What you described seems to me that in the solution guide there's md5 authentication enabled
According to my notes: The IS-IS HMAC-MD5 auth feature adds an HMAC-MD5 digest to "each IS-IS PDU" And can be configured per instance/interface/level and any combination of these The old authentication methods however only secure some IS-IS PDUs IS-IS password on interface secures IIH IS-IS domain-password under router isis secures CSNP, and PSNP IS-IS area-password under router isis secures CSNP, and PSNP But you mentioned only hello needs to be secured so I guess you're right adam -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, March 25, 2011 5:00 PM To: [email protected] Subject: CCIE_SP Digest, Vol 48, Issue 9 Send CCIE_SP mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://onlinestudylist.com/mailman/listinfo/ccie_sp or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of CCIE_SP digest..." Today's Topics: 1. ISIS authentication question... (Eric Rioux) 2. Re: ISIS authentication question... (Eric Rioux) ---------------------------------------------------------------------- Message: 1 Date: Fri, 25 Mar 2011 09:58:55 -0400 From: Eric Rioux <[email protected]> To: [email protected], Cisco certification <[email protected]> Subject: [OSL | CCIE_SP] ISIS authentication question... Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Hi all, I'm working through IPX lab 6 right now. On task 2.2, it states: "Using minimal configuration, enable authentication for all L1 links. The password to use is "ipexpert"." The solution guide configures a key-chain and then sets the L1 auth type & key-chain reference under router isis. That's six lines of config per device, totaling 18 lines config. Is there a reason setting "isis password ipexert level-1" on each of the four interfaces would be incorrect in this scenario? This solution requires 4 total lines of config, and I see nothing in the wording to indicate anything more than Hellos/Adjacencies would need to be protected. Thanks, Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_sp/attachments/20110325/0c1e7ad2/attachment-0001.html> ------------------------------ Message: 2 Date: Fri, 25 Mar 2011 10:56:37 -0400 From: Eric Rioux <[email protected]> To: Jay McMickle <[email protected]> Cc: Cisco certification <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_SP] ISIS authentication question... Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" I forget which list is which... I honestly couldn't say if ISIS is on v3 or not (though it would surprise me if they yanked it). I'm testing on 4/4, so I've got no time to worry about what happens if I fail this v2 attempt. :) Eric On Fri, Mar 25, 2011 at 10:54 AM, Jay McMickle <[email protected]>wrote: > Try the IPExpert distribution list, maybe....;) > Plus, ISIS isn't on the Blueprint any longer, is it...? > > Regards, > Jay McMickle- CCNP,CCSP,CCDP > Sent from my iPhone > http://mycciepursuit.wordpress.com > > > On Mar 25, 2011, at 8:58 AM, Eric Rioux <[email protected]> wrote: > > > Hi all, > > > > I'm working through IPX lab 6 right now. On task 2.2, it states: > > > > "Using minimal configuration, enable authentication for all L1 links. > The > > password to use is "ipexpert"." > > > > The solution guide configures a key-chain and then sets the L1 auth type > & > > key-chain reference under router isis. > > > > That's six lines of config per device, totaling 18 lines config. > > > > Is there a reason setting "isis password ipexert level-1" on each of the > > four interfaces would be incorrect in this scenario? > > > > This solution requires 4 total lines of config, and I see nothing in the > > wording to indicate anything more than Hellos/Adjacencies would need to > be > > protected. > > > > Thanks, > > > > Eric > > > > > > Blogs and organic groups at http://www.ccie.net > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_sp/attachments/20110325/238764e7/attachment-0001.html> End of CCIE_SP Digest, Vol 48, Issue 9 ************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
