ISIS-STD_1.3.6.1.2.1.138.0.10 isisAuthenticationFailure

Description

ISIS-STD/3/AUTH_FAIL:OID [oid] The authentication password of received PDU is different from local configuration. (NotificationSysLevelIndex=[integer], CircIfIndex=[integer], PduFrag=[opaque])

The authentication password contained in a received PDU is inconsistent with the locally configured one.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.2.1.138.0.10

Minor

environmentalAlarm(6)

Parameters

Name Meaning

oid

Indicates the MIB object ID of the alarm.

NotificationSysLevelIndex

IS-IS level of a device that sends the trap

CircIfIndex

Interface index

PduFrag

64-byte PDU header

Impact on the System

1. If Hello packets do not pass authentication, IS-IS neighbor relationships cannot be set up properly.

2. If LSPs or SNP packets do not pass authentication, LSDB synchronization will fail but IS-IS neighbor relationships will be set up properly.

Possible Causes

Authentication was configured on an interface or process of the local end, the authentication type configured on the peer end was the same as that configured on the local end, but the authentication passwords configured on the two ends were different.

Procedure

  1. Obtain the IS-IS process number and IS-IS level (1 indicates a Level-1 packet; 2 indicates a Level-2 packet; 3 indicates a P2P Hello packet) contained in the PDU based on the command output. Based on the IS-IS packet format defined in ISO10589, search for the if-index field (in decimal) in the trap and convert the decimal value into a hexadecimal value. Run the display rm interface command on the interface and search the command output for the information about the interface that receives the packet. The value of IfnetIndex in the interface information is the same as the hexadecimal if-index. Then, find the pdu-fragment field in the trap and obtain the system ID of the source wireless access controller that sends the packets and packet type.

    • If the packet type is Hello, go to Step 2.
    • If the packet type is LSP or SNP, go to Step 4.
    Table 1 Methods of identifying system IDs and types of IS-IS packets

    Identifying the Packet Type

    Identifying the System ID

    Hello: A Hello packet is identified when the 5th byte in the pdu-fragment field is 0f, 10, or 11.

    The six consecutive bytes beginning with the 10th byte in the pdu-fragment field constitute a System ID.

    LSP: An LSP is identified when the 5th byte in the pdu-fragment field is 12 or 14.

    The six consecutive bytes beginning with the 13th byte in the pdu-fragment field constitute a System ID.

    SNP: An SNP is identified when the 5th byte in the pdu-fragment field is 18, 19, 1A, or 1B.

    The six consecutive bytes beginning with the 11th byte in the pdu-fragment field constitute a System ID.

  2. Run the display isis peer command on the source wireless access controller to view the interface that sends the packet. Enter the view of this interface, and run the display this command to check the authentication password is the same as that configured on the local wireless access controller.

    • If the authentication passwords are the same, go to Step 6.

    • If the authentication passwords are different, go to Step 3.

  3. Run the isis authentication-mode command in the interface view of the source wireless access controller to configure the authentication password to be the same as that of the local wireless access controller. Then check whether the trap is cleared.

    • If the trap is cleared, go to Step 7.

    • If the trap is not cleared, go to Step 6.

  4. Run the display current-configuration configuration isis command on the source wireless access controller to check whether the area or domain authentication password configured in the IS-IS process is the same as that of the local wireless access controller.

    • If the area or domain authentication passwords are the same, go to Step 6.

    • If the area or domain authentication passwords are different, go to Step 5.

  5. Run the area-authentication-mode command (for Level-1 packets) or the domain-authentication-mode command (for Level-2 packets) in the IS-IS view of the source wireless access controller to configure the authentication password to be the same as that of the local wireless access controller. Then check whether the trap is cleared.

    • If the trap is cleared, go to Step 7.

    • If the trap is not cleared, go to Step 6.

  6. Collect alarm information and configuration information, and then contact technical support personnel.
  7. End.

Related Information

None

Parent topic: ISIS
Copyright © Huawei Technologies Co., Ltd.