ISIS-STD_1.3.6.1.2.1.138.0.9 isisAuthenticationTypeFailure

Description

ISIS-STD/3/AUTHTYPE_FAIL:OID [oid] The authentication type of received PDU is different from local configuration. (NotificationSysLevelIndex=[integer], CircIfIndex=[integer], PduFrag=[opaque])

The authentication type contained in a received PDU was inconsistent with the locally configured one.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.2.1.138.0.9	Minor	other(1)

Parameters

Name	Meaning
oid	Indicates the MIB object ID of the alarm.
NotificationSysLevelIndex	IS-IS level of a device that sends the trap
CircIfIndex	Interface index
PduFrag	64-byte PDU header

Impact on the System

1. If Hello packets do not pass authentication, IS-IS neighbor relationships cannot be set up properly.

2. If LSPs or SNP packets do not pass authentication, LSDB synchronization will fail but IS-IS neighbor relationships will be set up properly.

Possible Causes

Cause 1: Authentication was configured on an interface or process of the local end, but the authentication type on the peer end was different from that on the local end.

Cause 2: Authentication was configured on an interface or process of the local end, but no authentication was configured on the peer end.

Procedure

Obtain the IS-IS process number based on the SysInstance field and IS-IS level (1 indicates a Level-1 packet; 2 indicates a Level-2 packet; 3 indicates a P2P Hello packet) based on the SysLevel field. Based on the IS-IS packet format defined in ISO10589, check the IfName field in the trap to identify the interface that receives packets. Then, find the PduFrag field and obtain the system ID of the source wireless access controller that sends the packets and packet type.

If the packet type is Hello, go to Step 2.
If the packet type is LSP or SNP, go to Step 4.

**Table 1** Methods of identifying system IDs and types of IS-IS packets
Identifying the Packet Type	Identifying the System ID
Hello: A Hello packet is identified when the 5th byte in the pdu-fragment field is 0f, 10, or 11.	The six consecutive bytes beginning with the 10th byte in the pdu-fragment field constitute a System ID.
LSP: An LSP is identified when the 5th byte in the pdu-fragment field is 12 or 14.	The six consecutive bytes beginning with the 13th byte in the pdu-fragment field constitute a System ID.
SNP: An SNP is identified when the 5th byte in the pdu-fragment field is 18, 19, 1A, or 1B.	The six consecutive bytes beginning with the 11th byte in the pdu-fragment field constitute a System ID.

Run the display isis peer command on the source wireless access controller to check the interface that sends packets. Enter the view of this interface, and run the display this command to check whether an interface authentication mode is configured. If an interface authentication mode is configured, check whether it is the same as the interface authentication mode of the local wireless access controller.
- If the interface authentication modes are the same, go to Step 6.
- If the interface authentication modes are different, go to Step 3.
Run the isis authentication-mode command in the interface view of the source wireless access controller to configure the authentication mode to be the same as that of the local wireless access controller, and ensure that the authentication passwords on the two ends are the same. Then check whether the trap is cleared.
- If the trap is cleared, go to Step 7.
- If the trap is not cleared, go to Step 6.
Run the display current-configuration configuration isis command on the source wireless access controller to check whether an area authentication mode or a domain authentication mode is configured in the IS-IS process. If an area authentication mode or a domain authentication mode is configured, check whether the area or domain authentication mode is same as that of the local wireless access controller, and ensure that the authentication passwords configured on the two ends are the same.
- If the area or domain authentication modes are the same, go to Step 6.
- If the area or domain authentication modes are different, go to Step 5.
Run the area-authentication-mode command (for Level-1 packets) or the domain-authentication-mode command (for Level-2 packets) in the IS-IS view of the source wireless access controller to configure the authentication mode to be the same as that of the local wireless access controller. Then check whether the trap is cleared.
- If the trap is cleared, go to Step 7.
- If the trap is not cleared, go to Step 6.
Collect alarm information and configuration information, and then contact technical support personnel.
End.

Related Information

None