<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I have been trying to run a simple IS-IS configuration between
two routers and it seems that the neighborship between the two
stays established even when one is configured with md5
authentication and the other is not. Is the message-digest for
IS-IS actually working? I did not have enough time to look in the
code to see whether it is actually used so I am asking here
whether this is a known issue or not?</p>
<p>Also, I have a similar question for EIGRP. When configured
without authentication, two neighbors are established and some
routing information exchanged. When I tried to configure md5
authentication on one side, funny thing happened - the router WITH
the authentication still accepted hello packets from the other
router and listed this router as neighbor. The router WITHOUT
authentication did not list the other one as neighbor but also
refused to remove previously received routing information from the
routing table. When authentication is enabled on both sides, the
neighborship fails and is never established again. This leads me
to an assumption that the message-digest does not work with EIGRP.
Did anyone else encounter this?<br>
</p>
<p>EIGRP example here:</p>
<p><b>Router with authentication:</b><br>
</p>
<p>interface eth0<br>
ip authentication key-chain eigrp 1 eigrp<br>
ip authentication mode eigrp 1 md5</p>
<p>key chain eigrp<br>
key 1<br>
key-string secure_eigrp<br>
</p>
<p>router eigrp 1<br>
network 10.0.136.0/22 <br>
network 192.168.2.0/24 #dummy interface just for route exchange<br>
</p>
<p><br>
</p>
<p># sh ip eigrp neighbors</p>
<p>H Address Interface Hold Uptime SRTT
RTO Q Seq <br>
(sec) (ms) Cnt Num <br>
0 10.0.136.125 eth0 14 0
0 2 0 2</p>
<p><br>
</p>
<p><b>Router without authentication:</b></p>
<p>router eigrp 1<br>
network 10.0.136.0/22</p>
<p># sh ip eigrp neighbors</p>
<p>H Address Interface Hold Uptime SRTT
RTO Q Seq <br>
(sec) (ms) Cnt Num <br>
</p>
<p><empty></p>
<p># sh ip route</p>
<p>E>* 192.168.2.0/24 [90/30720] via 10.0.136.87, eth0, 00:04:45</p>
<p><br>
</p>
<p>Thanks for any info or ideas about this.</p>
<p>Regards,</p>
<p>Michal<br>
</p>
</body>
</html>