■IS-IS Neighbor 認証について
IS-ISでMD5を使用した認証の設定方法です。
IOS-XRとIOSでそれぞれ互いに設定を入れています。
————————————-
■IOS-XR
router isis 1
interface GigabitEthernet0/0/0/1
hello-password hmac-md5 cisco
————————————-
————————————-
■IOS
key chain IS-IS
key 1
key-string cisco
interface FastEthernet0/0
isis authentication mode md5 level-1
isis authentication key-chain IS-IS
————————————-
■トポロジと設定後のConfigは下記です。
■IOS-XR
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
!
interface Loopback6
ipv6 address 1::1/128
!
interface GigabitEthernet0/0/0/0
ipv4 address 12.12.12.1 255.255.255.0
ipv6 address 12::1/64
!
interface GigabitEthernet0/0/0/1
ipv4 address 13.13.13.1 255.255.255.0
ipv6 address 13::1/64
!
router isis 1
is-type level-1
net 49.0000.0000.0001.0000.00
address-family ipv4 unicast
metric-style wide
!
address-family ipv6 unicast
metric-style wide
!
interface Loopback0
address-family ipv4 unicast
!
!
interface Loopback6
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/1
hello-password hmac-md5 encrypted 0822455D0A16
address-family ipv4 unicast
metric 1000
!
address-family ipv6 unicast
metric 1000
!
!
!
end
■IOS
key chain IS-IS
key 1
key-string cisco
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis
!
interface Loopback6
no ip address
ipv6 address 3::3/128
ipv6 router isis
!
interface FastEthernet0/0
ip address 13.13.13.3 255.255.255.0
ip router isis
duplex full
ipv6 address 13::3/64
ipv6 router isis
isis metric 1000
isis authentication mode md5 level-1
isis authentication key-chain IS-IS
!
interface GigabitEthernet1/0
ip address 23.23.23.3 255.255.255.0
ip router isis
negotiation auto
ipv6 address 23::3/64
ipv6 router isis
!
interface GigabitEthernet2/0
ip address 34.34.34.3 255.255.255.0
ip router isis
negotiation auto
ipv6 address 34::3/64
ipv6 router isis
!
router isis
net 49.0000.0000.0003.0000.00
is-type level-1
metric-style wide
!
address-family ipv6
multi-topology
exit-address-family
!
■ログについて
IOS-XRとIOSの出力はNeighborとRIBをそれぞれ記載します。
お互いにNeighborが確立されLoopbbackアドレスの交換がされています。
■IOS-XR
RP/0/0/CPU0:XR1#show isis neighbors detail
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
R3 Gi0/0/0/1 ca03.3860.0000 Up 9 L1 Capable
Area Address(es): 49.0000
IPv4 Address(es): 13.13.13.3*
IPv6 Address(es): fe80::c803:38ff:fe60:0*
Topologies: ‘IPv4 Unicast’ ‘IPv6 Unicast’
Uptime: 00:02:11
RP/0/0/CPU0:XR1#show route ipv4 unicast
L 1.1.1.1/32 is directly connected, 00:45:04, Loopback0
i L1 3.3.3.3/32 [115/1010] via 13.13.13.3, 00:02:43, GigabitEthernet0/0/0/1
C 12.12.12.0/24 is directly connected, 00:45:04, GigabitEthernet0/0/0/0
L 12.12.12.1/32 is directly connected, 00:45:04, GigabitEthernet0/0/0/0
C 13.13.13.0/24 is directly connected, 00:45:04, GigabitEthernet0/0/0/1
L 13.13.13.1/32 is directly connected, 00:45:04, GigabitEthernet0/0/0/1
i L1 23.23.23.0/24 [115/1010] via 13.13.13.3, 00:02:43, GigabitEthernet0/0/0/1
i L1 34.34.34.0/24 [115/1010] via 13.13.13.3, 00:02:43, GigabitEthernet0/0/0/1
RP/0/0/CPU0:XR1#show route ipv6 unicast
L 1::1/128 is directly connected,
00:45:13, Loopback6
i L1 3::3/128
[115/1010] via fe80::c803:38ff:fe60:0, 00:02:52, GigabitEthernet0/0/0/1
C 12::/64 is directly connected,
00:45:12, GigabitEthernet0/0/0/0
L 12::1/128 is directly connected,
00:45:12, GigabitEthernet0/0/0/0
C 13::/64 is directly connected,
00:45:12, GigabitEthernet0/0/0/1
L 13::1/128 is directly connected,
00:45:12, GigabitEthernet0/0/0/1
i L1 23::/64
[115/1010] via fe80::c803:38ff:fe60:0, 00:02:52, GigabitEthernet0/0/0/1
i L1 34::/64
[115/1010] via fe80::c803:38ff:fe60:0, 00:02:52, GigabitEthernet0/0/0/1
RP/0/0/CPU0:XR1#
■IOS
R3#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
XR1 L1 Fa0/0 13.13.13.1 UP 29 R3.01
R3#show clns neighbors
System Id Interface SNPA State Holdtime Type Protocol
XR1 Fa0/0 0800.2724.287d Up 27 L1 M-ISIS
R3#show ip route
1.0.0.0/32 is subnetted, 1 subnets
i L1 1.1.1.1 [115/1010] via 13.13.13.1, 00:02:32, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
i L1 12.12.12.0 [115/1010] via 13.13.13.1, 00:02:32, FastEthernet0/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.13.13.0/24 is directly connected, FastEthernet0/0
L 13.13.13.3/32 is directly connected, FastEthernet0/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.3/32 is directly connected, GigabitEthernet1/0
34.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 34.34.34.0/24 is directly connected, GigabitEthernet2/0
L 34.34.34.3/32 is directly connected, GigabitEthernet2/0
R3#show ipv6 route
I1 1::1/128 [115/20]
via FE80::A00:27FF:FE24:287D, FastEthernet0/0
LC 3::3/128 [0/0]
via Loopback6, receive
I1 12::/64 [115/20]
via FE80::A00:27FF:FE24:287D, FastEthernet0/0
C 13::/64 [0/0]
via FastEthernet0/0, directly connected
L 13::3/128 [0/0]
via FastEthernet0/0, receive
C 23::/64 [0/0]
via GigabitEthernet1/0, directly connected
L 23::3/128 [0/0]
via GigabitEthernet1/0, receive
C 34::/64 [0/0]
via GigabitEthernet2/0, directly connected
L 34::3/128 [0/0]
via GigabitEthernet2/0, receive
L FF00::/8 [0/0]
via Null0, receive
