- advertise-passive-only
- area-password
- authentication key-chain
- authentication mode
- authentication send-only
- clear isis lsp-full
- clear isis rib redistribution
- default-information originate (IS-IS)
- domain-password
- fast-flood
- fast-reroute load-sharing disable
- fast-reroute per-prefix
- fast-reroute tie-break
- hello padding
- hostname dynamic
- ip fast-convergence
- ip route priority high
- ip router isis
- isis advertise-prefix
- isis authentication key-chain
- isis authentication mode
- isis authentication send-only
- isis bfd
- isis circuit-type
- isis csnp-interval
- isis display delimiter
- isis hello padding
- isis hello-interval
- isis hello-multiplier
- isis lsp-interval
- isis mesh-group
- isis metric
- isis network point-to-point
- isis password
- isis priority
- isis protocol shutdown
- isis retransmit-interval
- isis retransmit-throttle-interval
- isis tag
- ispf
- is-type
Integrated IS-IS Commands
advertise-passive-only
To configure Intermediate System-to-Intermediate System (IS-IS) to advertise only prefixes that belong to passive interfaces, use the advertise-passive-only command in router configuration mode. To remove the restriction, use the no form of this command.
advertise-passive-only
no advertise-passive-only
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default behavior.
Command Modes
Router configuration
Command History
Usage Guidelines
This command is an IS-IS mechanism to exclude IP prefixes of connected networks from link-state packet (LSP) advertisements, thereby reducing IS-IS convergence time.
Configuring this command per IS-IS instance is a scalable solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP.
This command relies on the fact that when enabling IS-IS on a loopback interface, you usually configure the loopback as passive (to prevent sending unnecessary hello packets out through it because there is no chance of finding a neighbor behind it). Thus, if you want to advertise only the loopback and if it has already been configured as passive, configuring the advertise-passive-only command per IS-IS instance would prevent the overpopulation of the routing tables.
An alternative to this command is the no isis advertise-prefix command. The no isis advertise-prefix command is a small-scale solution because it is configured per interface.
Examples
The following example uses the advertise-passive-only command, which affects the IS-IS instance, and thereby prevents advertising the IP network of Ethernet interface 0. Only the IP address of loopback interface 0 is advertised.
!
interface loopback 0
ip address 192.168.10.1 255.255.255.255
no ip directed-broadcast
!
!
interface Ethernet0
ip address 192.168.20.1 255.255.255.0
no ip directed-broadcast
ip router isis
!.
!.
!.
!
router isis
passive-interface Loopback0
net 47.0004.004d.0001.0001.0c11.1111.00
advertise-passive-only
log-adjacency-changes
!
Related Commands
area-password
To configure the Intermediate System-to-Intermediate System (IS-IS) area authentication password, use the area-password command in router configuration mode. To disable the password, use the no form of this command.
area-password password [authenticate snp {validate | send-only}]
no area-password [password]
Syntax Description
Defaults
No area password is defined, and area password authentication is disabled.
Command Modes
Router configuration
Command History
Usage Guidelines
Using the area-password command on all routers in an area will prevent unauthorized routers from injecting false routing information into the link-state database.
This password is exchanged as plain text and thus this feature provides only limited security.
This password is inserted in Level 1 (station router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNP).
If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs.
Examples
The following example assigns an area authentication password and specifies that the password be inserted in SNPs and checked in SNPs that the system receives:
router isis
area-password track authenticate snp validate
Related Commands
|
|
domain-password |
Configures the IS-IS routing domain authentication password. |
isis password |
Configures the authentication password for an interface. |
authentication key-chain
To enable authentication for Intermediate System-to-Intermediate System (IS-IS), use the authentication key-chain command in router configuration mode. To disable such authentication, use the no form of this command.
authentication key-chain name-of-chain [level-1 | level-2]
no authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
Defaults
No key chain authentication is provided for IS-IS packets at the router level.
Command Modes
Router configuration
Command History
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. That is, if you configure a second authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command.
Examples
The following example configures IS-IS to accept and send any key belonging to the key chain named site1:
router isis real_secure_network
net 49.0000.0101.0101.0101.00
is-type level-1
authentication mode md5 level-1
authentication key-chain site1 level-1
Related Commands
authentication mode
To specify the type of authentication used in Intermediate System-to-Intermediate System (IS-IS) packets for the IS-IS instance, use the authentication mode command in router configuration mode. To restore clear text authentication, use the no form of this command.
authentication mode {md5 | text} [level-1 | level-2]
no authentication mode
Syntax Description
Defaults
No authentication is provided for IS-IS packets at the router level by use of this command, although clear text (plain text) authentication could be configured by other means, such as the area-password command or the domain-password command.
