From c1b10f2b227f441552f729c721cfb2038fdeb58a Mon Sep 17 00:00:00 2001
From: laxmikantchintakindi
 <159624484+laxmikantchintakindi@users.noreply.github.com>
Date: Fri, 15 Nov 2024 20:11:58 +0530
Subject: [PATCH] Feat(eos_cli_config_gen): Add support for additional modes
 and feature in isis authentication under `port-channel-interfaces` (#4353)

---
 .../documentation/devices/host1.md            |  66 ++++++-
 .../documentation/devices/router-isis.md      |   4 +-
 .../intended/configs/host1.cfg                |  41 +++-
 .../host1/port-channel-interfaces.yml         | 165 +++++++++++++++-
 .../intended/configs/host1.cfg                |   3 +
 .../host1/port-channel-interfaces.yml         |   3 +
 .../inventory/hosts.yml                       |   2 +-
 .../documentation/devices/SITE2-LER1.md       |   4 +-
 .../documentation/devices/SITE2-LSR2.md       |   4 +-
 .../docs/tables/port-channel-interfaces.md    | 176 +++++++++++++++++-
 .../documentation/port-channel-interfaces.j2  |  19 +-
 .../eos/port-channel-interfaces.j2            |  94 +++++++++-
 .../schema/eos_cli_config_gen.schema.yml      |  15 ++
 .../port_channel_interfaces.schema.yml        |  13 ++
 14 files changed, 581 insertions(+), 28 deletions(-)

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
index 77f2b52eb09..a9979dd5970 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
@@ -2542,7 +2542,12 @@ interface Dps1
 | Ethernet21 | - | - | - | - | - | - | - | Level-1: md5 |
 | Ethernet22 | - | - | - | - | - | - | - | Level-2: sha |
 | Ethernet23 | - | - | - | - | - | - | - | Level-2: shared-secret |
-| Ethernet81/10 | 110 | *ISIS_TEST | True | *99 | *point-to-point | *level-2 | *True | *text |
+| Ethernet74 | 3 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *sha |
+| Ethernet75 | 3 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *sha |
+| Ethernet77 | 8 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *Level-1: md5<br>Level-2: md5 |
+| Ethernet78 | 15 | *- | - | *- | *- | *- | *- | *md5 |
+| Ethernet79 | 16 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *md5 |
+| Ethernet81/10 | 110 | *ISIS_TEST | True | *99 | *point-to-point | *level-2 | *True | *- |
 
 *Inherited from Port-Channel Interface
 
@@ -3667,9 +3672,21 @@ interface Ethernet81/10
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode |
-| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- |
-| Port-Channel110 | ISIS_TEST | True | 99 | point-to-point | level-2 | True | text |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ |
+| Port-Channel3 | EVPN_UNDERLAY | - | - | - | - | - | sha |
+| Port-Channel8 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: md5<br>Level-2: md5 |
+| Port-Channel9 | - | - | - | - | - | - | Level-2: text |
+| Port-Channel10 | EVPN_UNDERLAY | - | - | - | - | - | sha |
+| Port-Channel12 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: sha |
+| Port-Channel13 | - | - | - | - | - | - | - |
+| Port-Channel15 | - | - | - | - | - | - | md5 |
+| Port-Channel16 | EVPN_UNDERLAY | - | - | - | - | - | md5 |
+| Port-Channel20 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: shared-secret<br>Level-2: shared-secret |
+| Port-Channel50 | EVPN_UNDERLAY | - | - | - | - | - | shared-secret |
+| Port-Channel51 | EVPN_UNDERLAY | - | - | - | - | - | shared-secret |
+| Port-Channel100 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: md5<br>Level-2: text |
+| Port-Channel110 | ISIS_TEST | True | 99 | point-to-point | level-2 | True | - |
 
