Which two statements about IS-IS authentication are true?

Which two statements about IS-IS authentication are true? (Choose two.)
A. Level 2 LSPs transmit the password encrypted inside the IS-IS PDU.
B. Area and domain authentication must be configured together.
C. Passwords can be configured on a per-interface basis.
D. If LSP authentication is in use, unauthorized devices can form neighbor adiacencies.
E. Lever 1 LSPs use the domain password.

cisco-exams

3 thoughts on “Which two statements about IS-IS authentication are true?

  1. Answers should be A and C.

    IS-IS authentication is configured in a somewhat peculiar way: IIH packets are authenti-cated independently of LSP, CSNP, and PSNP packets.

    Authentication in IS-IS can be activated independently for IIH and independently for non-IIH (LSP, CSNP, PSNP) packets. IIH authentication is configured on interfaces and applies only to IIH packets exchanged with directly connected neighbors. Therefore, different interfaces of a router can use different IIH passwords. However, if non-IIH packets are to be authenticated, the same type of authentication and the same password must be configured on all routers in an area if L1 non-IIH authentication is used, or on all L2 routers in the domain if L2 non-IIH authentication is used. This behavior is unique to IS-IS: While IIH can be authenticated on each interface independently, authentication of non-IIH packets must be consistent across the entire area for L1, and across the entire domain for L2. While IIH can be authenticated on each interface independently, authentication of non-
    IIH packets must be consistent across the entire area for L1, and across the entire domain for L2.

    In other words, LSP authentication has no impact on IIH authentication

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.