Command Modes
Router configuration
Command History
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the isis authentication mode command.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no authentication mode command first.
Examples
The following example configures for the IS-IS instance that Message Digest 5 (MD5) authentication is performed on Level 1 packets:
router isis real_secure_network
net 49.0000.0101.0101.0101.00
is-type level-1
authentication mode md5 level-1
authentication key-chain site1 level-1
Related Commands
authentication send-only
To specify for the Intermediate System-to-Intermediate System (IS-IS) instance that authentication is performed only on IS-IS packets being sent (not received), use the authentication send-only command in router configuration mode. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
authentication send-only [level-1 | level-2]
no authentication send-only
Syntax Description
Defaults
If authentication is configured at the router level, it applies to IS-IS packets being sent and received.
Command Modes
Router configuration
Command History
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
This command could apply to clear text authentication or Message Digest 5 (MD5) authentication. The mode is determined by the authentication mode command.
Examples
The following example configures IS-IS Level 1 packets to use clear text authentication on packets being sent (not received):
router isis real_secure_network
net 49.0000.0101.0101.0101.00
is-type level-1
authentication send-only level-1
authentication mode text level-1
authentication key-chain site1 level-1
Related Commands
clear isis lsp-full
To clear the LSPFULL state, use the clear isis lsp-full command in privileged EXEC mode.
clear isis lsp-full
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the link-state PDU (LSP) becomes full because too many routes are redistributed, use the clear isis lsp-full command to clear the state after the problem has been resolved.
Examples
This example clears the LSPFULL state:
Router# clear isis lsp-full
Related Commands
|
|
---|---|
lsp-full suppress |
Controls which routes are suppressed when the link-state PDU becomes full. |
clear isis rib redistribution
To clear some or all prefixes in the Intermediate System-to-Intermediate System (IS-IS) redistribution cache, use the clear isis rib redistribution command in privileged EXEC mode.
clear isis rib redistribution [level-1 | level-2] [network-prefix] [network-mask]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
We recommend that you use this command in a troubleshooting situation only when a Cisco Technical Assistance Center representative requests you to do so following a software error.
Examples
The following example clears the network prefix 10.1.0.0 from the IP local redistribution cache:
Router# clear isis rib redistribution 10.1.0.0 255.255.0.0
Related Commands
|
|
---|---|
debug isis rib redistribution |
Debugs the local redistribution cache event. |
show isis rib redistribution |
Displays the prefixes in the IS-IS redistribution cache. |
default-information originate (IS-IS)
To generate a default route into an Intermediate System-to-Intermediate System (IS-IS) routing domain, use the default-information originate command in router configuration mode. To disable this feature, use the no form of this command.
default-information originate [route-map map-name]
no default-information originate [route-map map-name]
Syntax Description
route-map map-name |
(Optional) Routing process will generate the default route if the route map is satisfied. |
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
Usage Guidelines
If a router configured with this command has a route to 0.0.0.0 in the routing table, IS-IS will originate an advertisement for 0.0.0.0 in its link-state packets (LSPs).
Without a route map, the default is advertised only in Level 2 LSPs. For Level 1 routing, there is another mechanism to find the default route, which is to look for the closest Level 1 or Level 2 router. The closest Level 1 or Level 2 router can be found by looking at the attached-bit (ATT) in Level 1 LSPs.
A route map can be used for two purposes:
•Make the router generate default in its Level 1 LSPs.
•Advertise 0/0 conditionally.
With a match ip address standard-access-list command, you can specify one or more IP routes that must exist before the router will advertise 0/0.
Examples
The following example forces the software to generate a default external route into an IS-IS domain:
router isis
! BGP routes will be distributed into IS-IS
redistribute bgp 120
! access list 2 is applied to outgoing routing updates
distribute-list 2 out
default-information originate
! access list 2 defined as giving access to network 10.105.0.0
access-list 2 permit 10.105.0.0 0.0.255.255
Related Commands
domain-password
To configure the Intermediate System-to-Intermediate System (IS-IS) routing domain authentication password, use the domain-password command in router configuration mode. To disable a password, use the no form of this command.
domain-password password [authenticate snp {validate | send-only}]
no domain-password [password]
Syntax Description
Defaults
No domain password is specified and no authentication is enabled for exchange of Level 2 routing information.
