Configuring Keychains For Is-Is - Cisco ASR 9000 Series Configuration Manual

Implementing IS-IS
Command or Action
Step 4
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 5 hello-password { hmac-md5 | text } { clear | encrypted
} password [ level { 1 | 2 }] [ send-only ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-password
text clear mypassword
Step 6
commit

Configuring Keychains for IS-IS

This task explains how to configure keychains for IS-IS. This task is optional.
Keychains can be configured at the router level ( lsp-password command) and at the interface level (
hello-password command) within IS-IS. These commands reference the global keychain configuration and
instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The
router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated
by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for
HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
4. interface type interface-path-id
5. h ello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ]
6. commit
OL-30423-03
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.1.x
Configuring Keychains for IS-IS
Purpose
they are sent. It does not authenticate received LSPs
or SNPs.
• The snp send-only keyword adds authentication to
SNPs when they are sent. It does not authenticate
received SNPs.
To disable SNP password checking, the snp
Note
send-only keywords must be specified in the
lsp-password command.
Enters interface configuration mode.
Configures the authentication password for an IS-IS
interface.
303