 #### Port-Channel Interfaces Device Configuration
 
@@ -3684,6 +3701,9 @@ interface Port-Channel3
    switchport
    no snmp trap link-change
    shape rate 200000 kbps
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2 rx-disabled
+   isis authentication key 0 <removed>
 !
 interface Port-Channel5
    description DC1_L2LEAF1_Po1
@@ -3722,6 +3742,11 @@ interface Port-Channel8
    description to Dev02 Port-channel 8
    no switchport
    switchport port-security violation protect
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 level-1
+   isis authentication mode md5 level-2
+   isis authentication key 0 <removed> level-1
+   isis authentication key 0 <removed> level-2
 !
 interface Port-Channel8.101
    description to Dev02 Port-Channel8.101 - VRF-C1
@@ -3735,6 +3760,8 @@ interface Port-Channel9
    bfd echo
    bfd neighbor 10.1.2.4
    bfd per-link rfc-7130
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 <removed> level-2
    spanning-tree guard root
 !
 interface Port-Channel10
@@ -3747,6 +3774,9 @@ interface Port-Channel10
       identifier 0000:0000:0404:0404:0303
       route-target import 04:04:03:03:02:02
    shape rate 50 percent
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2
+   isis authentication key 0 <removed>
 !
 interface Port-Channel12
    description interface_in_mode_access_with_voice
@@ -3755,6 +3785,8 @@ interface Port-Channel12
    switchport phone trunk untagged
    switchport mode trunk phone
    switchport
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 level-1
 !
 interface Port-Channel13
    description EVPN-Vxlan single-active redundancy
@@ -3767,6 +3799,13 @@ interface Port-Channel13
       designated-forwarder election hold-time 10
       designated-forwarder election candidate reachability required
       route-target import 00:00:01:02:03:04
+   isis authentication key-id 2 algorithm sha-512 key 0 <removed>
+   isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 <removed>
+   isis authentication key-id 1 algorithm sha-1 key 0 <removed> level-1
+   isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 <removed> level-1
+   isis authentication key-id 5 algorithm sha-1 key 0 <removed> level-1
+   isis authentication key-id 1 algorithm sha-1 key 0 <removed> level-2
+   isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 <removed> level-2
 !
 interface Port-Channel14
    description EVPN-MPLS multihoming
@@ -3784,6 +3823,8 @@ interface Port-Channel15
    switchport mode trunk
    switchport
    mlag 15
+   isis authentication mode md5 rx-disabled
+   isis authentication key 0 <removed>
    spanning-tree guard loop
    link tracking group EVPN_MH_ES2 upstream
 !
@@ -3799,6 +3840,9 @@ interface Port-Channel16
    mlag 16
    switchport port-security violation protect log
    switchport port-security mac-address maximum 100
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5
+   isis authentication key 0 <removed>
    spanning-tree guard none
    switchport backup-link Port-Channel100.102 prefer vlan 20
 !
@@ -3814,6 +3858,9 @@ interface Port-Channel20
    switchport mode access
    switchport
    l2-protocol encapsulation dot1q vlan 200
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-1
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-2
 !
 interface Port-Channel50
    description SRV-POD03_PortChanne1
@@ -3825,6 +3872,8 @@ interface Port-Channel50
       identifier 0000:0000:0303:0202:0101
       route-target import 03:03:02:02:01:01
    lacp system-id 0303.0202.0101
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled
 !
 interface Port-Channel51
    description ipv6_prefix
@@ -3838,6 +3887,8 @@ interface Port-Channel51
    switchport port-security vlan 2 mac-address maximum 3
    switchport port-security vlan 3 mac-address maximum 3
    switchport port-security vlan default mac-address maximum 2
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1
 !
 interface Port-Channel99
    description MCAST
@@ -3880,6 +3931,11 @@ interface Port-Channel100
    switchport pvlan mapping 20-30
    switchport port-security
    switchport port-security mac-address maximum disabled
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 rx-disabled level-1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 <removed> level-1
+   isis authentication key 0 <removed> level-2
    switchport backup-link Port-channel51
    switchport backup preemption-delay 35
    switchport backup mac-move-burst 20
@@ -3977,8 +4033,6 @@ interface Port-Channel110
    isis metric 99
    isis hello padding
    isis network point-to-point
-   isis authentication mode text
-   isis authentication key 7 <removed>
 !
 interface Port-Channel111
    description Flexencap Port-Channel
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md
index b39fd4d3726..1f1f5157045 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md
@@ -133,8 +133,8 @@ interface Ethernet6
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode |
-| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ |
 | Port-Channel4 | EVPN_UNDERLAY | - | 50 | point-to-point | level-2 | - | - |
 | Port-Channel5 | EVPN_UNDERLAY | - | 50 | passive | - | - | - |
 | Port-Channel6 | EVPN_UNDERLAY | - | 100 | - | level-1-2 | - | - |
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
index 3ee63a78e29..3ff39986fad 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
@@ -916,6 +916,9 @@ interface Port-Channel3
    switchport
    no snmp trap link-change
    shape rate 200000 kbps
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2 rx-disabled
+   isis authentication key 0 password
 !
 interface Port-Channel5
    description DC1_L2LEAF1_Po1
@@ -954,6 +957,11 @@ interface Port-Channel8
    description to Dev02 Port-channel 8
    no switchport
    switchport port-security violation protect
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 level-1
+   isis authentication mode md5 level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password1 level-2
 !
 interface Port-Channel8.101
    description to Dev02 Port-Channel8.101 - VRF-C1
@@ -967,6 +975,8 @@ interface Port-Channel9
    bfd echo
    bfd neighbor 10.1.2.4
    bfd per-link rfc-7130
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-2
    spanning-tree guard root
 !
 interface Port-Channel10
@@ -979,6 +989,9 @@ interface Port-Channel10
       identifier 0000:0000:0404:0404:0303
       route-target import 04:04:03:03:02:02
    shape rate 50 percent
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 2
+   isis authentication key 0 password
 !
 interface Port-Channel12
    description interface_in_mode_access_with_voice
@@ -987,6 +1000,8 @@ interface Port-Channel12
    switchport phone trunk untagged
    switchport mode trunk phone
    switchport
+   isis enable EVPN_UNDERLAY
+   isis authentication mode sha key-id 5 level-1
 !
 interface Port-Channel13
    description EVPN-Vxlan single-active redundancy
@@ -999,6 +1014,13 @@ interface Port-Channel13
       designated-forwarder election hold-time 10
       designated-forwarder election candidate reachability required
       route-target import 00:00:01:02:03:04
+   isis authentication key-id 2 algorithm sha-512 key 0 password
+   isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 password1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-1
+   isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 password level-1
+   isis authentication key-id 5 algorithm sha-1 key 0 password3 level-1
+   isis authentication key-id 1 algorithm sha-1 key 0 password level-2
+   isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 password level-2
 !
 interface Port-Channel14
    description EVPN-MPLS multihoming
@@ -1016,6 +1038,8 @@ interface Port-Channel15
    switchport mode trunk
    switchport
    mlag 15
+   isis authentication mode md5 rx-disabled
+   isis authentication key 0 password
    spanning-tree guard loop
    link tracking group EVPN_MH_ES2 upstream
 !
@@ -1031,6 +1055,9 @@ interface Port-Channel16
    mlag 16
    switchport port-security violation protect log
    switchport port-security mac-address maximum 100
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5
+   isis authentication key 0 password
    spanning-tree guard none
    switchport backup-link Port-Channel100.102 prefer vlan 20
 !
@@ -1046,6 +1073,9 @@ interface Port-Channel20
    switchport mode access
    switchport
    l2-protocol encapsulation dot1q vlan 200
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-1
+   isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-2
 !
 interface Port-Channel50
    description SRV-POD03_PortChanne1
@@ -1057,6 +1087,8 @@ interface Port-Channel50
       identifier 0000:0000:0303:0202:0101
       route-target import 03:03:02:02:01:01
    lacp system-id 0303.0202.0101
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled
 !
 interface Port-Channel51
    description ipv6_prefix
@@ -1070,6 +1102,8 @@ interface Port-Channel51
    switchport port-security vlan 2 mac-address maximum 3
    switchport port-security vlan 3 mac-address maximum 3
    switchport port-security vlan default mac-address maximum 2
+   isis enable EVPN_UNDERLAY
+   isis authentication mode shared-secret profile profile1 algorithm sha-1
 !
 interface Port-Channel99
    description MCAST
@@ -1112,6 +1146,11 @@ interface Port-Channel100
    switchport pvlan mapping 20-30
    switchport port-security
    switchport port-security mac-address maximum disabled
+   isis enable EVPN_UNDERLAY
+   isis authentication mode md5 rx-disabled level-1
+   isis authentication mode text rx-disabled level-2
+   isis authentication key 0 password level-1
+   isis authentication key 0 password level-2
    switchport backup-link Port-channel51
    switchport backup preemption-delay 35
    switchport backup mac-move-burst 20
@@ -1209,8 +1248,6 @@ interface Port-Channel110
    isis metric 99
    isis hello padding
    isis network point-to-point
-   isis authentication mode text
-   isis authentication key 7 asfddja23452
 !
 interface Port-Channel111
    description Flexencap Port-Channel
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml
index 928a4e8405a..8c4d4e37f40 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml
@@ -69,12 +69,36 @@ port_channel_interfaces:
         private_vlan_secondary: false
     mlag: 15
     spanning_tree_guard: loop
+    # Test isis authentication both md5 rx
+    isis_authentication:
+      both:
+        key_type: 0
+        key: password
+        mode: md5
+        rx_disabled: true
+      level_1:
+        key_type: 0
+        key: password
+        mode: md5
+        rx_disabled: true
+      level_2:
+        key_type: 0
+        key: password
+        mode: text
+        rx_disabled: true
 
