Jan 10 2009
ISIS Security part 2 – Video
A while ago I wrote a post on ISIS security. Here is a video to accompany the post.
Consider the topology below.
There are five ways to configure ISIS authentication. The methods differ in which packets they authenticate. Some authentication methods will tear down ISIS adjacencies if there is an authentication mismatch, others will remove any ISIS routes.
In summary we said the following 5 authentication configuration options were available in IOS.
1-area-password command
2-domain-password command
3-isis authentication key command
4-authentication key command
5-isis password command.
We can group the 5 methods into 2 categories, those which authenticate ISIS hello packets and those which authenticate ISIS LSP, CSNP and PSNP packets.
The isis-authentication key and isis password commands are used to authenticate ISIS hello packets.
The area-password, domain-password and authentication key commands are used to authenticate ISIS LSP, CSNP and PSNP packets.
The video below shows how to configure the above options. Click here to download and watch the video on your iPod.
