ISIS_1.3.6.1.3.37.2.0.9 isisAuthenticationTypeFailure

Description

ISIS/3/AUTHTYPE_FAIL:OID [oid] The authentication type of received PDU is different from local configuration. (sysInstance=[integer], sysInstanceofLevel=[integer], sysLevel=[integer], sysInstanceofCircIfIndex=[integer], circIndex=[integer], ifIndex=[integer], circIfIndex=[integer], pduFrag=[opaque], ifName=[string])

The received packet, including the LSP, CSNP, PSNP, and Hello packet, did not contain the authentication information, or the authentication type carried in the received packet was different from that of the local switch. For example, one end is configured with MD5 authentication, whereas the other end is configured with simple authentication.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.3.37.2.0.9	Minor	other(1)

Parameters

Name	Meaning
oid	Indicates the MIB object ID of the alarm.
sysInstance	Indicates the ID of the IS-IS process.
sysInstanceofLevel	Indicates the ID of the IS-IS process.
sysLevel	Indicates the IS-IS level: 1: Level-1 2: Level-2
sysInstanceofCircIfIndex	Indicates the ID of the IS-IS process.
circIndex	Indicates the index of the interface.
ifIndex	Indicates the index of the interface.
circIfIndex	Indicates the IF index of the interface.
pduFrag	Indicates the fragment of 64-byte PDU header.
ifName	Indicates the name of the interface.

Impact on the System

1. If the authentication of the Hello packet fails, IS-IS neighbors cannot be established.

2. If the authentication of the LSP or SNP fails, LSDBs cannot be synchronized; however, IS-IS neighbors can be established.

Possible Causes

1. Authentication was configured on the interface or process of the local end. The authentication type configured on the peer end was different from that configured on the local end.

2. Authentication was configured on the interface or process of the local end. The peer end, however, was not configured with authentication.

Procedure

Check the sysInstance field in the trap to identify the ID of the IS-IS process that receives the packet, and then check the sysLevel field to identify the level of the packet. The value 1 indicates Level-1 packets; the value 2 indicates Level-2 packets; the value 3 indicates P2P Hello packets. According to the IS-IS packet format defined in ISO 10589, check the IfName field in the trap to identify the interface that receives packets. Then, check the PduFrag field in the trap and obtain the system ID of the source router that sends the packet and packet type.

If the type of the packet is Hello, go to Step 2.
If the type of the packet is LSP or SNP, go to Step 4.

**Table 1** Methods of searching for system IDs and types of IS-IS packets
Searching for the Packet Type	Searching for the System ID
Hello: the 5th byte in the pdu-fragment field being 0f, 10, or 11	The system ID is continuous 6 bytes after the 10th byte in the pdu-fragment field
LSP: the 5th byte in the pdu-fragment field being 12 or 14	The system ID is continuous 6 bytes after the 13th byte in the pdu-fragment field
SNP: the 5th byte in the pdu-fragment field being 18, 19, 1A, or 1B	The system ID is continuous 6 bytes after the 11th byte in the pdu-fragment field

Run the display isis peer command on the source switch to check the interface that sends the packet. Run the display this command in the interface view to check whether the interface authentication mode is configured. If the interface authentication mode is configured, check whether it is consistent with the interface authentication mode of the local switch.
- If so, go to Step 6.
- If not, go to Step 3.
Run the isis authentication-mode command in the interface view of the source switch to configure the same authentication mode as the local switch. Ensure that the authentication passwords on the interfaces at both ends are the same. Then, check whether the trap is cleared.
- If so, go to Step 7.
- If not, go to Step 6.
Run the display current-configuration configuration isis command on the source switch to check whether the area or domain authentication mode is configured in the IS-IS process. If the area or domain authentication mode is configured, check whether it is the same as the authentication mode of the local switch, and ensure that the authentication passwords configured on the two ends are the same.
- If so, go to Step 6.
- If not, go to Step 5.
Run the area-authentication-mode (for Level-1 packets) command or the domain-authentication-mode (for Level-2 packets) command in the IS-IS view of the source switch to configure the same authentication mode as the local switch. Then check whether the trap is cleared.
- If so, go to Step 7.
- If not, go to Step 6.
Collect the trap information, log information, and configuration of the switch, and contact technical support personnel.
End.

Related Information

None