Hi,
I'm trying to establish an MD5 authenticated ISIS session between MX and ASR routers.
ASR9k configuration:
router isis 1
net 49.0001.0030.0300.3003.00
nsf ietf
nsf lifetime 120
address-family ipv4 unicast
metric-style wide
mpls traffic-eng level-2-only
mpls traffic-eng router-id 3.3.3.3
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface TenGigE0/0/2/3
circuit-type level-2-only
point-to-point
lsp-interval 1
hello-interval 3
hello-password keychain exa-key
address-family ipv4 unicast
!
!
!
key chain exa-key
key 0
accept-lifetime 00:00:00 january 01 2000 infinite
key-string password 060317205B4F1B1C
cryptographic-algorithm MD5
!
!
MX configuration:
show protocols isis
reference-bandwidth 1000g;
spf-options delay 100;
graceful-restart restart-duration 120;
interface xe-2/0/3.0 {
lsp-interval 1;
point-to-point;
level 2 {
metric 100;
hello-authentication-key-chain exa-key;
hello-interval 3;
hold-time 9;
}
}
interface lo0.0 {
passive;
}
show security
authentication-key-chains {
key-chain exa-key {
key 0 {
secret "$9$.P5Fp0IEhrBIEyeK7Ns24"; ## SECRET-DATA
start-time "2000-1-1.00:00:00 +0200";
algorithm md5;
}
}
}
From isis adjacency debug of ASR9k I get the following error -
RP/0/RSP0/CPU0:ASR9K-R3#debug isis adjacencies interface tenGigE 0/0/2/3
Tue Aug 15 05:51:17.741 Jerusalem
RP/0/RSP0/CPU0:ASR9K-R3#RP/0/RSP0/CPU0:Aug 15 05:51:18.522 : isis[1006]: SEND P2P IIH (L2) on TenGigE0/0/2/3: Holdtime 9s, Length 1497
RP/0/RSP0/CPU0:Aug 15 05:51:20.638 : isis[1006]: BAD P2P IIH rcvd from TenGigE0/0/2/3 SNPA 44f4.771f.954d: dropped because authentication TLV not found
It is as if authentication is not even enabled on MX.
Please help :twitch:
Probably need
Quoteset level 2 authentication-type md5
inside router isis.