Cisco Cisco IOS Software Release 12.2(14)S
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
IS-IS HMAC-MD5 Authentication and Enhanced Clear Text Authentication
How to Configure IS-IS HMAC-MD5 Authentication or Enhanced Clear Text Authentication
12
Cisco IOS Release 12.2(14)S
Migrating from Old Clear Text Authentication to the New Clear Text
Authentication
Authentication
The benefits of migrating from the old method of clear text authentication to the new method of clear
text authentication are as follows:
text authentication are as follows:
•
Passwords are easier to change and maintain.
•
Passwords can be encrypted when the system configuration is being displayed (if you use key
management).
management).
Before you can configure authentication, you must decide whether to configure authentication for the
IS-IS instance or for individual IS-IS interfaces (both tasks are in this section).
IS-IS instance or for individual IS-IS interfaces (both tasks are in this section).
Migrating from Old Clear Text Authentication to the New Clear Text Authentication for the IS-IS
Instance
Instance
To achieve a smooth transition to authenticating LSPs, perform the following steps in the order shown,
which requires moving from router to router doing certain steps before all the steps are performed on
any one router.
which requires moving from router to router doing certain steps before all the steps are performed on
any one router.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
key chain name-of-chain
4.
key key-id
5.
key-string text
6.
exit
7.
router isis area-tag
8.
authentication send-only [level-1 | level-2]
9.
Repeat Steps 1 through 8 on each router that will communicate.
Step 11
isis authentication key-chain
name-of-chain [level-1 |
level-2
]
Example:
Router(config-if)# isis authentication key-chain
multistate87723
Enables MD5 authentication for an IS-IS interface.
•
Refer to the key management feature, which is
referenced in the “Related Documents”
section.
referenced in the “Related Documents”
section.
Step 12
Repeat Steps 10 and 11 on each router that will communicate. —
Step 13
Router(config-if)# no isis authentication send-only
Example:
Router(config-if)# no isis authentication send-only
Specifies that MD5 authentication is performed on
packets being sent and received on a specified IS-IS
interface.
packets being sent and received on a specified IS-IS
interface.
Step 14
Repeat Step13 on each router that will communicate.
—
Command
Purpose