For feedback and comments:
documentation.feedback@alcatel-lucent.com

Table of Contents Previous Next PDF

Configuring IS-IS with CLI
This section provides information to configure intermediate-system-to-intermediate-system (IS-IS) using the command line interface.
Topics in this section include:
IS-IS Configuration Overview
Router Levels
Area Address Attributes
Interface Level Capability
Route Leaking
Basic IS-IS Configuration
Common Configuration Tasks
Enabling IS-IS
Modifying Router-Level Parameters
Configuring ISO Area Addresses
Configuring Global IS-IS Parameters
Configuring Interface Parameters
IS-IS Configuration Management Tasks
Disabling IS-IS
Modifying Global IS-IS Parameters
Modifying IS-IS Interface Parameters
Example: Configuring a Level 1 Area
Example: Modifying a Router’s Level Capability
Configuring Leaking
Redistributing External IS-IS Routers
Specifying MAC Addresses for All IS-IS Routers
IS-IS Configuration Overview
 
Router Levels
The router’s level capability can be configured globally and on a per-interface basis. The interface-level parameters specify the interface’s routing level. The neighbor capability and parameters define the adjacencies that are established.
IS-IS is not enabled by default. When IS-IS is enabled, the global default level capability is Level 1/2 which enables the router to operate as either a Level 1 and/or a Level 2 router with the associated databases. The router runs separate shortest path first (SPF) calculations for the Level 1 area routing and for the Level 2 multi-area routing to create the IS-IS routing table.
The level value can be modified on both or either of the global and interface levels to be only Level 1-capable, only Level 2-capable or Level 1 and Level 2-capable.
If the default value is not modified on any routers in the area, then the routers try to form both Level 1 and Level 2 adjacencies on all IS-IS interfaces. If the default values are modified to Level 1 or Level 2, then the number of adjacencies formed are limited to that level only.
 
Area Address Attributes
The area-id command specifies the area address portion of the NET which is used to define the IS-IS area to which the router will belong. At least one area-id command should be configured on each router participating in IS-IS. A maximum of three area-id commands can be configured per router.
The area address identifies a point of connection to the network, such as a router interface, and is called a network service access point (NSAP). The routers in an area manage routing tables about destinations within the area. The Network Entity Title (NET) value is used to identify the IS-IS area to which the router belongs.
NSAP addresses are divided into three parts. Only the Area ID portion is configurable.
1.
Area ID — A variable length field between 1 and 13 bytes long. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
2.
System ID — A six-byte system identification. This value is not configurable. The system ID is derived from the system or router ID.
3.
Selector ID — A one-byte selector identification that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.
 
The following example displays ISO addresses in IS-IS address format:
MAC address 00:a5:c7:6b:c4:90 49.0011.00a5.c76b.c490.00
IP address: 218.112.14.5 49.0011.2181.1201.4005.00
 
Interface Level Capability
The level capability value configured on the interface level is compared to the level capability value configured on the global level to determine the type of adjacencies that can be established. The default level capability for routers and interfaces is Level 1/2.
Table 9 displays configuration combinations and the potential adjacencies that can be formed.
Table 9: Potential Adjacency  
Global Level
Interface Level
Potential Adjacency
 