Command Modes
Router configuration
Command History
Usage Guidelines
This password is exchanged as plain text and thus this feature provides only limited security.
This password is inserted in Level 2 (area router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNPs).
If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs.
Examples
The following example assigns an authentication password to the routing domain and specifies that the password be inserted in SNPs and checked in SNPs that the system receives:
router isis
domain-password users2j45 authenticate snp validate
Related Commands
|
|
area-password |
Configures the IS-IS area authentication password. |
isis password |
Configures the authentication password for an interface. |
fast-flood
To fill Intermediate System-to-Intermediate System (IS-IS) link-state packets (LSPs), use the fast-flood command in router configuration mode. To disable the fast flooding, use the no form of this command.
fast-flood [lsp-number]
no fast-flood [lsp-number]
Syntax Description
lsp-number |
(Optional) The number of LSPs from 1 to 15 to be flooded before shortest path first (SPF) is started. The default is 5 LSPs. |
Command Default
Fast flooding is disabled.
Command Modes
Router configuration (config-router)
Command History
Usage Guidelines
The fast-flood command sends a specified number of LSPs from the router. If no LSP number value is specified, the default it 5. The LSPs invoke SPF before running SPF. When you speed up the LSP flooding process, you improve overall network convergence time.
If you are running SPF and if you have configured values shorter than 40 milliseconds for the initial delay that is set by the seconds argument of the incremental-spf command, the SPF computation might start before the LSP that triggered SPF is flooded to neighbors. The router should always flood, at least, the LSP that triggered SPF before the router runs the SPF computation.
We recommend that you enable the fast flooding of LSPs before the router runs the SPF computation, in order to achieve a faster convergence time.
Note Beginning with Cisco IOS Release 12.3(7)T, the ip fast-convergence command is replaced with the fast-flood command.
Examples
In the following example, the fast-flood command is entered to configure the router to fill the first seven LSPs that invoke SPF, before the SPF computation is started. When the show running-configuration command is entered, the output confirms that fast flooding has been enabled on the router.
Router# clear isis rib redistribution 10.1.0.0 255.255.0.0
Router> enable
Router# configure terminal
Router(config)# router isis first
Router(config-router)# fast-flood 7
Router(config-router)# end
Router# show running-config
fast-flood 7
Related Commands
|
|
---|---|
incremental-spf |
Enables incremental SPF. |
fast-reroute load-sharing disable
To disable Fast Reroute (FRR) load sharing of prefixes, use the fast-reroute load-sharing disable command in router configuration mode. To restore the default setting, use the no form of this command.
fast-reroute load-sharing {level-1 | level-2} disable
no fast-reroute load-sharing {level-1 | level-2} disable
Syntax Description
level-1 |
Specifies Level 1 packets. |
level-2 |
Specifies Level 2 packets. |
Command Default
Load sharing of prefixes is enabled by default.
Command Modes
Router configuration (config-router)
Command History
|
|
---|---|
15.1(2)S |
This command was introduced. |
Usage Guidelines
You must configure the router isis command before you can configure the fast-reroute load-sharing disable command.
Load sharing equally distributes the prefixes that use the same protected primary path over the available loop-free alternates (LFAs). An LFA is a next hop that helps a packet reach its destination without looping back.
Examples
The following example shows how to disable load sharing of Level 2 prefixes:
Router(config)# router isis
Router(router-config)# fast-reroute load-sharing level-2 disable
Router(router-config)# end
Related Commands
|
|
---|---|
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
fast-reroute per-prefix
To enable Fast Reroute (FRR) per prefix, use the fast-reroute per-prefix command in router configuration mode. To disable the configuration, use the no form of this command.
fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name}
no fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name}
Syntax Description
Command Default
Fast Reroute per prefix is disabled.
Command Modes
Router configuration (config-router)
Command History
|
|
---|---|
15.1(2)S |
This command was introduced. |
Usage Guidelines
You must configure the router isis command before you can configure the fast-reroute per-prefix command.
You must configure the all keyword to protect all prefixes or configure the route-map route-map-name keyword and argument pair to protect a selected set of prefixes. When you specify the all keyword, all paths are protected, except paths that use interfaces, which are not supported, or interfaces, which are not enabled for protection. Using the route-map route-map-name keyword and argument pair to specify protected routes provides you with the flexibility to select protected routes, including using administrative tags.
