Simple Authentication

Simple authentication uses a text password (authentication key) that can be entered in encrypted or unencrypted form. The receiving router uses this authentication key to verify the packet.

You can configure the password for simple authentication by using the following commands:

• The area-authentication-key command assigns a password used by neighboring routers to authenticate IS-IS level 1 link-state PDUs (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNPs). This command also enables simple authentication of level 1 LSPs.
• The domain-authentication-key command assigns a password used by neighboring routers to authenticate IS-IS level 2 LSPs, CSNPs, and PSNPs. This command also enables simple authentication of level 2 LSPs.
• The isis authentication-key command assigns a password associated with a specific interface for authentication of IS-IS level 1 or level 2 hello packets. This command also enables simple authentication of level 1 or level 2 hello packets.

These commands enable simple authentication of LSPs and (for the isis authentication-key command) hello packets only; they do not enable authentication of CSNP and PSNP packets. To enable authentication of CSNPs or PSNPs, you must issue either the area-authentication command or the domain-authentication command. For information, see Enabling and Disabling Authentication of CSNPs and PSNPs.

Note: The router supports simple authentication for compatibility with existing IS-IS implementations. However, we recommend that you do not use the simple authentication method because it is insecure (the text can be “sniffed” ).

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.