L 1/2
L 1/2
Level 1 and/or Level 2
 
L 1/2
L 1
Level 1 only
 
L 1/2
L 2
Level 2 only
 
L 2
L 1/2
Level 2 only
 
L 2
L 2
Level 2 only
 
L 2
L 1
none
 
L 1
L 1/2
Level 1 only
 
L 1
L 2
none
 
L 1
L 1
Level 1 only
 
 
Route Leaking
Alcatel-Lucent’s implementation of IS-IS route leaking is performed in compliance with RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS. As previously stated, IS-IS is a routing domain (an autonomous system running IS-IS) which can be divided into Level 1 areas with a Level 2-connected subset (backbone) of the topology that interconnects all of the Level 1 areas. Within each Level 1 area, the routers exchange link state information. Level 2 routers also exchange Level 2 link state information to compute routes between areas.
Routers in a Level 1 area typically only exchange information within the Level 1 area. For IP destinations not found in the prefixes in the Level 1 database, the Level 1 router forwards PDUs to the nearest router that is in both Level 1/Level 2 with the attached bit set in its Level 1 link-state PDU.
There are many reasons to implement domain-wide prefix distribution. The goal of domain-wide prefix distribution is to increase the granularity of the routing information within the domain. The routing mechanisms specified in RFC 1195 are appropriate in many situations and account for excellent scalability properties. However, in certain circumstances, the amount of scalability can be adjusted which can distribute more specific information than described by RFC 1195.
Distributing more prefix information can improve the quality of the resulting routes. A well known property of default routing is that loss of information can occur. This loss of information affects the computation of a route based upon less information which can result in sub-optimal routes.
Basic IS-IS Configuration
For IS-IS to operate on the routers, IS-IS must be explicitly enabled, and at least one area address and interface must be configured. If IS-IS is enabled but no area address or interface is defined, the protocol is enabled but no routes are exchanged. When at least one area address and interface are configured, then adjacencies can be formed and routes exchanged.
To configure IS-IS, perform the following tasks:
Enable IS-IS (specifying the instance ID of multi-instance IS-IS is to be enabled).
If necessary, modify the level capability on the global level (default is level-1/2).
Define area address(es)
Configure IS-IS interfaces.
The following output displays IS-IS default values.
 
A:Dut-A>config>router>isis$ info detail
----------------------------------------------
        level-capability level-1/2
        no graceful-restart
        area-id 01
        no authentication-key
        no authentication-type
        authentication-check
        csnp-authentication
        lsp-lifetime 1200
        no export
        hello-authentication
        psnp-authentication
        traffic-engineering
        no reference-bandwidth
        no disable-ldp-sync
        ipv4-routing
        no ipv6-routing
        no unicast-import-disable
        no multicast-import
        spf-wait 10 1000 1000
        no strict-adjacency-check
        lsp-wait 5 0 1
        level 1
            no authentication-key
            no authentication-type
            csnp-authentication
            external-preference 160
            hello-authentication
            preference 15
            psnp-authentication
            no wide-metrics-only
        exit
        level 2
            no authentication-key
            no authentication-type
            csnp-authentication
            external-preference 165
            hello-authentication
            preference 18
            psnp-authentication
            no wide-metrics-only
        exit
        no shutdown
----------------------------------------------
A:Dut-A>config>router>isis$
 
Common Configuration Tasks
To implement IS-IS in your network, you must enable IS-IS on each participating router.
To assign different level to the routers and organize your network into areas, modify the level capability defaults on end systems from Level 1/2 to Level 1. Routers communicating to other areas can retain the Level 1/2 default.
On each router, at least one area ID also called the area address should be configured as well as at least one IS-IS interface.
Enable IS-IS.
Configure global IS-IS parameters.
Configure area address(es).
Configure IS-IS interface-specific parameters.
 
Configuring IS-IS Components
Use the CLI syntax displayed below for:
Enabling IS-IS
Modifying Router-Level Parameters
Configuring ISO Area Addresses
Configuring Global IS-IS Parameters
Configuring Interface Parameters
Example: Configuring a Level 1 Area
Example: Modifying a Router’s Level Capability
 
Enabling IS-IS
IS-IS must be enabled in order for the protocol to be active.
NOTE: Careful planning is essential to implement commands that can affect the behavior of global and interface levels.
To configure IS-IS on a router, enter the following command:
CLI Syntax: isis
Example: config>router# isis
IS-IS also supports the concept of multi-instance IS-IS which allows separate instances of the IS-IS protocol to run independently of the SR-OS router.
Separate instances are created by adding a different instance ID as the optional parameter to the config>router>isis command.
 
Modifying Router-Level Parameters
When IS-IS is enabled, the default level-capability is Level 1/2. This means that the router operates with both Level 1 and Level 2 routing . To change the default value in order for the router to operate as a Level 1 router or a Level 2 router, you must explicitly modify the level value.
If the level is modified, the protocol shuts down and restarts. Doing this can affect adjacencies and routes.
The level-capability value can be configured on the global level and also on the interface level. The level-capability value determines which level values can be assigned on the router level or on an interface-basis.
In order for the router to operate as a Level 1 only router or as a Level 2 only router, you must explicitly specify the level-number value.
Select level-1 to route only within an area.
Select level-2 to route to destinations outside an area, toward other eligible Level 2 routers.
 