Repair paths forward traffic during a routing transition. Repair paths are precomputed in anticipation of failures so that they can be activated when a failure is detected.
Examples
The following example shows how to enable FRR for all Level 2 prefixes:
Router(config)# router isis
Router(router-config)# fast-reroute per-prefix level-2 all
Router(router-config)# end
Related Commands
|
|
---|---|
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
fast-reroute tie-break
To configure the Fast Reroute (FRR) tiebreaking priority, use the fast-reroute tie-break command in router configuration mode. To disable the configuration, use the no form of this command.
fast-reroute tie-break {level-1 | level-2} {downstream | linecard-disjoint | lowest-backup-path-metric | node-protecting | primary-path | secondary-path | srlg-disjoint} priority-number
no fast-reroute tie-break {level-1 | level-2} {downstream | linecard-disjoint | lowest-backup-path-metric | node-protecting | primary-path | secondary-path | srlg-disjoint}
Syntax Description
Command Default
Tiebreaking is enabled by default.
Command Modes
Router configuration (config-router)
Command History
|
|
---|---|
15.1(2)S |
This command was introduced. |
Usage Guidelines
You must configure the router isis command before you can configure the fast-reroute tie-break command.
Tiebreaking configurations are applied per IS-IS instance per address family. The lower the configured priority value, the higher the priority of the rule. The same attribute cannot be configured more than once in the same address family.
The default tiebreaking rules have a priority value of 256. Hence, the tiebreaking rules that you configure will always have a higher priority than the default rule.
Load sharing equally distributes the prefixes that use the same protected primary path over the available LFAs. An LFA is a next hop that helps a packet reach its destination without looping back.
Examples
The following example shows how to set a tiebreaking priority of 5 for Level 2 packets:
Router(config)# router isis
Router(router-config)# fast-reroute load-sharing level-2 all
Router(router-config)# end
Related Commands
|
|
---|---|
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
hello padding
To reenable IS-IS hello padding at the router level, enter the hello padding command in router configuration mode. To disable IS-IS hello padding, use the no form of this command.
hello padding
no hello padding
Syntax Description
This command has no arguments or keywords.
Defaults
IS-IS hello padding is enabled.
Command Modes
Router configuration
Command History
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode. To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode.
Examples
In the following example the no hello padding command is used to turn off hello padding at the router level:
Router(config)# router isis
Router(config-router)# no hello padding
Router(config-router)# end
The show clns interfaces command is entered to show that hello padding has been turned off at router level:
Router# show clns interface e0/0
Ethernet0/0 is up, line protocol is up
Checksums enabled, MTU 1497, Encapsulation SAP
ERPDUs enabled, min. interval 10 msec.
CLNS fast switching enabled
CLNS SSE switching disabled
DEC compatibility mode OFF for this interface
Next ESH/ISH in 4 seconds
Routing Protocol: IS-IS
Circuit Type: level-1-2
Interface number 0x0, local circuit ID 0x1
Level-1 Metric: 10, Priority: 64, Circuit ID: Router_B.01
Level-1 IPv6 Metric: 10
Number of active level-1 adjacencies: 1
Level-2 Metric: 10, Priority: 64, Circuit ID: Router_B.01
Level-2 IPv6 Metric: 10
Number of active level-2 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 6 seconds
! No hello padding
Next IS-IS LAN Level-2 Hello in 2 seconds
! No hello padding
When the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497:
Router# debug isis adj packets e0/0
IS-IS Adjacency related packets debugging is on
Router_A#
*Oct 11 18:04:17.455: ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0, length 55
*Oct 11 18:04:19.075: ISIS-Adj: Rec L2 IIH from aabb.cc00.6600 (Ethernet0/0), cir type L1L2, cir id 0000.0000.000B.01, length 1497
Related Commands
hostname dynamic
To enable IS-IS dynamic hostname capability on the router, use the hostname dynamic command in router configuration mode. To disable the dynamic hostname feature, use the no form of this command.
hostname dynamic
no hostname dynamic
Syntax Description
This command has no arguments or keywords.
Command Default
The dynamic hostname feature is enabled by default.
Command Modes
Router configuration
Command History
|
|
---|---|
12.0 |
This command was introduced. |
12.0S |
This command was integrated into Cisco IOS Release 12.0(S). |
Usage Guidelines
In the IS-IS routing domain, the system ID is used to represent each router. The system ID is part of the network entity title (NET) that is configured for each IS-IS router. For example, a router with a configured NET of 49.0001.0023.0003.000a.00 has a system ID of 0023.0003.000a. Router-name-to-system-ID mapping is difficult for network administrators to remember during maintenance and troubleshooting on the routers. Entering the show isis hostname command displays the entries in the system-ID-to-router-name mapping table.
The dynamic hostname mechanism uses link-state protocol (LSP) flooding to distribute the router-name-to-system-ID mapping information across the entire network. Every router on the network will try to install the system ID-to-router name mapping information in its routing table.
If a router that has been advertising the dynamic name type, length, value (TLV) on the network suddenly stops the advertisement, the mapping information last received will remain in the dynamic host mapping table for up to one hour, allowing the network administrator to display the entries in the mapping table during a time when the network experiences problems. Entering the show isis hostname command displays the entries in the mapping table.
Note Locally defined mappings are always preferred over dynamically learned mappings. If you have already configured the clns host command to overwrite network advertised name mappings from LSPs, the clns host command will take precedence over the dynamic hostname feature.
Examples
The following example changes the hostname from Router to RouterA and assigns the NET 49.0001.0000.0000.000b.00 to RouterA. The dynamic hostname feature is disabled by entering the no hostname dynamic command. The dynamic hostname feature is then reeanabled by entering the hostname dynamic command.
Router> enable
Router# configure terminal
Router(config)# hostname RouterA
RouterA(config)# router isis CompanyA
RouterA(config-router)# net 49.0001.0000.0000.000b.00
RouterA(config-router)# hostname dynamic
RouterA(config-router)# end
Entering the show isis hostname command displays the dynamic host mapping table. The * symbol signifies that this is the hostname for the local router. The dynamic host mapping table confirms that system ID 0000.0000.000B belongs to a router with the dynamic hostname RouterA. This router is running the IS-IS process named CompanyA.
Router# show isis hostname
Level System ID Dynamic Hostname (CompanyA)
* 0000.0000.000B RouterA
Related Commands
ip fast-convergence
To reduce packet loss when the metric of a path is changed, or to fast-flood Intermediate System-to-Intermediate System (IS-IS) link-state packets (LSPs), use the ip fast-convergence command in router configuration mode. To disable packet loss reduction or fast-flooding, use the no version of this command.
ip fast-convergence
no ip fast-convergence
Note Effective with Release 12.3(7)T, the ip fast-convergence command is replaced by the fast-flood command. See the fast-flood command for more information.
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
Usage Guidelines
To reduce packet loss when the metric of a path is changed, use the ip fast-convergence command. Entering the ip fast-convergence command is especially helpful when Multiprotocol Label Switching (MPLS) traffic engineering with Fast Reroute (FRR) is deployed.
If you are running Cisco IOS Release 12.2(11)T or a later release, you can enter the ip fast-convergence command to configure the router to flood the first five LSPs that invoke shortest path first (SPF) before running SPF. When you speed up the LSP flooding process, you improve overall network convergence time. We recommend that you enable the fast-flooding of LSPs before the router runs the SPF computation, in order to achieve a faster convergence time.
Examples
In the following example, the ip fast-convergence command is entered to configure the router to flood the first five LSPs that invoke SPF, before the SPF computation is started. When the show running-configuration command is entered, the output confirms that fast-flooding has been enabled on the router.
Router> enable
Router# configure terminal
Router(config)# router isis
Router(config-router)# ip fast-convergence
Router(config-router)# end
Router# show running-config
fast-flood
Related Commands
|
|
---|---|
incremental-spf |
Enables incremental SPF. |
ip route priority high
To assign a high priority to an Integrated Intermediate System-to-Intermediate System (IS-IS) IP prefix, use the ip route priority high command in router configuration mode. To remove the IP prefix priority, use the no form of this command.
ip route priority high tag tag-value
no ip route priority high tag tag-value
Syntax Description
tag tag-value |
Assigns a high priority to IS-IS IP prefixes with a specific route tag in a range from 1 to 4294967295. |
Defaults
No IP prefix priority is set.
Command Modes
Router configuration
Command History
Usage Guidelines
When you use the ip route priority high command to tag higher priority IS-IS IP prefixes for faster processing and installation in the global routing table, you can achieve faster convergence. For example, you can help Voice over IP (VoIP) gateway addresses get processed first to help VoIP traffic get updated faster than other types of packets.
