This chapter gives an overview of the most important configuration commands which are used on cisco routers.
The cisco IOS provides a configuration help which can be called with a ”?” after the command. For a complete configuration reference take a look at the cisco manuals on the cisco webpage.
The practical use of these commands can be found in the configuration chapter of this paper.
The “router isis” command enables the IS-IS routing process on the router, it is possible to add a number with the so called tag to label the routing process. Normally this tag is not in use because older IOS releases are unable to form routing adjacencies when the tags are different.
(config)#router isis [tag] (config-router)#net ADRESSE1 (config-router)#net ADRESSE2
The OSI address which is used with the net-command is described in the chapter "OSI - Adressierungsschema"
(config)#interface INTERFACE (config-if)#ip address IP-ADRESSE NETMASKE (config-if)#ip router isis
With the “ip router isis” command the interface is added to the IS-IS routing process.
With the “passive” declaration of an interface a protocol activity via an interface can be forbidden.
This is often used for a statical route to the ISP and preventing the ISP network from routing flaps.
(config-router)#passive-interface INTERFACE
isis circuit-type INTERFACE LEVEL
LEVEL … a link can be set to level 1 or level 2 only or to level 1 and 2
if the link is set to level 1 and 2 only level 2 adjacencies will be formed!
Usually there are 3 hello packets sent during each holding time. For optimization in special cases it is possible to modify this timers with the following commands:
(config-if)#isis hello-intervall VALUE
VALUE … between 1 and 65535 or minimal which means a holdtime of one second. The hello interval depends on the hello multiplier.
(config-if)#isis hello-multiplier VALUE
VALUE … between 3 and 1000 is the number of hello packages in the time of one “hold-interval”
The following figure gives an example how IS-IS handles misconfigured intervals:
System A advertises a holding time of 30 seconds and system B advertises a holding time of 40 seconds. Every time system A receives a hello packet from system B the holding time will be resetted and also system B resets the holding time every time when a hello packet from system A is received.
With this mechanism different configurations of holding times are no problem for an IS-IS network any more.
3) The Designated Intermediate System is almost the same like the Designated Router in the OSPF routing system.
(config-if)#isis priority PRIORITY [level-1|level-2]
… the router with the highest PRIORITY is elected to the Designated Intermediate System. If there are more routers with the same priority the MAC-address is used for the election process.
For a detailed explanation of the DIS, please take a look at the pseudonode chapter of this paper
4)5)6) Look at the metric chapter of this paper
The default value is 10. If there are some routes that should be prefered, the “isis metric” command can be used for changing this value.
(config)#interface INTERFACE (config-if)#isis metric VALUE
The maximum value of the complete metric between sender and receiver is defined with 1023 (ISO 10589 and RFC 1195). If this is not enough the wide metric style or the default metric style can be used as the narrow style.
(config)#router isis (config-router)#metric-style VALUE
VALUE … wide/narrow/transition
Wide metric means that the routers can use the new metric format which supports the large metric formats
Transition metric means that the routers can use the new and the old metric format
Narrow metric means that the routers are limited to a maximum metric of 63 per interface, based at ISO 10589 and RFC 1195
7)
There are three different ways for the configuration of plaintext authentication:
(config-if)#isis password STRING
STRING is the plaintext password. By default the password is used for level 1 if level 2 is not configured seperately.
(config)#area-password STRING
Level 1 (area) authentication means adding the authentication password to all level 1 LSPs, CSNPs and PSNPs.
(config)#domain-password STRING
Level 2 (domain) authentication, which means the adding of the authentication password to all level 2 LSPs, CSNPs and PSNPs.
Plaintext authentication is not very secure but it is the first step on the way to a secure network. One configuration example with debugging can be found in the configuration section.
If authentication is configured in a network it is possible to verify the authentication process with the “debug isis adj-packets” command. In the following part one example of a mismatched authentication and one with a working authentication configuration can be found:
Not working authentication:
01:59:26: ISIS-Adj: Sending L1 LAN IIH on Loopback0, length 1514 01:59:28: ISIS-Adj: Sending L2 LAN IIH on Loopback0, length 1514 01:59:33: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499 01:59:33: ISIS-Adj: Rec serial IIH from *PPP* (Serial0/0), cir type L1L2, cir id 00, length 1499 01:59:33: ISIS-Adj: Authentication failed
Working authentication:
02:13:52: ISIS-Adj: Sending L2 LAN IIH on Loopback0, length 1514 02:13:58: ISIS-Adj: Sending serial IIH on Serial0/0, length 1499 02:14:00: ISIS-Adj: Sending L1 LAN IIH on Loopback0, length 1514 02:14:00: ISIS-Adj: Rec serial IIH from *PPP* (Serial0/0), cir type L1L2, cir id 00, length 1499 02:14:00: ISIS-Adj: rcvd state UP, old state UP, new state UP 02:14:00: ISIS-Adj: Action = ACCEPT
Define the authentication mode:
(config-if)#[no] isis authentication mode [md5|text] [level1|level2]
Define the used key-chain:
(config-if)#[no] isis authentication key-chain KEY [level1|level2]
One way authentication:
(config-if)#[no] isis authentication send-only [level1|level2]
The router sends authentication information but it doesn't check the received authentication data.
(config)#[no] isis authentication mode [md5|text] [level1|level2] (config)#[no] isis authentication key-chain KEY [level1|level2] (config)#[no] isis authentication send-only [level1|level2]