   - name: Port-Channel16
     description: DC1_L2LEAF4_Po1
     snmp_trap_link_change: true
     mlag: 16
     spanning_tree_guard: disabled
+    # Test isis auth both md5
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      both:
+        key_type: 0
+        key: password
+        mode: md5
     switchport:
       mode: trunk
       port_security:
@@ -110,6 +134,16 @@ port_channel_interfaces:
         groups:
           - LEAF_PEER_L3
           - MLAG
+    isis_enable: "EVPN_UNDERLAY"
+    # Test isis auth both sha rx
+    isis_authentication:
+      both:
+        key_type: 0
+        key: password
+        mode: sha
+        sha:
+          key_id: 2
+        rx_disabled: true
 
   - name: Port-Channel10
     description: SRV01_bond0
@@ -123,6 +157,15 @@ port_channel_interfaces:
       route_target: "04:04:03:03:02:02"
     shape:
       rate: 50 percent
+    # Test isis auth both sha
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      both:
+        key_type: 0
+        key: password
+        mode: sha
+        sha:
+          key_id: 2
 
   - name: Port-Channel50
     description: SRV-POD03_PortChanne1
@@ -135,6 +178,15 @@ port_channel_interfaces:
       identifier: "0000:0000:0303:0202:0101"
       route_target: "03:03:02:02:01:01"
     lacp_id: 0303.0202.0101
+    # Test isis auth both shared secret rx
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      both:
+        mode: shared-secret
+        shared_secret:
+          profile: profile1
+          algorithm: sha-1
+        rx_disabled: true
 
   - name: Port-Channel51
     description: ipv6_prefix
@@ -158,11 +210,33 @@ port_channel_interfaces:
         valid_lifetime: infinite
         preferred_lifetime: infinite
         no_autoconfig_flag: true
+    # Test isis auth both shared secret
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      both:
+        mode: shared-secret
+        shared_secret:
+          profile: profile1
+          algorithm: sha-1
 
   - name: Port-Channel100
     logging:
       event:
         link_status: true
+    # Test isis auth both l1l2 md5 rx
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      level_1:
+        key_type: 0
+        key: password
+        mode: md5
+        rx_disabled: true
+      level_2:
+        key_type: 0
+        key: password
+        mode: text
+        rx_disabled: true
+
     switchport:
       enabled: false
       port_security:
@@ -262,6 +336,17 @@ port_channel_interfaces:
       port_security:
         violation:
           mode: protect
+    # Test isis auth l1l2 md5
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      level_1:
+        key_type: 0
+        key: password
+        mode: md5
+      level_2:
+        key_type: 0
+        key: password1
+        mode: md5
 
   - name: Port-Channel8.101
     description: to Dev02 Port-Channel8.101 - VRF-C1
@@ -283,7 +368,12 @@ port_channel_interfaces:
         enabled: true
         rfc_7130: true
     spanning_tree_guard: root
-
+    isis_authentication:
+      level_2:
+        key_type: 0
+        key: password
+        mode: text
+        rx_disabled: true
   - name: Port-Channel20
     description: Po_in_mode_access_accepting_tagged_LACP_frames
     switchport:
@@ -292,6 +382,21 @@ port_channel_interfaces:
       access_vlan: 200
     l2_protocol:
       encapsulation_dot1q_vlan: 200
+    # Test isis auth l1l2 shared secret rx
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      level_1:
+        mode: shared-secret
+        shared_secret:
+          profile: profile1
+          algorithm: sha-256
+        rx_disabled: true
+      level_2:
+        mode: shared-secret
+        shared_secret:
+          profile: profile2
+          algorithm: sha-1
+        rx_disabled: true
 
   - name: Port-Channel12
     description: interface_in_mode_access_with_voice
@@ -303,6 +408,13 @@ port_channel_interfaces:
       phone:
         trunk: untagged
         vlan: 70
+    # Test isis auth l1l2 sha
+    isis_enable: "EVPN_UNDERLAY"
+    isis_authentication:
+      level_1:
+        mode: sha
+        sha:
+          key_id: 5
 
   - name: Port-Channel13
     description: EVPN-Vxlan single-active redundancy
@@ -318,6 +430,55 @@ port_channel_interfaces:
         hold_time: 10
         candidate_reachability_required: true
       route_target: "00:00:01:02:03:04"
+    isis_authentication:
+      both:
+        key_ids:
+          - id: 2
+            algorithm: sha-512
+            key_type: 0
+            key: password
+            rfc_5310: false
+          - id: 3
+            algorithm: sha-512
+            key_type: 0
+            key: password1
+            rfc_5310: true
+      level_1:
+        key_ids:
+          - id: 1
+            algorithm: sha-1
+            key_type: 0
+            key: password
+            rfc_5310: false
+          - id: 4
+            algorithm: sha-1
+            key_type: 0
+            key: password
+            rfc_5310: true
+          - id: 3
+            algorithm: sha-1
+            key_type: 0
+            key: password3
+          - id: 5
+            algorithm: sha-1
+            key_type: 0
+            key: password3
+      level_2:
+        key_ids:
+          - id: 1
+            algorithm: sha-1
+            key_type: 0
+            key: password
+            rfc_5310: false
+          - id: 5
+            algorithm: sha-1
+            key_type: 0
+            key: password
+            rfc_5310: true
+          - id: 3
+            algorithm: sha-1
+            key_type: 0
+            key: password2
 
   - name: Port-Channel14
     switchport:
@@ -448,8 +609,6 @@ port_channel_interfaces:
     isis_network_point_to_point: true
     isis_circuit_type: level-2
     isis_hello_padding: true
-    isis_authentication_mode: text
-    isis_authentication_key: "asfddja23452"
 
   - name: Port-Channel111
     description: Flexencap Port-Channel
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg
index c77bbd73d11..a8cc4f87808 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg
@@ -20,6 +20,9 @@ interface Port-Channel3
    switchport trunk group group1
    switchport trunk group group2
    switchport
+   isis enable ISIS_TEST
+   isis authentication mode md5
+   isis authentication key 7 asfddja23452
 !
 interface Port-Channel4
    description Test_native_vlan_tag_and_phone
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml
index 89927dfdcbb..850719480d3 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml
@@ -20,6 +20,9 @@ port_channel_interfaces:
     trunk_groups:
       - group1
       - group2
+    isis_enable: ISIS_TEST
+    isis_authentication_mode: md5
+    isis_authentication_key: "asfddja23452"
 
   - name: Port-Channel4
     description: Test_native_vlan_tag_and_phone
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml
index 70f3887fd4f..d046ea8abcb 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml
@@ -1,5 +1,5 @@
 ---
-all:
+test_hosts:
   groups:
     IGNORE_IN_PYTEST:
       hosts: # TODO: Remove inline jinja
diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md
index 6159f6f7cf2..f927542bff6 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md
+++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md
@@ -358,8 +358,8 @@ interface Ethernet14
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode |
-| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ |
 | Port-Channel11 | CORE | - | 60 | point-to-point | level-2 | False | md5 |
 | Port-Channel220 | CORE | - | 60 | point-to-point | level-2 | False | md5 |
 
diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md
index 2b45c47566c..c8d33865e97 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md
+++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md
@@ -237,8 +237,8 @@ interface Ethernet15
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode |
-| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ |
 | Port-Channel12 | CUSTOM_NAME | - | 60 | point-to-point | level-2 | False | md5 |
 | Port-Channel110 | CUSTOM_NAME | - | 60 | point-to-point | level-2 | False | md5 |
 
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md
index f4395449d40..1f9046c64f0 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md
@@ -124,8 +124,57 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_network_point_to_point</samp>](## "port_channel_interfaces.[].isis_network_point_to_point") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_circuit_type</samp>](## "port_channel_interfaces.[].isis_circuit_type") | String |  |  | Valid Values:<br>- <code>level-1-2</code><br>- <code>level-1</code><br>- <code>level-2</code> |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_hello_padding</samp>](## "port_channel_interfaces.[].isis_hello_padding") | Boolean |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_authentication_mode</samp>](## "port_channel_interfaces.[].isis_authentication_mode") | String |  |  | Valid Values:<br>- <code>text</code><br>- <code>md5</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_authentication_key</samp>](## "port_channel_interfaces.[].isis_authentication_key") | String |  |  |  | Type-7 encrypted password. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_authentication_mode</samp>](## "port_channel_interfaces.[].isis_authentication_mode") <span style="color:red">deprecated</span> | String |  |  | Valid Values:<br>- <code>text</code><br>- <code>md5</code> | <span style="color:red">This key is deprecated. Support will be removed in AVD version v6.0.0. Use <samp>port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode</samp> instead.</span> |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_authentication_key</samp>](## "port_channel_interfaces.[].isis_authentication_key") <span style="color:red">deprecated</span> | String |  |  |  | Type-7 encrypted password.<span style="color:red">This key is deprecated. Support will be removed in AVD version v6.0.0. Use <samp>port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key</samp> instead.</span> |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;isis_authentication</samp>](## "port_channel_interfaces.[].isis_authentication") | Dictionary |  |  |  | This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;both</samp>](## "port_channel_interfaces.[].isis_authentication.both") | Dictionary |  |  |  | Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_type") | String |  |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.both.key") | String |  |  |  | Password string. `key_type` is required for this setting. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids") | List, items: Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;id</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].id") | Integer | Required, Unique |  | Min: 1<br>Max: 65535 | Configure authentication key-id. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].algorithm") | String | Required |  | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].key_type") | String | Required |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].key") | String | Required |  |  | Password string. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].rfc_5310") | Boolean |  |  |  | SHA digest computation according to rfc5310. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mode</samp>](## "port_channel_interfaces.[].isis_authentication.both.mode") | String |  |  | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sha</samp>](## "port_channel_interfaces.[].isis_authentication.both.sha") | Dictionary |  |  |  | Required settings for authentication mode 'sha'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_id</samp>](## "port_channel_interfaces.[].isis_authentication.both.sha.key_id") | Integer | Required |  | Min: 1<br>Max: 65535 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret") | Dictionary |  |  |  | Required settings for authentication mode 'shared_secret'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;profile</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret.profile") | String | Required |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret.algorithm") | String | Required |  | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.both.rx_disabled") | Boolean |  |  |  | Disable authentication check on the receive side. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;level_1</samp>](## "port_channel_interfaces.[].isis_authentication.level_1") | Dictionary |  |  |  | Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_type") | String |  |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key") | String |  |  |  | Password string. `key_type` is required for this setting. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids") | List, items: Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;id</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].id") | Integer | Required, Unique |  | Min: 1<br>Max: 65535 | Configure authentication key-id. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].algorithm") | String | Required |  | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].key_type") | String | Required |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].key") | String | Required |  |  | Password string. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].rfc_5310") | Boolean |  |  |  | SHA digest computation according to rfc5310. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mode</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.mode") | String |  |  | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sha</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.sha") | Dictionary |  |  |  | Required settings for authentication mode 'sha'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_id</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.sha.key_id") | Integer | Required |  | Min: 1<br>Max: 65535 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret") | Dictionary |  |  |  | Required settings for authentication mode 'shared_secret'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;profile</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret.profile") | String | Required |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret.algorithm") | String | Required |  | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.rx_disabled") | Boolean |  |  |  | Disable authentication check on the receive side. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;level_2</samp>](## "port_channel_interfaces.[].isis_authentication.level_2") | Dictionary |  |  |  | Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_type") | String |  |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key") | String |  |  |  | Password string. `key_type` is required for this setting. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids") | List, items: Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;id</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].id") | Integer | Required, Unique |  | Min: 1<br>Max: 65535 | Configure authentication key-id. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].algorithm") | String | Required |  | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].key_type") | String | Required |  | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].key") | String | Required |  |  | Password string. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].rfc_5310") | Boolean |  |  |  | SHA digest computation according to rfc5310. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mode</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.mode") | String |  |  | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sha</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.sha") | Dictionary |  |  |  | Required settings for authentication mode 'sha'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key_id</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.sha.key_id") | Integer | Required |  | Min: 1<br>Max: 65535 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret") | Dictionary |  |  |  | Required settings for authentication mode 'shared_secret'. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;profile</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret.profile") | String | Required |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret.algorithm") | String | Required |  | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.rx_disabled") | Boolean |  |  |  | Disable authentication check on the receive side. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;traffic_policy</samp>](## "port_channel_interfaces.[].traffic_policy") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;input</samp>](## "port_channel_interfaces.[].traffic_policy.input") | String |  |  |  | Ingress traffic policy. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;output</samp>](## "port_channel_interfaces.[].traffic_policy.output") | String |  |  |  | Egress traffic policy. |
@@ -616,10 +665,133 @@
         isis_network_point_to_point: <bool>
         isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
         isis_hello_padding: <bool>
+        # This key is deprecated.
+        # Support will be removed in AVD version v6.0.0.
+        # Use <samp>port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode</samp> instead.
         isis_authentication_mode: <str; "text" | "md5">
 
