Topology:
Use configuration from Isis task #1 as initial configuration for this task.
Routers R1, R2, R4, R6, R7 and R8 area IOS routers.
Routers R3 and R5 are IOS-XR.
Requirements:
1. Configure router R8 in ISIS area 49.0002
2. Configure routers R4, R5, R6 and R7 in ISIS area 49.0003
3. Routers R6 and R7 should only have ISIS Level-1 database.
4. Routers R4 and R5 should only form Level-1 adjacency online R4-R5.
5. Traffic flowing between Area 2 and Area 3 (both directions) should NOT use link R1-R2, if alternative path is available.
6. Create interface Loopback100 on R3. Configure ipv4 address 100.100.100.100/32 on this interface. All devices in the topology should have connectivity to this interface. Do not use redistribution.
7. On link R1-R8, authenticate ISIS Hello's using password HPASS. The password should be visible in the configuration file.
8. Authenticate LSPs and SNPs in area 3 using password AREA3. Don't use "authentication" command on routers R6 and R7.
9. Authenticate Level-2 LSPs and SNPs using password DPASS. Use strongest authentication method. Configuration shall allow for easy key management in the future.
6. Create interface Loopback100 on R3. Configure ipv4 address 100.100.100.100/32 on this interface. All devices in the topology should have connectivity to this interface. Do not use redistribution.
7. On link R1-R8, authenticate ISIS Hello's using password HPASS. The password should be visible in the configuration file.
8. Authenticate LSPs and SNPs in area 3 using password AREA3. Don't use "authentication" command on routers R6 and R7.
9. Authenticate Level-2 LSPs and SNPs using password DPASS. Use strongest authentication method. Configuration shall allow for easy key management in the future.
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of multi-level ISIS, metrics, injection of default route into Level-2 and different authentication types.
Requirement #3 - configure R6 and R7 for ISIS level-1 only on protocol level, so Level-2 database is not created.
Requirement #5 - increase the ISIS metric on link R1-R2.
Requirement #6 - configure R3 to inject a default route into ISIS Level-2 domain.
Requirement #7 - use clear text (old style) interface authentication.
Requirement #8 - since authentication command not allowed on R6 and R7, use area-password configuration (old style). Routers R4 and R5 require new style configuration with "text" keyword, for compatibility with old style configuration of R6 and R7.
Requirement #9 - Use new style authentication, level-2, MD5 with key-chains for easy key management.
R1:
!
key chain CHAIN
key 1
key-string 7 013736256838
!
interface Ethernet1/0
ip address 11.0.18.1 255.255.255.0
ip router isis CCIE
isis password HPASS
!
router isis CCIE
net 49.0001.0000.0000.0001.00
authentication mode md5
authentication key-chain CHAIN level-2
!
R2:
!
key chain CHAIN
key 1
key-string 7 08057C6F3A2A
!
!
router isis CCIE
net 49.0001.0000.0000.0002.00
authentication mode md5
authentication key-chain CHAIN level-2
!
R3:
!
key chain CHAIN
key 1
accept-lifetime 00:00:00 january 01 1993 infinite
key-string password 13212733383F
send-lifetime 00:00:00 january 01 1993 infinite
cryptographic-algorithm HMAC-MD5
!
!
router isis CCIE
net 49.0001.0000.0000.0003.00
lsp-password Keychain Chain level 2
address-family ipv4 unicast
default-information originate
!
..
!
interface Loopback100
ipv4 address 100.100.100.100 255.255.255.255
!
R4:
!
!
key chain CHAIN
key 1
key-string 7 013736256838
key chain CHAIN2
key 1
key-string 7 096D7C2C3856
!
router isis CCIE
net 49.0003.0000.0000.0004.00
authentication mode text level-1
authentication mode md5 level-2
authentication key-chain CHAIN2 level-1
authentication key-chain CHAIN level-2
!
R5:
!
key chain CHAIN
key 1
accept-lifetime 00:00:00 january 01 1993 infinite
key-string password 112D29242421
send-lifetime 00:00:00 january 01 1993 infinite
cryptographic-algorithm HMAC-MD5
!
!
router isis CCIE
net 49.0003.0000.0000.0005.00
lsp-password text encrypted 047A39232E72 level 1
lsp-password keychain CHAIN level 2
..
..
!
R6:
!
router isis CCIE
net 49.0003.0000.0000.0006.00
is-type level-1
area-password AREA3 authenticate snp validate
!
R7:
!
router isis CCIE
net 49.0003.0000.0000.0007.00
is-type level-1
area-password AREA3 authenticate snp validate
!
R8:
!
key chain CHAIN
key 1
key-string 7 072B116D7D3A
!
!
interface Ethernet0/0
ip address 11.0.18.8 255.255.255.0
ip router isis CCIE
isis password HPASS
!
!
router isis CCIE
net 49.0002.0000.0000.0008.00
authentication mode md5
authentication key-chain CHAIN level-2
!