beautypg.com

Configuring authentication – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 285

background image

Multi-Service IronWare Routing Configuration Guide

257

53-1003033-02

Globally configuring IS-IS on a device

Configuring authentication

By default, a Brocade device does not authenticate packets sent to or received from an end system
(ES) or other intermediate system (IS). In previous releases, the Multi-Service IronWare software let
you configure area, domain, and circuit passwords to direct the Brocade device to check for a
password in packets sent from the device.

The new method of configuring an authentication password introduces the option of using the
Hashed Message Authentication codes - Message Digest 5 (HMAC-MD5) algorithm.

This implementation is in conformance with RFC 3567 - Intermediate System to Intermediate
System (IS-IS) Cryptographic Authentication.

NOTE

The commands for setting the password used in previous versions of the Multi-Service IronWare
software are now hidden in the CLI, however they are backward compatible and will operate in this
release.

Configuring IS-IS authentication at the Router IS-IS mode

To configure IS-IS authentication at the Router IS-IS mode on a Brocade device, you must perform
the following tasks:

Configure IS-IS Authentication Mode

Configure IS-IS Authentication Key

Disable IS-IS Authentication Check (optional)

Configuring IS-IS authentication mode
The following commands configure the IS-IS for the authentication mode.

Brocade(config)# router isis

Brocade(config-isis-router)# auth-mode md5 level-1

Syntax: [no] auth-mode [ cleartext | md5 ] [ level-1 | level-2 ]

The cleartext parameter specifies that the IS-IS PDUs will be authenticated using a cleartext
password.

The md5 parameter specifies that the IS-IS PDUs will be authenticated using the Hashed Message
Authentication codes - Message Digest 5 (HMAC-MD5) algorithm.

The level-1 parameter specifies that the authentication type-length-value (TLV) tuple be added to
the L1 LSP, L1 CSNP, and LI PSNP packets.

The level-2 parameter specifies that the authentication TLV tuple be added to the L2 LSP, L2 CSNP,
and L2 PSNP packets.

NOTE

If the IS-IS interface is configured for point-to-point, the level-1 interface-level IS-IS authentication
configuration is applied.

Configuring IS-IS authentication key
The following commands configure an authentication key to be used with the mode specified in

“Configuring IS-IS authentication mode”

.

Brocade(config)# router isis

See also other documents in the category Brocade Computer Accessories: