is-is

Unanswered Question
Jul 27th, 2007

hi every body

i am using cisco press book for my bsci exam. There are some issues the book does not elaborate upon.

when we configure password on interface for any level , let say level-1,is this password inserted only in hello packet or all packets such as lsp,csnp,psnps.

second issue:

when we configure password for area or domain is this password inserted in all packets ?

thanks every one.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwgray Fri, 07/27/2007 - 08:16

Are you talking about ISIS levels or password levels? The 2 (I beleieve) are two seperate entities.


Password levels let you set privlidge level commands for users. ISIS levels allow routing between ISIS areas - a level-1 ISIS router has nothing to do with a level 1 router password.


If you want to protect the ISIS protocol from being intercepted you could encrypt the flow -though I don't recall reading how to do this in the book. This is the same for all of the protocols....


HTH

jcarrabine Fri, 07/27/2007 - 10:18

bwgray,



I believe this person is trying to setup IS-IS routing protocol authentication in which you can setup a plain text or MD5 password before routes are passed, but I'm not completely sure so I'll wait for more information.

bwgray Fri, 07/27/2007 - 10:26

Ok now it makes more sense...


Ok quick summary ISIS protocol has Level 1 & Level 2 routers - these make up ISIS areas and how they route to other areas. They have nothing to do with Router Password Levels.


The plain text or MD5 is the authentication used in encrypting your protocol during transmission between routers. *The type of password (key) is sent BETWEEN routers to establish the encrypted session.


Router passwords are simple passwords that allow or deny access to individual routers. They too can be plain text or encrypted passwords. But keep all of these concepts seperate, as they really are. There is no relation between your router password, and the router (key) used in protocol authentication. And neither have anything to do with ISIS.


If you need help with the config, you can post or email to me and I may be able to assist.


HTH

jcarrabine Sun, 08/05/2007 - 08:45

don't forget about level 1/2 routers...because level 1 routers can not communicate with level 2 routers directly.

etienne.basset Sun, 08/05/2007 - 11:03

hello!


authentication TLV can be attached to all ISIS packets (hello, p/csnp, lsp ...).


you can configure auth at three levels

a) on interface (to authenticate neighbors)

in this case, auth is done only on hello packets of the selected level. SNP/LSP are not authenticated

b) area wide authentication : auth TLV is attached to all L1 LSP and SNP within the area (all routers within the area must have same secret) but not to hello

c) domain wide : auth TLV is attached to all L2 LSP/SNP but not to hellos


good luck for your exam,

etienne


Actions

This Discussion