Cisco Cisco IOS Software Release 12.2(14)S

When you are migrating from the old clear text authentication to HMAC-MD5 authentication, after you 
load the first router with an image that includes this feature, the router will continue to use the old clear 
text authentication with other routers on the network.

If you want HMAC-MD5 authentication, all routers in the authentication scope must have the new image 
before HMAC-MD5 can be configured. The scope can be either a Level 1 or Level 2 domain.

Before you can configure authentication, you must decide whether to configure authentication for the 
IS-IS instance or for individual IS-IS interfaces (both tasks are in this section).

To achieve a smooth transition to authenticating IS-IS packets, perform the following steps in the order 
shown, which requires moving from router to router doing certain steps before all the steps are performed 
on any one router.

When you configure the MD5 authentication, the area-password and domain-password command 
settings will be overridden automatically with the new authentication commands.

configure terminal 

key chain name-of-chain

key key-id

key-string text

router isis area-tag

authentication send-only [level-1 | level-2]

name-of-chain [level-1 | 

]

Router(config-if)# isis authentication key-chain 

multistate87723

Enables MD5 authentication for an IS-IS interface.

Refer to the key management feature, which is 
referenced in the “Related Documents” 
section.

Repeat Steps 10 and 11 on each router that will communicate. —

Router(config-if)# no isis authentication send-only 

Router(config-if)# no isis authentication send-only

Specifies that MD5 authentication is performed on 
packets being sent and received on a specified IS-IS 
interface.

Repeat Step 13 on each router that will communicate.

—