         # Type-7 encrypted password.
+        # This key is deprecated.
+        # Support will be removed in AVD version v6.0.0.
+        # Use <samp>port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key</samp> instead.
         isis_authentication_key: <str>
+
+        # This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
+        isis_authentication:
+
+          # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
+          both:
+
+            # Configure authentication key type.
+            key_type: <str; "0" | "7" | "8a">
+
+            # Password string. `key_type` is required for this setting.
+            key: <str>
+            key_ids:
+
+                # Configure authentication key-id.
+              - id: <int; 1-65535; required; unique>
+                algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+                # Configure authentication key type.
+                key_type: <str; "0" | "7" | "8a"; required>
+
+                # Password string.
+                key: <str; required>
+
+                # SHA digest computation according to rfc5310.
+                rfc_5310: <bool>
+
+            # Authentication mode.
+            mode: <str; "md5" | "sha" | "text" | "shared-secret">
+
+            # Required settings for authentication mode 'sha'.
+            sha:
+              key_id: <int; 1-65535; required>
+
+            # Required settings for authentication mode 'shared_secret'.
+            shared_secret:
+              profile: <str; required>
+              algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+            # Disable authentication check on the receive side.
+            rx_disabled: <bool>
+
+          # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
+          level_1:
+
+            # Configure authentication key type.
+            key_type: <str; "0" | "7" | "8a">
+
+            # Password string. `key_type` is required for this setting.
+            key: <str>
+            key_ids:
+
+                # Configure authentication key-id.
+              - id: <int; 1-65535; required; unique>
+                algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+                # Configure authentication key type.
+                key_type: <str; "0" | "7" | "8a"; required>
+
+                # Password string.
+                key: <str; required>
+
+                # SHA digest computation according to rfc5310.
+                rfc_5310: <bool>
+
+            # Authentication mode.
+            mode: <str; "md5" | "sha" | "text" | "shared-secret">
+
+            # Required settings for authentication mode 'sha'.
+            sha:
+              key_id: <int; 1-65535; required>
+
+            # Required settings for authentication mode 'shared_secret'.
+            shared_secret:
+              profile: <str; required>
+              algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+            # Disable authentication check on the receive side.
+            rx_disabled: <bool>
+
+          # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
+          level_2:
+
+            # Configure authentication key type.
+            key_type: <str; "0" | "7" | "8a">
+
+            # Password string. `key_type` is required for this setting.
+            key: <str>
+            key_ids:
+
+                # Configure authentication key-id.
+              - id: <int; 1-65535; required; unique>
+                algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+                # Configure authentication key type.
+                key_type: <str; "0" | "7" | "8a"; required>
+
+                # Password string.
+                key: <str; required>
+
+                # SHA digest computation according to rfc5310.
+                rfc_5310: <bool>
+
+            # Authentication mode.
+            mode: <str; "md5" | "sha" | "text" | "shared-secret">
+
+            # Required settings for authentication mode 'sha'.
+            sha:
+              key_id: <int; 1-65535; required>
+
+            # Required settings for authentication mode 'shared_secret'.
+            shared_secret:
+              profile: <str; required>
+              algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
+
+            # Disable authentication check on the receive side.
+            rx_disabled: <bool>
         traffic_policy:
 
           # Ingress traffic policy.
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2
index a12627fd244..b916790f1eb 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2
+++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2
@@ -373,7 +373,8 @@
                port_channel_interface.isis_network_point_to_point is arista.avd.defined or
                port_channel_interface.isis_passive is arista.avd.defined or
                port_channel_interface.isis_hello_padding is arista.avd.defined or
-               port_channel_interface.isis_authentication_mode is arista.avd.defined %}
+               port_channel_interface.isis_authentication_mode is arista.avd.defined or
+               port_channel_interface.isis_authentication is arista.avd.defined %}
 {%             do port_channel_interfaces_isis.append(port_channel_interface) %}
 {%         endif %}
 {%     endfor %}
@@ -381,15 +382,25 @@
 