Examples
The following example uses the ip route priority high command to assign a tag value of 100 to the IS-IS IP prefix:
Router>
enable
Router# configure terminal
Router(config)# interface Ethernet 0
Router(config-if)# ip router isis
Router(config-if)# isis tag 100
!
Router(config)# router isis
Router(config-router)# ip route priority high tag 100
!
Related Commands
ip router isis
To configure an Intermediate System-to-Intermediate System (IS-IS) routing process for IP on an interface and to attach an area designator to the routing process, use the ip router isis command in interface configuration mode. To disable IS-IS for IP, use the no form of the command.
ip router isis area-tag
no ip router isis area-tag
Syntax Description
Defaults
No routing processes are specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
Before the IS-IS routing process is useful, a network entity title (NET) must be assigned with the net command and some interfaces must have IS-IS enabled.
If you have IS-IS running and at least one International Organization for Standardization Interior Gateway Routing Protocol (ISO-IGRP) process, the IS-IS process and the ISO-IGRP process cannot both be configured without an area tag. The null tag can be used by only one process. If you run ISO-IGRP and IS-IS, a null tag can be used for IS-IS, but not for ISO-IGRP at the same time. However, each area in an IS-IS multiarea configuration should have a nonnull area tag to facilitate identification of the area.
You can configure only one process to perform Level 2 (interarea) routing. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform intra-area (Level 1) routing at the same time. You can configure up to 29 additional processes as Level 1-only processes. Use the is-type command to remove Level 2 routing from a router instance. You can then use the is-type command to enable Level 2 routing on some other IS-IS router instance.
An interface cannot be part of more than one area, except in the case where the associated routing process is performing both Level 1 and Level 2 routing. On media such as WAN media where subinterfaces are supported, different subinterfaces could be configured for different areas.
Examples
The following example specifies IS-IS as an IP routing protocol for a process named Finance, and specifies that the Finance process will be routed on Ethernet interface 0 and serial interface 0:
router isis Finance
net 49.0001.aaaa.aaaa.aaaa.00
interface Ethernet 0
ip router isis Finance
interface serial 0
ip router isis Finance
The following example shows an IS-IS configuration with two Level 1 areas and one Level 1-2 area:
ip routing
.
.
.
interface Tunnel529
ip address 10.0.0.5 255.255.255.0
ip router isis BB
interface Ethernet1
ip address 10.1.1.5 255.255.255.0
ip router isis A3253-01
!
interface Ethernet2
ip address 10.2.2.5 255.255.255.0
ip router isis A3253-02
.
.
.
! Defaults to "is-type level-1-2"
router isis BB
net 49.2222.0000.0000.0005.00
!
router isis A3253-01
net 49.0553.0001.0000.0000.0005.00
is-type level-1
!
router isis A3253-02
net 49.0553.0002.0000.0000.0005.00
is-type level-1
Related Commands
|
|
is-type |
Configures the routing level for an IS-IS routing process. |
net |
Configures an IS-IS NET for a CLNS routing process. |
router isis |
Enables the IS-IS routing protocol. |
isis advertise-prefix
To allow the advertising of IP prefixes of connected networks in link-state packet (LSP) advertisements per Intermediate System-to-Intermediate System (IS-IS) interface, use the isis advertise-prefix command in interface configuration mode. To prevent IP prefixes of connected networks from being advertised, use the no form of this command.
isis advertise-prefix
no isis advertise-prefix
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled; IP prefixes are advertised.
Command Modes
Interface configuration
Command History
Usage Guidelines
The no isis advertise-prefix command is an IS-IS mechanism to exclude IP prefixes of connected networks from LSP advertisements, thereby reducing IS-IS convergence time.
Configuring the no form of this command per IS-IS interface is a small-scale solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP.
An alternative the isis advertise-prefix command is the advertise-passive-only command. The latter command is a scalable solution because it is configured per IS-IS instance.
Examples
The following example uses the no isis advertise-prefix command on Ethernet interface 0. Only the IP address of loopback interface 0 is advertised.
!
interface loopback 0
ip address 192.168.10.1 255.255.255.255
no ip directed-broadcast
!
interface Ethernet 0
ip address 192.168.20.1 255.255.255.0
no ip directed-broadcast
ip router isis
no isis advertise-prefix
!
