Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual
Page 286
258
Multi-Service IronWare Routing Configuration Guide
53-1003033-02
Globally configuring IS-IS on a device
Brocade(config-isis-router)# auth-mode md5 level-1
Brocade(config-isis-router)# auth-key supervisor level-1
Brocade(config-isis-router)# auth-key supervisor level-2
Syntax: [no] auth-key string [ level-1 | level-2 ]
The string variable specifies a text string that is used as an authentication password. The
authentication mode must be configured before this value can be configured.
By default, the authentication key is encrypted. If you want the authentication key to be in clear
text, insert a 0 between auth-key and string.
Example
Brocade(config-isis-router)# auth-key 0 supervisor level-1
The software adds a prefix to the authentication key string in the configuration. For example, the
following portion of the code has the encrypted code “2”.
auth-key 2 $on-n level-1
The prefix can be one of the following:
•
0 = the key string is not encrypted and is in clear text
•
1 = the key string uses proprietary simple cryptographic 2-way algorithm (only for Brocade
NetIron CES)
•
2 = the key string uses proprietary base64 cryptographic 2-way algorithm (only for Brocade
NetIron XMR and Brocade MLX series devices)
The level-1 parameter specifies that the authentication key specified here is used to authenticate
the L1 LSP, L1 CSNP and LI PSNP packets.
The level-2 parameter specifies that the authentication key specified here is used to authenticate
the L2 LSP, L2 CSNP and L2 PSNP packets.
You must enter a configuration for both level-1 and level-2 in order to enter the auth-key string.
NOTE
If the authentication mode is reset for the level specified, the authentication key must also be reset.
Disabling IS-IS authentication checking
When transitioning from one authentication mode to another, changing the authentication mode
can cause packets to drop because only some of the routers have been reconfigured. During such
a transition, it can be useful to disable IS-IS authentication checking temporarily until all routers
are reconfigured and the network is stable.
You can use the following commands to disable IS-IS authentication checking.
Brocade(config)# router isis
Brocade(config-isis-router)# no auth-check level-1
Syntax: [no] auth-check [ level-1 | level-2 ]
This command enables and disables IS-IS authentication checking. The default is enabled and the
[no] parameter disables authentication checking.
The level-1 parameter specifies that authentication checking is enabled/ disabled for L1 LSP, L1
CSNP and LI PSNP packets.
The level-2 parameter specifies that authentication checking is enabled/disabled for L2 LSP, L2
CSNP and L2 PSNP packets.