To configure the router level, enter the following commands:
CLI Syntax: config>router# isis
level-capability {level-1|level-2|level-1/2}
level {1|2}
Example: config>router# isis
config>router>isis# level-capability 1/2
config>router>isis# level 2
 
The following example displays the configuration:
A:ALA-A>config>router>isis# info
#------------------------------------------
echo "ISIS"
#------------------------------------------
 
	level-capability level-1/2
	level 2
 
----------------------------------------------
A:ALA-A>config>router>isis#
 
Configuring ISO Area Addresses
Use the following CLI syntax to configure an area ID also called an address. A maximum of 3 area-id can be configured.
CLI Syntax: config>router# isis
area-id area-address
 
The following example configures the router’s area ID:
Example: config>router>isis#
config>router>isis# area-id 49.0180.0001
config>router>isis# area-id 49.0180.0002
config>router>isis# area-id 49.0180.0003
 
The following example displays the area ID configuration:
A:ALA-A>config>router>isis# info
----------------------------------------------
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
----------------------------------------------
A:ALA-A>config>router>isis#
 
Configuring Global IS-IS Parameters
Commands and parameters configured on the global level are inherited to the interface levels. Parameters specified in the interface and interface-level configurations take precedence over global configurations.
The following example displays global-level IS-IS configuration command usage:
Example: config>router# isis
config>router>isis#
config>router>isis# level-capability level-2
config>router>isis# authentication-check
config>router>isis# authentication-type password
config>router>isis# authentication-key test
config>router>isis# overload timeout 90
config>router>isis# traffic-engineering
 
The following example displays the modified global-level configuration. 
A:ALA-A>config>router>isis# info
----------------------------------------------
        level-capability level-2
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
        authentication-key "H5KBAWrAAQU" hash
        authentication-type password
        overload timeout 90 
        traffic-engineering
----------------------------------------------
A:ALA-A>config>router>isis#
 
Migration to IS-IS Multi-Topology
To migrate to IS-IS multi-topology for IPv6, perform the following tasks:
Enable the sending/receiving of IPv6 unicast reachability information in IS-IS MT TLVs on all the routers that support MT.
CLI Syntax: config>router# isis
multi-topology
ipv6-unicast
 
 
A:ALA-49>config>router>isis# info detail
----------------------------------------------
...
        ipv4-routing
        ipv6-routing native
        multi-topology
            ipv6-unicast
        exit
...
----------------------------------------------
A:ALA-49>config>router>isis#
 
Ensure that all MT routers have the IPv6 reachability information required by MT TLVs:
CLI Syntax: show>router# isis
topology ipv6-unicast
 
 
A:ALA-49>config>router>isis# show router isis topology ipv6-unicast
==============================================================================
Topology Table
===============================================================================
Node                                Interface                  Nexthop
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
A:ALA-49>config>router>isis#
 
CLI Syntax: show>router# isis
database detail
 
A:ALA-49>config>router>isis# show router isis database detail
===============================================================================
ISIS Database
===============================================================================
Displaying Level 1 database
-------------------------------------------------------------------------------
LSP ID    : ALA-49.00-00                                Level     : L1
Sequence  : 0x22b                  Checksum  : 0x60e4   Lifetime  : 1082
Version   : 1                      Pkt Type  : 18       Pkt Ver   : 1
Attributes: L1L2                   Max Area  : 3
SysID Len : 6                      Used Len  : 404      Alloc Len : 1492
 
TLVs :
Area Addresses  :
  Area Address    : (13) 47.4001.8000.00a7.0000.ffdd.0007
Supp Protocols  :
  Protocols       : IPv4 IPv6
IS-Hostname     :
  Hostname        : ALA-49
TE Router ID    :
  Router ID       : 10.10.10.104
Internal Reach  :
  IP Prefix       : 10.10.10.104/32    (Dir. :Up)  Metric  : 0 (I)
  IP Prefix       : 10.10.4.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.5.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.7.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.0.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.0.0.0/24        (Dir. :Up)  Metric  : 10 (I)
MT IPv6 Reach.  :
  MT ID           : 2
  IPv6 Prefix     : 3ffe::101:100/120
                    Flags : Up Internal Metric : 10
  IPv6 Prefix     : 10::/64
                    Flags : Up Internal Metric : 10
I/f Addresses   :
  IP Address      : 10.10.10.104
  IP Address      : 10.10.4.3
  IP Address      : 10.10.5.3
  IP Address      : 10.10.7.3
  IP Address      : 10.10.0.16
  IP Address      : 10.0.0.104
I/f Addresses IPv6 :
  IPv6 Address    : 3FFE::101:101
  IPv6 Address    : 10::104
TE IP Reach.    :
  IP Prefix       : 10.10.10.104/32      (Dir. :Up)  Metric  : 0
  IP Prefix       : 10.10.4.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.5.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.7.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.0.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.0.0.0/24          (Dir. :Up)  Metric  : 10
Authentication  :
  Auth Type       : Password(1) (116 bytes)
 
