Date Tags notes

Here are my notes about how IS-IS deals with authentication. I'll be working on a simple network consisting of IOS XE, IOS XR and Junos based routers.

Here is reference diagram:

Reference lab diagram

Some initial checks

First, I'll start off by verifying IS-IS adjacencies on R6.

R6#sh isis neighbors

Tag 1:
System Id      Type Interface   IP Address      State Holdtime Circuit Id
R3             L2   Gi1        UP    22       02
R9             L1   Gi2        UP    25       01

I'll check routing table on R9, too.

R9#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is to network

i*L1 [115/10] via, 00:03:00, GigabitEthernet1 is subnetted, 1 subnets
C is directly connected, Loopback0 is variably subnetted, 3 subnets, 2 masks
i L1 [115/20] via, 00:24:00, GigabitEthernet1
C is directly connected, GigabitEthernet1
L is directly connected, GigabitEthernet1

So far, so good. R6 is L1L2 router, so it sets ATT bit on LSP it generates.

I wasn't able to find an operational command to verify IS-IS authentication status both on IOS XE and XR

  • IS-IS, similar to OSPF uses either plain text or MD5 authentication
  • It uses Authentication TLV #10 to carry these information
  • Authentication of protocol messages can be done on a per message type basis
  • IS-IS, just like OSPF uses fightback
  • IS-IS, unlike OSPF doesn't carry Cryptographic Sequence Numbers
  • It is possible to change keys without disrupting IS-IS adjacency


comments powered by Disqus