I have made the changes today. Everything went fine.

Best Regards

Antonis.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card