Level (1) LSP Count : 1
 
Displaying Level 2 database
-------------------------------------------------------------------------------
LSP ID    : ALA-49.00-00                                Level     : L2
Sequence  : 0x22c                  Checksum  : 0xb888   Lifetime  : 1082
Version   : 1                      Pkt Type  : 20       Pkt Ver   : 1
Attributes: L1L2                   Max Area  : 3
SysID Len : 6                      Used Len  : 304      Alloc Len : 1492
 
TLVs :
Area Addresses  :
  Area Address    : (13) 47.4001.8000.00a7.0000.ffdd.0007
Supp Protocols  :
  Protocols       : IPv4 IPv6
IS-Hostname     :
  Hostname        : ALA-49
TE Router ID    :
  Router ID       : 10.10.10.104
Internal Reach  :
  IP Prefix       : 10.10.10.104/32    (Dir. :Up)  Metric  : 0 (I)
  IP Prefix       : 10.10.4.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.5.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.7.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.10.0.0/24       (Dir. :Up)  Metric  : 10 (I)
  IP Prefix       : 10.0.0.0/24        (Dir. :Up)  Metric  : 10 (I)
MT IPv6 Reach.  :
  MT ID           : 2
  IPv6 Prefix     : 3ffe::101:100/120
                    Flags : Up Internal Metric : 10
  IPv6 Prefix     : 10::/64
                    Flags : Up Internal Metric : 10
I/f Addresses   :
  IP Address      : 10.10.10.104
  IP Address      : 10.10.4.3
  IP Address      : 10.10.5.3
  IP Address      : 10.10.7.3
  IP Address      : 10.10.0.16
  IP Address      : 10.0.0.104
I/f Addresses IPv6 :
  IPv6 Address    : 3FFE::101:101
  IPv6 Address    : 10::104
TE IP Reach.    :
  IP Prefix       : 10.10.10.104/32      (Dir. :Up)  Metric  : 0
  IP Prefix       : 10.10.4.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.5.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.7.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.10.0.0/24         (Dir. :Up)  Metric  : 10
  IP Prefix       : 10.0.0.0/24          (Dir. :Up)  Metric  : 10
Authentication  :
  Auth Type       : MD5(54) (16 bytes)
 
Level (2) LSP Count : 1
===============================================================================
A:ALA-49>config>router>isis#
 
Configure MT TLVs for IPv6 SPF:
CLI Syntax: config>router# isis
ipv6-routing mt 
 
 
A:ALA-49>config>router>isis# info detail
----------------------------------------------
...
        ipv4-routing
        ipv6-routing mt
        multi-topology
            ipv6-unicast
        exit
...
----------------------------------------------
A:ALA-49>config>router>isis#
 
Verify IPv6 routes:
CLI Syntax: show>router# isis
routes ipv6-unicast
 
A:ALA-49>config>router>isis# show router isis routes ipv6-unicast
===============================================================================
Route Table
===============================================================================
Prefix                             Metric       Lvl/Typ Ver.   SysID/Hostname
  NextHop                           MT
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
A:ALA-49>config>router>isis#
 
CLI Syntax: show>router# route-table ipv6
 
A:ALA-48>show>router# route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix                                   Type    Proto    Age         Pref
       Next Hop[Interface Name]                                     Metric
-------------------------------------------------------------------------------
10::/64                                       Local   Local    05h35m28s   0
       to-104                                                       0
-------------------------------------------------------------------------------
No. of Routes: 1
===============================================================================
A:ALA-48>show>router#
 