 ##### ISIS
 
-| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode |
-| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- |
+| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode |
+| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ |
 {%         for port_channel_interface in port_channel_interfaces_isis | arista.avd.natural_sort('name') %}
 {%             set isis_instance = port_channel_interface.isis_enable | arista.avd.default("-") %}
 {%             set isis_bfd = port_channel_interface.isis_bfd | arista.avd.default("-") %}
 {%             set isis_metric = port_channel_interface.isis_metric | arista.avd.default("-") %}
 {%             set isis_circuit_type = port_channel_interface.isis_circuit_type | arista.avd.default("-") %}
 {%             set isis_hello_padding = port_channel_interface.isis_hello_padding | arista.avd.default("-") %}
-{%             set isis_authentication_mode = port_channel_interface.isis_authentication_mode | arista.avd.default("-") %}
+{%             if port_channel_interface.isis_authentication.both.mode is arista.avd.defined %}
+{%                 set isis_authentication_mode = port_channel_interface.isis_authentication.both.mode %}
+{%             elif port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined and port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined %}
+{%                 set isis_authentication_mode = "Level-1: " ~ port_channel_interface.isis_authentication.level_1.mode ~ "<br>" ~ "Level-2: " ~ port_channel_interface.isis_authentication.level_2.mode %}
+{%             elif port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined %}
+{%                 set isis_authentication_mode = "Level-1: " ~ port_channel_interface.isis_authentication.level_1.mode %}
+{%             elif port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined %}
+{%                 set isis_authentication_mode = "Level-2: " ~ port_channel_interface.isis_authentication.level_2.mode %}
+{%             else %}
+{%                 set isis_authentication_mode = port_channel_interface.isis_authentication_mode | arista.avd.default("-") %}
+{%             endif %}
 {%             if port_channel_interface.isis_network_point_to_point is arista.avd.defined(true) %}
 {%                 set mode = "point-to-point" %}
 {%             elif port_channel_interface.isis_passive is arista.avd.defined(true) %}
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2
index 10cedbd0636..66e0b9ea97c 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2
+++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2
@@ -645,12 +645,98 @@ interface {{ port_channel_interface.name }}
 {%     if port_channel_interface.isis_network_point_to_point is arista.avd.defined(true) %}
    isis network point-to-point
 {%     endif %}
-{%     if port_channel_interface.isis_authentication_mode is arista.avd.defined and
-          port_channel_interface.isis_authentication_mode in ["text", "md5"] %}
+{%     if port_channel_interface.isis_authentication is arista.avd.defined %}
+{%         if port_channel_interface.isis_authentication.both.mode is arista.avd.defined
+              and (port_channel_interface.isis_authentication.both.mode in ["md5", "text"]
+                   or (port_channel_interface.isis_authentication.both.mode == "sha" and port_channel_interface.isis_authentication.both.sha.key_id is arista.avd.defined)
+                   or (port_channel_interface.isis_authentication.both.mode == "shared-secret" and port_channel_interface.isis_authentication.both.shared_secret is arista.avd.defined)) %}
+{%             set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.both.mode %}
+{%             if port_channel_interface.isis_authentication.both.mode == "sha" %}
+{%                 set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.both.sha.key_id %}
+{%             elif port_channel_interface.isis_authentication.both.mode == "shared-secret" %}
+{%                 set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.both.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.both.shared_secret.algorithm %}
+{%             endif %}
+{%             if port_channel_interface.isis_authentication.both.rx_disabled is arista.avd.defined(true) %}
+{%                 set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %}
+{%             endif %}
+   {{ isis_auth_cli }}
+{%         else %}
+{%             if port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined
+                   and (port_channel_interface.isis_authentication.level_1.mode in ["md5", "text"]
+                   or (port_channel_interface.isis_authentication.level_1.mode == "sha" and port_channel_interface.isis_authentication.level_1.sha.key_id is arista.avd.defined)
+                   or (port_channel_interface.isis_authentication.level_1.mode == "shared-secret" and port_channel_interface.isis_authentication.level_1.shared_secret is arista.avd.defined)) %}
+{%                 set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.level_1.mode %}
+{%                 if port_channel_interface.isis_authentication.level_1.mode == "sha" %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.level_1.sha.key_id %}
+{%                 elif port_channel_interface.isis_authentication.level_1.mode == "shared-secret" %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.level_1.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.level_1.shared_secret.algorithm %}
+{%                 endif %}
+{%                 if port_channel_interface.isis_authentication.level_1.rx_disabled is arista.avd.defined(true) %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %}
+{%                 endif %}
+   {{ isis_auth_cli }} level-1
+{%             endif %}
+{%             if port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined
+                   and (port_channel_interface.isis_authentication.level_2.mode in ["md5", "text"]
+                   or (port_channel_interface.isis_authentication.level_2.mode == "sha" and port_channel_interface.isis_authentication.level_2.sha.key_id is arista.avd.defined)
+                   or (port_channel_interface.isis_authentication.level_2.mode == "shared-secret" and port_channel_interface.isis_authentication.level_2.shared_secret is arista.avd.defined)) %}
+{%                 set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.level_2.mode %}
+{%                 if port_channel_interface.isis_authentication.level_2.mode == "sha" %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.level_2.sha.key_id %}
