authentication

authentication

Configures the type of authentication, encryption, and the authentication key of a security association.

Syntax: authentication {hmac-md5 | cleartext} authenticationKey

hmac-md5

Sets the type of authentication to HMAC-MD5 for this security association.

cleartext

Sets the type of authentication to cleartext for this security association.

authenticationKey

Configure an authentication key. Keys may be up to 16 ASCII characters.

Description: A security association is a set of parameters that determine how two or more routers use security services. A security association bundles an authentication algorithm, start time, expiration time, authentication key, and IS-IS level and associates these parameters with a security key ID.

There are two types of configurable authentication: clear text and HMAC-MD5. Clear text authentication uses a clear text 128-bit authentication key. HMAC-MD5 authentication uses the MD5 cryptographic hash function with a 128-bit authentication key.

Authentication is enabled or disabled on a per-area basis. If authentication is enabled, the authentication key must be the same for all Level 1 routers.

Use the authentication hmac-md5 authenticationKey command to configure HMAC-MD5 authentication for this security association.

Use the authentication cleartext authenticationKey command to configure cleartext authentication for this security association.

Factory Default: No authentication configured.

Command Mode: Security configuration.

Example: In the following example:

The router isis command enables IS-IS on the router, specifies an IS-IS instance, and changes the command mode to Router configuration.

The security 1 level-1 command specifies a security association (1), the level of the association, and changes the command mode to Security configuration.

The authentication hmac-md5 configures the type of authentication used by this security association to HMAC-MD5 for this security association with an authentication key of sa-Key1:

The start-time command configures the start time for this security association at noon on November 30, 2001.

The end-time command configures the end time for this security association as noon on December 10, 2001,

The show isis security-association ID command displays the association:

router#router isis 10

router(config-router)#security 1 level-1

router(config-security)#authentication hmac-md5 sa-Key1

router(config-security)#start-time 12:00 november 20 2001

router(config-security)#end-time 12:00 december 10 2001

router(config-security)#end

router#show isis security-association 1

Security Association 1 level-1

Start time TUE NOV 06 13:10:16 2001

End time MON DEC 10 12:00:00 2001

Authentication algorithm HMAC-MD5

Related Commands: end-time
router isis
security
show isis security-association
start-time

hmac-md5	Sets the type of authentication to HMAC-MD5 for this security association.
cleartext	Sets the type of authentication to cleartext for this security association.
authenticationKey	Configure an authentication key. Keys may be up to 16 ASCII characters.

router#router isis 10 router(config-router)#security 1 level-1 router(config-security)#authentication hmac-md5 sa-Key1 router(config-security)#start-time 12:00 november 20 2001 router(config-security)#end-time 12:00 december 10 2001 router(config-security)#end router#show isis security-association 1 Security Association 1 level-1 Start time TUE NOV 06 13:10:16 2001 End time MON DEC 10 12:00:00 2001 Authentication algorithm HMAC-MD5

   Source File Name: ISIS.fm
    HTML File Name: ISIS2.html
    Last Updated: 05/10/04 at 16:35:45

authentication

Please email suggestions and comments to: doc@avici.com