 
Configuring Interface Parameters
There are no interfaces associated with IS-IS by default. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas. There are no default interfaces applied to the router’s IS-IS instance. You must configure at least one IS-IS interface in order for IS-IS to work.
To enable IS-IS on an interface, first configure an IP interface in the config>router> interface context. Then, apply the interface in the config>router>isis>interface context.
You can configure both the Level 1 parameters and the Level 2 parameters on an interface. The level-capability value determines which level values are used.
NOTE: For point-to-point interfaces, only the values configured under Level 1 are used regardless of the operational level of the interface.
The following example displays the modified interface parameters:
Example: config>router# isis
config>router>isis# level 1
config>router>isis>level# wide-metrics-only
config>router>isis>level# exit
config>router>isis# level 2
config>router>isis>level# wide-metrics-only
config>router>isis>level# exit
config>router>isis# interface ALA-1-2
config>router>isis>if# level-capability level-2
config>router>isis>if# mesh-group 85
config>router>isis>if# exit
config>router>isis# interface ALA-1-3
config>router>isis>if# level-capability level-1
config>router>isis>if# interface-type point-to-point
config>router>isis>if# mesh-group 101
config>router>isis>if# exit
config>router>isis# interface ALA-1-5
config>router>isis>if# level-capability level-1
config>router>isis>if# interface-type point-to-point
config>router>isis>if# mesh-group 85
config>router>isis>if# exit
config>router>isis# interface to-103
config>router>isis>if# level-capability level-1/2
>router>isis>if# mesh-group 101
config>router>isis>if# exit
config>router>isis#
 
 
 
The following example displays the global and interface-level configurations. 
A:ALA-A>config>router>isis# info
----------------------------------------------
        level-capability level-2
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
        authentication-key "H5KBAWrAAQU" hash
        authentication-type password
        traffic-engineering
        level 1
            wide-metrics-only
        exit
        level 2
            wide-metrics-only
        exit
        interface "system"
        exit
        interface "ALA-1-2"
            level-capability level-2
            mesh-group 85
        exit
        interface "ALA-1-3"
            level-capability level-1
            interface-type point-to-point
            mesh-group 101
        exit
        interface "ALA-1-5"
            level-capability level-1
            interface-type point-to-point
            mesh-group 85
        exit
        interface "to-103"
            mesh-group 101
        exit
----------------------------------------------
A:ALA-A>config>router>isis#
 
 
Example: Configuring a Level 1 Area
NOTE: Interfaces are configured in the config>router>interface context.
Figure 23: Configuring a Level 1 Area
The following example displays the command usage to configure a Level 1 area.
A:ALA-A>config>router# isis
A:ALA-A>config>router>isis# area-id 47.0001
A:ALA-A>config>router>isis# level-capability level-1
A:ALA-A>config>router>isis# interface system
A:ALA-A>config>router>isis>if# exit
A:ALA-A>config>router>isis# interface A-B
A:ALA-A>config>router>isis>if# exit
A:ALA-A>config>router>isis# interface A-C
A:ALA-A>config>router>isis>if# exit
A:ALA-A>config>router>isis#
 
A:ALA-B>config>router# isis
A:ALA-B>config>router>isis# area-id 47.0001
A:ALA-B>config>router>isis# level-capability level-1
A:ALA-B>config>router>isis# interface system
A:ALA-B>config>router>isis>if# exit
A:ALA-B>config>router>isis# interface B-A
A:ALA-B>config>router>isis>if# exit
A:ALA-B>config>router>isis# interface B-C
A:ALA-B>config>router>isis>if# exit
A:ALA-B>config>router>isis#
 
A:ALA-C>config>router# isis
A:ALA-C>config>router>isis# area-id 47.0001
A:ALA-C>config>router>isis# level-capability level-1
A:ALA-C>config>router>isis# interface system
A:ALA-C>config>router>isis>if# exit
A:ALA-C>config>router>isis# interface "C-A"
A:ALA-C>config>router>isis>if# exit
A:ALA-C>config>router>isis# interface "C-B"
A:ALA-C>config>router>isis>if# exit
 
 
 
 
 
A:ALA-A>config>router>isis# info
----------------------------------------------
        level-capability level-1
        area-id 49.0180.0001
        interface "system"
        exit
        interface "A-B"
        exit
        interface "A-C"
        exit
----------------------------------------------
A:ALA-A>config>router>isis#
 
A:ALA-B>config>router>isis# info
----------------------------------------------
        level-capability level-1
        area-id 49.0180.0001
        interface "system"
        exit
        interface "B-A"
        exit
        interface "B-C"
        exit
----------------------------------------------
A:ALA-B>config>router>isis#
 
A:ALA-C>config>router>isis# info
#------------------------------------------
echo "ISIS"
----------------------------------------------
        level-capability level-1
        area-id 49.0180.0001
        interface "system"
        exit
        interface "C-A"
        exit
        interface "C-B"
        exit
----------------------------------------------
A:ALA-C>config>router>isis#
 
Example: Modifying a Router’s Level Capability
In the previous example, ALA-A, ALA-B, and ALA-C are configured as Level 1 systems. Level 1 systems communicate with other Level 1 systems in the same area. In this example, ALA-A is modified to set the level capability to Level 1/2. Now, the Level 1 systems in the area with NET 47.0001 forward PDUs to ALA-A for destinations that are not in the local area.
Figure 24: Configuring a Level 1/2 Area
The following example displays the command usage to configure a Level 1/2 system.
A:ALA-A>config>router# isis
A:ALA-A>config>router>isis# level-capability level-1/2
 
Configuring IS-IS Link Groups
IS-IS Link-Groups allows the creation of an administrative grouping of multiple IS-IS member interfaces that should be treated as a common group for ECMP purposes. If the number of operational links in the link-group drops below the operational-member value then all links associated with that IS-IS link group will have their interface metric increased by the configured offset amounts. As a result, IS-IS will then try to reroute traffic over lower cost paths.
Once triggered, the higher metric will not be reset to the originally configured IS-IS interface metric values until the number of active interfaces in the link bundle reaches the configured revertive threshold (revert-members).
Prerequisite are the following:
1 or more interface members.
A configured operational-member (oper-members) value.
A configured revertive-member (revert-members) value.
Configured offset values for the appropriate address families.
IS-IS Configuration Management Tasks
This section discusses the following IS-IS configuration management tasks:
Disabling IS-IS
Removing IS-IS
Modifying Global IS-IS Parameters
Modifying IS-IS Interface Parameters
Configuring Authentication using Keychains
Configuring Leaking
Redistributing External IS-IS Routers
Specifying MAC Addresses for All IS-IS Routers
 
Disabling IS-IS
The shutdown command disables the IS-IS protocol instance on the router. The configuration settings are not changed, reset, or removed.
To disable IS-IS on a router, enter the following commands:
CLI Syntax: config>router# isis
shutdown
 
Removing IS-IS
The no isis command deletes the IS-IS protocol instance. The IS-IS configuration reverts to the default settings.
To remove the IS-IS configuration enter the following commands:
CLI Syntax: config>router#
no isis
 
Modifying Global IS-IS Parameters
You can modify, disable, or remove global IS-IS parameters without shutting down entities. Changes take effect immediately. Modifying the level capability on the global level causes the IS-IS protocol to restart.
The following example displays command usage to modify various parameters:
Example: config>router>isis# overload timeout 500
config>router>isis# level-capability level-1/2
config>router>isis# no authentication-check
config>router>isis# authentication-key raiderslost
The following example displays the global modifications
A:ALA-A>config>router>isis# info
----------------------------------------------
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
        authentication-key "//oZrvtvFPn06S42lRIJsE" hash
        authentication-type password
        no authentication-check
        overload timeout 500 on-boot
        level 1
            wide-metrics-only
        exit
        level 2
            wide-metrics-only
        exit
        interface "system"
        exit
        interface "ALA-1-2"
            level-capability level-2
            mesh-group 85
        exit
        interface "ALA-1-3"
            level-capability level-1
            interface-type point-to-point
            mesh-group 101
        exit
        interface "ALA-1-5"
            level-capability level-1
            interface-type point-to-point
            mesh-group 85
        exit
        interface "to-103"
            mesh-group 101
        exit
        interface "A-B"
        exit
        interface "A-C"
        exit
----------------------------------------------
A:ALA-A>config>router>isis#
Modifying IS-IS Interface Parameters
You can modify, disable, or remove interface-level IS-IS parameters without shutting down entities. Changes take effect immediately. Modifying the level capability on the interface causes the IS-IS protocol on the interface to restart.
To remove an interface, issue the no interface ip-int-name command.
To disable an interface, issue the shutdown command in the interface context.
The following example displays interface IS-IS modification command usage. For specific interface configuration and modification examples also see, Example: Configuring a Level 1 Area and Example: Modifying a Router’s Level Capability .
Example: config>router# isis
config>router>isis# interface ALA-1-3
config>router>isis>if# mesh-group 85
config>router>isis>if# passive
config>router>isis>if# lsp-pacing-interval 5000
config>router>isis>if# exit
config>router>isis# interface to-103
config>router>isis>if# hello-authentication-type message- digest
config>router>isis>if# hello-authentication-key 49ersrule
config>router>isis>if# exit
The following example displays the modified interface parameters.
A:ALA-A>config>router>isis# info
----------------------------------------------
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
        authentication-key "//oZrvtvFPn06S42lRIJsE" hash
        authentication-type password
        no authentication-check
        overload timeout 500 on-boot
        level 1
            wide-metrics-only
        exit
        level 2
            wide-metrics-only
        exit
        interface "system"
        exit
        interface "ALA-1-2"
            level-capability level-2
            mesh-group 85
        exit
        interface "ALA-1-3"
            level-capability level-1
            interface-type point-to-point
            lsp-pacing-interval 5000
            mesh-group 85
            passive
        exit
        interface "ALA-1-5"
            level-capability level-1
            interface-type point-to-point
            mesh-group 85
        exit
        interface "to-103"
            hello-authentication-key "DvR3l264KQ6vXMTvbAZ1mE" hash
            hello-authentication-type message-digest
            mesh-group 101
        exit
        interface "A-B"
        exit
----------------------------------------------
A:ALA-A>config>router>isis#
 
Configuring Authentication using Keychains
The use of authentication mechanism is recommended to protect against malicious attack on the communications between routing protocol neighbors. These attacks could aim to either disrupt communizations or to inject incorrect routing information into the systems routing table. The use of authentication keys can help to protect the routing protocols from these types of attacks. In addition, the use of authentication keychains provides the ability to configure authentication keys and make changes to them without affecting the state of the routing protocol adjacencies.
To configure the use of an authentication keychain within IS-IS, use the following steps:
1.
Configure an authentication keychain within the config>system>security context. The configured keychain must include at least on valid key entry, using a valid authentication algorithm for the IS-IS protocol.
2.
Associate the configure authentication keychain with IS-IS. Authentication keychains can be used to specify the authentication at the IS-IS global, and level context as well as for hello authentication at the interface and interface-level context.
The association of the authentication keychain is established through the auth-keychain keychain-name command at the global and level context. The hello authentication association is established through the hello-auth-keychain keychain-name command.
For a key entry to be valid, it must include a valid key, the current system clock value must be within the begin and end time of the key entry, and the algorithm specified in the key entry must be supported by the IS-IS protocol.
The IS-IS protocol supports the following algorithms:
clear text password
HMAC-MD5
HMAC-SHA-1
HMAC-SHA-256
The IS-IS key entry may also include the option parameter to determine how the IS-IS protocol encodes the authentication signature. The value of 'basic' results in the use of RFC 5304 format. The default or a value of "isis-enhanced" results in using the RFC 5310 format.
Error handling:
If a keychain exists but there are no active key entries with an authentication type that is valid for the associated protocol then inbound protocol packets will not be authenticated and discarded and no outbound protocol packets should be sent.
If keychain exists, but the last key entry has expired, a log entry will be raised indicating that all keychain entries have expired. The IS-IS protocol requires that the protocol not revert to an unauthenticated state and requires that the old key is not to be used, therefore, once the last key has expired, all traffic will be discarded.
 
Configuring Leaking
IS-IS allows a two-level hierarchy to route PDUs. Level 1 areas can be interconnected by a contiguous Level 2 backbone. The Level 1 link-state database contains information only about that area. The Level 2 link-state database contains information about the Level 2 system and each of the Level 1 systems in the area. A Level 1/2 router contains information about both Level 1 and Level 2 databases. A Level 1/2 router advertises information about its Level 1 area toward the other Level 1/2 or Level 2 (only) routers.
Packets with destinations outside the Level 1 area are forwarded toward the closest Level 1/2 router which, in turn, forwards the packets to the destination area.
Sometimes, the shortest path to an outside destination is not through the closest Level 1/2 router, or, the only Level 1/2 system to forward packets out of an area is not operational. Route leaking provides a mechanism to leak Level 2 information to Level 1 systems to provide routing information regarding inter-area routes. Then, a Level 1 router has more options to forward packets.
Configure a route policy to leak routers from Level 2 into Level 1 areas in the config>router>policy-options>policy-statement context.
The following example shows the command usage to configure prefix list and policy statement parameters in the config>router context.
config>router>policy-options# prefix-list loops
..>policy-options>prefix-list# prefix 10.1.1.0/24 longer
..>policy-options>prefix-list# exit
..>policy-options# policy-statement leak
..>policy-options>policy-statement# entry 10
..>policy-options>policy-statement>entry# from
..>policy-options>policy-statement>entry>from# prefix-list loops
..>policy-options>policy-statement>entry>from# level 2
..>policy-options>policy-statement>entry>from# exit
..>policy-options>policy-statement>entry# to
..>policy-options>policy-statement>entry>to# level 1
..>policy-options>policy-statement>entry>to# exit
..>policy-options>policy-statement>entry# action accept
..>policy-options>policy-statement>entry>action# exit
..>policy-options>policy-statement>entry# exit
..>policy-options>policy-statement#exit
..>policy-options# commit
..>policy-options#
 
