Step 6 commit
Configure Keychains for IS-IS
This task explains how to configure keychains for IS-IS. This task is optional.
Keychains can be configured at the router level ( lsp-password command) and at the interface level (
hello-password command) within IS-IS. These commands reference the global keychain configuration and
instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The
router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated
by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for
HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
4. interface type interface-path-id
5. hello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ]
6. commit
DETAILED STEPS
Step 1 configure
Step 2 router isis instance-id
Example:
RP/0/RP0/CPU0:router(config)# router isis isp
Enables IS-IS routing for the specified routing instance, and places the router in router configuration mode.
• You can change the level of routing to be performed by a particular routing instance by using the is-type command.
Step 3 l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
Example:
RP/0/RP0/CPU0:router(config-isis)# lsp-password keychain isis_a level 1
Configures the keychain.
Step 4 interface type interface-path-id
Example:
RP/0/RP0/CPU0:router(config-isis)# interface HundredGigE 0/1/0/3
Enters interface configuration mode.
Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
25
Implementing IS-IS
Configure Keychains for IS-IS
To Next Page
Loading...
