ISIS security

ISIS Authentication

By default, IS-IS authentication is disabled on all interfaces. Authentication operates separately on each level, and prevents from gaining routes from unauthenticated devices.

The below configuration shows how to create a clear authentication at Level-1 between rt1 and rt2 devices.

rt1

rt1 running vrf main# routing isis instance 1
rt1 running instance 1# area-password password-type PASSWORD-TYPE
rt1 running instance 1#! area-password password PASSWORD
rt1 running instance 1#

rt2

rt2 running vrf main# routing isis instance 1
rt2 running instance 1# area-password password-type PASSWORD-TYPE
rt2 running instance 1# area-password password PASSWORD
rt2 running instance 1#

The below configuration shows how to create a clear authentication at Level-2 between rt2 and rt3 devices.

rt2

rt2 running vrf main# routing isis instance 1
rt2 running instance 1# domain-password password-type PASSWORD-TYPE
rt2 running instance 1# domain-password password PASSWORD
rt2 running instance 1#

rt3

rt3 running vrf main# routing isis instance 1
rt3 running instance 1# domain-password password-type PASSWORD-TYPE
rt3 running instance 1# domain-password password PASSWORD
rt3 running instance 1#

PASSWORD is an alphanumerical string between 1 and 254 bytes and PASSWORD-TYPE which can be either clear or md5.

Note

IS-IS can use different password and password-type for each level.