+{%                 elif port_channel_interface.isis_authentication.level_2.mode == "shared-secret" %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.level_2.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.level_2.shared_secret.algorithm %}
+{%                 endif %}
+{%                 if port_channel_interface.isis_authentication.level_2.rx_disabled is arista.avd.defined(true) %}
+{%                     set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %}
+{%                 endif %}
+   {{ isis_auth_cli }} level-2
+{%             endif %}
+{%         endif %}
+{%         set both_key_ids = [] %}
+{%         for auth_key in port_channel_interface.isis_authentication.both.key_ids | arista.avd.natural_sort("id") %}
+{%             do both_key_ids.append(auth_key.id) %}
+{%             if auth_key.rfc_5310 is arista.avd.defined(true) %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }}
+{%             else %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }}
+{%             endif %}
+{%         endfor %}
+{%         for auth_key in port_channel_interface.isis_authentication.level_1.key_ids | arista.avd.natural_sort("id") %}
+{%             if auth_key.id not in both_key_ids %}
+{%                 if auth_key.rfc_5310 is arista.avd.defined(true) %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-1
+{%                 else %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-1
+{%                 endif %}
+{%             endif %}
+{%         endfor %}
+{%         for auth_key in port_channel_interface.isis_authentication.level_2.key_ids | arista.avd.natural_sort("id") %}
+{%             if auth_key.id not in both_key_ids %}
+{%                 if auth_key.rfc_5310 is arista.avd.defined(true) %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-2
+{%                 else %}
+   isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-2
+{%                 endif %}
+{%             endif %}
+{%         endfor %}
+{%         if port_channel_interface.isis_authentication.both.key_type is arista.avd.defined and port_channel_interface.isis_authentication.both.key is arista.avd.defined %}
+   isis authentication key {{ port_channel_interface.isis_authentication.both.key_type }} {{ port_channel_interface.isis_authentication.both.key | arista.avd.hide_passwords(hide_passwords) }}
+{%         else %}
+{%             if port_channel_interface.isis_authentication.level_1.key_type is arista.avd.defined and port_channel_interface.isis_authentication.level_1.key is arista.avd.defined %}
+   isis authentication key {{ port_channel_interface.isis_authentication.level_1.key_type }} {{ port_channel_interface.isis_authentication.level_1.key | arista.avd.hide_passwords(hide_passwords) }} level-1
+{%             endif %}
+{%             if port_channel_interface.isis_authentication.level_2.key_type is arista.avd.defined and port_channel_interface.isis_authentication.level_2.key is arista.avd.defined %}
+   isis authentication key {{ port_channel_interface.isis_authentication.level_2.key_type }} {{ port_channel_interface.isis_authentication.level_2.key | arista.avd.hide_passwords(hide_passwords) }} level-2
+{%             endif %}
+{%         endif %}
+{%     else %}
+{%         if port_channel_interface.isis_authentication_mode is arista.avd.defined and
+              port_channel_interface.isis_authentication_mode in ["text", "md5"] %}
    isis authentication mode {{ port_channel_interface.isis_authentication_mode }}
-{%     endif %}
-{%     if port_channel_interface.isis_authentication_key is arista.avd.defined %}
+{%         endif %}
+{%         if port_channel_interface.isis_authentication_key is arista.avd.defined %}
    isis authentication key 7 {{ port_channel_interface.isis_authentication_key | arista.avd.hide_passwords(hide_passwords) }}
+{%         endif %}
 {%     endif %}
 {%     for section in port_channel_interface.storm_control | arista.avd.natural_sort %}
 {%         if section != "all" %}
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
index 38149a11a59..30ded4736ae 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
+++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
@@ -9892,12 +9892,27 @@ keys:
           type: bool
         isis_authentication_mode:
           type: str
+          deprecation:
+            warning: true
+            remove_in_version: v6.0.0
+            new_key: port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode
+              or port_channel_interfaces[].isis_authentication.level_2.mode
           valid_values:
           - text
           - md5
         isis_authentication_key:
           type: str
           description: Type-7 encrypted password.
+          deprecation:
+            warning: true
+            remove_in_version: v6.0.0
+            new_key: port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key
+              or port_channel_interfaces[].isis_authentication.level_2.key
+        isis_authentication:
+          type: dict
+          description: This key should not be mixed with port_channel_interfaces[].isis_authentication_mode
+            or ethernet_interfaces[].isis_authentication_key.
+          $ref: eos_cli_config_gen#/keys/router_isis/keys/authentication
         traffic_policy:
           type: dict
           keys:
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml
index fe8b923caab..9a19fb76471 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml
+++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml
@@ -624,12 +624,25 @@ keys:
           type: bool
         isis_authentication_mode:
           type: str
+          deprecation:
+            warning: true
+            remove_in_version: v6.0.0
+            new_key: port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode
           valid_values:
             - text
             - md5
         isis_authentication_key:
           type: str
           description: Type-7 encrypted password.
+          deprecation:
+            warning: true
+            remove_in_version: v6.0.0
+            new_key: port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key
+        isis_authentication:
+          type: dict
+          description: This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
+          # TODO: AVD 6.0 Update the description
+          $ref: "eos_cli_config_gen#/keys/router_isis/keys/authentication"
         traffic_policy:
           type: dict
           keys: