Configuring IS-IS for IP routing on Cisco Routers

This chapter gives an overview of the most important configuration commands which are used on cisco routers.
The cisco IOS provides a configuration help which can be called with a ”?” after the command. For a complete configuration reference take a look at the cisco manuals on the cisco webpage.
The practical use of these commands can be found in the configuration chapter of this paper.

Cisco IOS - commands:

Basic IS-IS configuration:

Activate the IS-IS routing process:

The “router isis” command enables the IS-IS routing process on the router, it is possible to add a number with the so called tag to label the routing process. Normally this tag is not in use because older IOS releases are unable to form routing adjacencies when the tags are different.

(config)#router isis [tag]
(config-router)#net ADRESSE1
(config-router)#net ADRESSE2

The OSI address which is used with the net-command is described in the chapter "OSI - Adressierungsschema"

Activate IS-IS routing on the interface:
(config)#interface INTERFACE
(config-if)#ip address IP-ADRESSE NETMASKE
(config-if)#ip router isis

With the “ip router isis” command the interface is added to the IS-IS routing process.

Passive interface

With the “passive” declaration of an interface a protocol activity via an interface can be forbidden.
This is often used for a statical route to the ISP and preventing the ISP network from routing flaps.

(config-router)#passive-interface INTERFACE

Hello packages:

1)

Type of the Hello Packages:
isis circuit-type INTERFACE LEVEL

LEVEL … a link can be set to level 1 or level 2 only or to level 1 and 2
if the link is set to level 1 and 2 only level 2 adjacencies will be formed!

Hello Intervall:

Usually there are 3 hello packets sent during each holding time. For optimization in special cases it is possible to modify this timers with the following commands:

(config-if)#isis hello-intervall VALUE

VALUE … between 1 and 65535 or minimal which means a holdtime of one second. The hello interval depends on the hello multiplier.

(config-if)#isis hello-multiplier VALUE

VALUE … between 3 and 1000 is the number of hello packages in the time of one “hold-interval”

The following figure gives an example how IS-IS handles misconfigured intervals:

holding_interval.jpg2)

System A advertises a holding time of 30 seconds and system B advertises a holding time of 40 seconds. Every time system A receives a hello packet from system B the holding time will be resetted and also system B resets the holding time every time when a hello packet from system A is received.
With this mechanism different configurations of holding times are no problem for an IS-IS network any more.

Designated Intermediate System:

3) The Designated Intermediate System is almost the same like the Designated Router in the OSPF routing system.

(config-if)#isis priority PRIORITY [level-1|level-2]

… the router with the highest PRIORITY is elected to the Designated Intermediate System. If there are more routers with the same priority the MAC-address is used for the election process.
For a detailed explanation of the DIS, please take a look at the pseudonode chapter of this paper

Metric:

Modify the default metric

The default value is 10. If there are some routes that should be prefered, the “isis metric” command can be used for changing this value.

(config)#interface INTERFACE
(config-if)#isis metric VALUE
Metric style

The maximum value of the complete metric between sender and receiver is defined with 1023 (ISO 10589 and RFC 1195). If this is not enough the wide metric style or the default metric style can be used as the narrow style.

(config)#router isis
(config-router)#metric-style VALUE

VALUE … wide/narrow/transition

Wide metric means that the routers can use the new metric format which supports the large metric formats
Transition metric means that the routers can use the new and the old metric format
Narrow metric means that the routers are limited to a maximum metric of 63 per interface, based at ISO 10589 and RFC 1195

Plain text authentication:

7) There are three different ways for the configuration of plaintext authentication:

Interface authentication
(config-if)#isis password STRING

STRING is the plaintext password. By default the password is used for level 1 if level 2 is not configured seperately.

Area authentication
(config)#area-password STRING

Level 1 (area) authentication means adding the authentication password to all level 1 LSPs, CSNPs and PSNPs.

Domain authentication
(config)#domain-password STRING

Level 2 (domain) authentication, which means the adding of the authentication password to all level 2 LSPs, CSNPs and PSNPs.

Plaintext authentication is not very secure but it is the first step on the way to a secure network. One configuration example with debugging can be found in the configuration section.

If authentication is configured in a network it is possible to verify the authentication process with the “debug isis adj-packets” command. In the following part one example of a mismatched authentication and one with a working authentication configuration can be found:

Not working authentication:

01:59:26: ISIS-Adj: Sending L1 LAN IIH on Loopback0, length 1514
01:59:28: ISIS-Adj: Sending L2 LAN IIH on Loopback0, length 1514
01:59:33: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499
01:59:33: ISIS-Adj: Rec serial IIH from *PPP* (Serial0/0), cir type L1L2, cir id
 00, length 1499
01:59:33: ISIS-Adj: Authentication failed

Working authentication:

02:13:52: ISIS-Adj: Sending L2 LAN IIH on Loopback0, length 1514
02:13:58: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499
02:14:00: ISIS-Adj: Sending L1 LAN IIH on Loopback0, length 1514
02:14:00: ISIS-Adj: Rec serial IIH from *PPP* (Serial0/0), cir type L1L2, cir id
 00, length 1499
02:14:00: ISIS-Adj: rcvd state UP, old state UP, new state UP
02:14:00: ISIS-Adj: Action = ACCEPT

Encrypted authentication:

8)

For Hello-Packets:

Define the authentication mode:

(config-if)#[no] isis authentication mode [md5|text] [level1|level2]

Define the used key-chain:

(config-if)#[no] isis authentication key-chain KEY [level1|level2]

One way authentication:

(config-if)#[no] isis authentication send-only [level1|level2]

The router sends authentication information but it doesn't check the received authentication data.

For LSPs:
(config)#[no] isis authentication mode [md5|text] [level1|level2]
(config)#[no] isis authentication key-chain KEY [level1|level2]
(config)#[no] isis authentication send-only [level1|level2]
2) IS-IS Deployment in IP Networks page 79 - figure 2-7
5) IS-IS Deployment in IP Networks page 113 - 120
6) IS-IS Network Design Solutions page 110 - 114
7) , 8) IS-IS Network Design Solutions page 83 - 85
 
konfiguration.txt · Last modified: 2009/09/13 14:37 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki