IS-IS supports three types of plaintext authentication: link authentication, area authentication, and domain authentication. All these types support only plaintext password authentication. An RFC draft has added support for IS-IS MD5. The design recommendation is not to use any plaintext authentication and to use MD5 hashing for authentication. With MD5, a cryptographic hash is used instead of plaintext, and the password is never included in the PDU, thus making it more secure.

Routers in a common subnetwork (such as Ethernet or a private line) use link authentication. The plaintext password must be common only between the routers in the link. Level 1 and Level 2 routers use separate passwords. With area authentication, all routers in the area must use authentication and must have the same password.

Only L2 and L1/L2 routers use domain authentication. All L2 and L1/L2 routers must be configured for authentication and must use the same password.

IS-IS for IPv6

IS-IS in IPv6 functions the same as IS-IS in IPv4 and offers many of the same benefits. IPv6 enhancements to IS-IS allow IS-IS to advertise IPv6 prefixes in addition to IPv4 and OSI routes. Extensions to the IS-IS command-line interface (CLI) allow configuration of IPv6-specific parameters. IPv6 IS-IS extends the address families supported by IS-IS to include IPv6, in addition to OSI and IPv4.

IS-IS supports IPv6 as a separate protocol, as described in RFC 5308. The network layer protocol ID (NLPID) 142 (0x8E) identifies it as IPv6. Its operation and design retain the same characteristics as with IS-IS support for IPv4.

Multi-topologies for IS-IS are described in RFC 5120: M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs). M-ISIS allows for creating independent IP topologies within a single IS-IS domain. IPv4, IPv6, or IPv4/IPv6 may be configured on the interface for either Level 1, Level 2, or Level 1/2 routers. But if IPv4 and IPv6 are configured on the same interface, they must be running the same IS-IS level. It is important to know that if IPv4 and IPv6 are sharing the same topologies with the same router levels, there is no need for multi-topology or transition features.

IS-IS Summary

The characteristics of IS-IS are as follows:

• It is a link-state protocol.
• It uses OSI CNLP to communicate with routers.
• It is a classless protocol (and supports VLSM and CIDR).
• The default metric is set to 10 for all active interfaces.
• IS-IS has two interface types: point-to-point and broadcast.
• It uses a single path metric, with a single link maximum of 64 and a path maximum of 1024.
• It sends partial route updates only when there are changes.
• IS-IS authentication uses plaintext passwords.
• The administrative distance is 115.
• It is used in large networks and is sometimes attractive as compared to OSPF and EIGRP.
• It is described in ISO/IEC 10589, reprinted by the IETF as RFC 1142.
• IS-IS provides support for IPv4 and IPv6 as separate topologies.