A:ALA-A>config>router>policy-options# info
----------------------------------------------
            prefix-list "loops"
                    prefix 10.1.1.0/24 longer
            exit
            policy-statement "leak"
                entry 10
                    from
                        prefix-list "loop"
                        level 2
                    exit
                    to
                        level 1
                    exit
                    action accept
                    exit
                exit
            exit
----------------------------------------------
A:ALA-A>config>router>policy-options#
 
Next, apply the policy to leak routes from Level 2 info Level 1 systems on ALA-A.
config>router#isis
config>router>isis# export leak
 
A:ALA-A>config>router>isis# info
----------------------------------------------
        area-id 49.0180.0001
        area-id 49.0180.0002
        area-id 49.0180.0003
        authentication-key "//oZrvtvFPn06S42lRIJsE" hash
        authentication-type password
        no authentication-check
        export "leak"
...
----------------------------------------------
A:ALA-A>config>router>isis#
After the policy is applied, create a policy to redistribute external IS-IS routes from Level 1 systems into the Level 2 backbone (see Redistributing External IS-IS Routers ). In the config>router context, configure the following policy statement parameters:
config>router>policy-options# begin
..>policy-options# policy-statement "isis-ext"
..>policy-options>policy-statement# entry 10
..>policy-options>policy-statement>entry$ from
..>policy-options>policy-statement>entry>from$ external
..>policy-options>policy-statement>entry>from# exit
..>policy-options>policy-statement>entry# to
..>policy-options>policy-statement>entry>to$ level 2
..>policy-options>policy-statement>entry>to# exit
..>policy-options>policy-statement>entry# action accept
..>policy-options>policy-statement>entry>action# exit
..>policy-options>policy-statement>entry# exit
..>policy-options>policy-statement# exit
..>policy-options# commit
A:ALA-A>config>router>policy-options# info
----------------------------------------------
            prefix-list "loops"
                    prefix 10.1.1.0/24 longer
            exit
            policy-statement "leak"
                entry 10
                    from
                        prefix-list "loop"
                        level 2
                    exit
                    to
                        level 1
                    exit
                    action accept
                    exit
                exit
            exit
            policy-statement "isis-ext"
                entry 10
                    from
                        external
                    exit
                    to
                        level 2
                    exit
                    action accept
                    exit
                exit
            exit
----------------------------------------------
A:ALA-A>config>router>policy-options#
 
Redistributing External IS-IS Routers
IS-IS does not redistribute Level 1 external routes into Level 2 by default. You must explicitly apply the policy to redistribute external IS-IS routes. Policies are created in the config>router>policy-options context. Refer to the Route Policy section of this manual for more information.
The following example displays the policy statement configuration.
config>router>policy-options# info
----------------------------------------------
            prefix-list "loops"
                    prefix 10.1.1.0/24 longer
            exit
            policy-statement "leak"
                entry 10
                    from
                        prefix-list "loop"
                        level 2
                    exit
                    to
                        level 1
                    exit
                    action accept
                    exit
                exit
            exit
            policy-statement "isis-ext"
                entry 10
                    from
                        external
                    exit
                    to
                        level 2
                    exit
                    action accept
                    exit
                exit
            exit
----------------------------------------------
config>router>policy-options#
 
 
Specifying MAC Addresses for All IS-IS Routers
Specify the MAC address to use for all L1 or L2 IS-IS routers. The following example shows how to specify all L1 routers:
Example: all-l1isis 01-80-C2-00-00-14
You can also specify the MAC address for all L2 IS-IS routers by using the all-l2isis command.