.
.
.
!
router isis
passive-interface loopback 0
net 47.0004.004d.0001.0001.0c11.1111.00
log-adjacency-changes
!
Related Commands
|
|
advertise-passive-only |
Configures the IS-IS instance to advertise only prefixes that belong to passive interfaces. |
isis authentication key-chain
To enable authentication for an Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication key-chain command in interface configuration mode. To disable such authentication, use the no form of this command.
isis authentication key-chain name-of-chain [level-1 | level-2]
no isis authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
Defaults
No key chain authentication is configured for a specific IS-IS interface, although it might be configured at the IS-IS instance level.
Command Modes
Interface configuration
Command History
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Only one authentication key chain is applied to an IS-IS interface at one time. That is, if you configure a second isis authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an entire instance of IS-IS instead of at the interface level by using the authentication key-chain command.
Examples
The following example configures Ethernet interface 0 to accept and send any key belonging to the key chain named second:
interface Ethernet0
ip address 10.1.1.1 255.255.255.252
ip router isis real_secure_network
isis authentication mode md5 level-1
isis authentication key-chain second level-1
Related Commands
|
|
authentication key-chain |
Enables authentication for IS-IS at the instance level. |
key chain |
Enables authentication for routing protocols. |
isis authentication mode
To specify the type of authentication used for an Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
isis authentication mode {md5 | text} [level-1 | level-2]
no isis authentication mode
Syntax Description
Defaults
No authentication is provided for IS-IS packets on an interface level, although authentication could be provided at the IS-IS instance level by several means.
Command Modes
Interface configuration
Command History
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the isis authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no isis authentication mode command first.
You can specify the type of authentication and the level to which it applies for the entire IS-IS instance, rather than per interface, by using the authentication mode command.
Examples
The following example configures IS-IS Level 2 packets to use MD5 authentication on Ethernet interface 0:
interface Ethernet0
ip address 10.1.1.1 255.255.255.252
ip router isis real_secure_network
isis authentication mode md5 level-2
isis authentication key-chain cisco level-2
Related Commands
isis authentication send-only
To specify that authentication is performed only on packets being sent (not received) on a specified Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication send-only command in interface configuration mode. To restore the default value, use the no form of this command.
isis authentication send-only [level-1 | level-2]
no isis authentication send-only
Syntax Description
Defaults
If MD5 authentication is configured at the interface level, it applies to IS-IS packets being sent and received over all interfaces.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no isis authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
Examples
The following example configures IS-IS Level-1 packets to use MD5 authentication on packets being sent (not received) on Ethernet interface 0:
interface Ethernet0
ip address 10.1.1.1 255.255.255.252
ip router isis real_secure_network
isis authentication send-only level-1
isis authentication mode md5 level-1
isis authentication key-chain cisco level-1
Related Commands
isis bfd
To enable or disable Bidirectional Forwarding Detection (BFD) on a specific interface configured for Intermediate System-to-Intermediate System (IS-IS), use the isis bfd command in interface configuration mode. To disable BFD on the IS-IS interface, use the disable keyword. To remove the isis bfd command, use the no form of this command.
isis bfd [disable]
no isis bfd
Syntax Description
disable |
(Optional) Disables BFD for IS-IS on a specified interface. |
Defaults
When the disable keyword is not used, the default behavior is to enable BFD support for IS-IS on the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
Enter the isis bfd command in interface mode to configure an IS-IS interface to use BFD for failure detection. If you have used the bfd-all interfaces command in router configuration mode to globally configure all IS-IS interfaces for an IS-IS process to use BFD, you can enter the isis bfd command with the disable keyword in interface configuration mode to disable BFD for a specific IS-IS interface.
Entering the no isis bfd command will remove the command. In that case, whether or not an IS-IS interface for a particular IS-IS process is registered with the BFD protocol will depend on whether or not you have entered the bfd all-interfaces command in router configuration mode for the specific IS-IS process.
Examples
In the following example, the interface associated with OSPF, Fast Ethernet interface 3/0, is configured for BFD:
Router> enable
Router# configure terminal
Router(config)# interface fastethernet 3/0
Router(config-if)# isis bfd
Router(config-if)# end
Related Commands
|
|
---|---|
bfd all-interfaces |
Enables BFD for all interfaces for a BFD peer. |
isis circuit-type
To configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command.
isis circuit-type [level-1 | level-1-2 | level-2-only]
no isis circuit-type
Syntax Description
Defaults
A Level 1 and Level 2 adjacency is established.
Command Modes
Interface configuration
Command History
Usage Guidelines
Normally, this command need not be configured. The proper way is to configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.
A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.
A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.
Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.
Examples
In the following example, other routers on Ethernet interface 0 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.
interface ethernet 0
ip router isis
interface ethernet 1
isis circuit-type level-2-only
isis csnp-interval
To configure the Intermediate System-to-Intermediate System (IS-IS) complete sequence number PDUs (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis csnp-interval seconds [level-1 | level-2]
no isis csnp-interval [level-1 | level-2]
Syntax Description
Defaults
10 seconds
Level 1 and Level 2
Command Modes
Interface configuration
Command History
Usage Guidelines
It is very unlikely you will need to change the default value of this command.
This command applies only for the designated router (DR) for a specified interface. Only DRs send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2. Configuring the CSNP interval does not apply to serial point-to-point interfaces. It does apply to WAN connections if the WAN is viewed as a multiaccess meshed network.
For multiaccess WAN interfaces such as ATM, Frame Relay, and X.25, we highly recommend that you configure the nonbroadcast multiaccess (NBMA) cloud as multiple point-to-point subinterfaces. Doing so will make routing much more robust if one or more permanent virtual circuits (PVCs) fails.
The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.
Examples
The following example configures Ethernet interface 0 for sending CSNPs every 30 seconds:
interface ethernet 0
isis csnp-interval 30 level-1
isis display delimiter
To make output from multiarea displays easier to read by specifying the delimiter to use to separate displays of information, use the isis display delimiter command in global configuration mode. To disable this output format, use the no form of the command.
isis display delimiter [return count | character count]
no isis display delimiter [return count | character count]
Syntax Description
Defaults
The isis display delimiter command is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to customize display output when the IS-IS multiarea feature is used. The isis display delimiter command displays the output from different areas as a string or additional white space.
Examples
The following command causes different areas in multiarea displays (such as show command output) to be delimited by a string of dashes (-):
isis display delimiter - 14
With three IS-IS neighbors configured, this command displays the following output from the show clns neighbors command:
Router# show clns neighbors
--------------
Area L2BB:
System Id Interface SNPA State Holdtime Type Protocol
0000.0000.0009 Tu529 172.21.39.9 Up 25 L1L2 IS-IS
--------------
Area A3253-01:
System Id Interface SNPA State Holdtime Type Protocol
0000.0000.0053 Et1 0060.3e58.ccdb Up 22 L1 IS-IS
0000.0000.0003 Et1 0000.0c03.6944 Up 20 L1 IS-IS
--------------
Area A3253-02:
System Id Interface SNPA State Holdtime Type Protocol
0000.0000.0002 Et2 0000.0c03.6bc5 Up 27 L1 IS-IS
0000.0000.0053 Et2 0060.3e58.ccde Up 24 L1 IS-IS
Related Commands
isis hello padding
To reenable Intermediate System-to-Intermediate System (IS-IS) hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command.
isis hello padding
no isis hello padding
Syntax Description
This command has no arguments or keywords.
Defaults
IS-IS hello padding is enabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.
Examples
To turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface e0/0
Router(config-if)# no isis hello padding
Router(config-if)# end
When the show clns neighbor command is entered for Ethernet interface 0/0, the output confirms that hello padding has been turned off for both Level 1 and Level 2 circuit types:
Router# show clns interface e0/0
Ethernet0/0 is up, line protocol is up
Checksums enabled, MTU 1497, Encapsulation SAP
ERPDUs enabled, min. interval 10 msec.
CLNS fast switching enabled
CLNS SSE switching disabled
DEC compatibility mode OFF for this interface
Next ESH/ISH in 47 seconds
Routing Protocol: IS-IS
Circuit Type: level-1-2
Interface number 0x0, local circuit ID 0x1
Level-1 Metric: 10, Priority: 64, Circuit ID: Router_B.01
Level-1 IPv6 Metric: 10
Number of active level-1 adjacencies: 1
Level-2 Metric: 10, Priority: 64, Circuit ID: Router_B.01
Level-2 IPv6 Metric: 10
Number of active level-2 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 2 seconds
! No hello padding
Next IS-IS LAN Level-2 Hello in 2 seconds
! No hello padding
When the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497:
Router# debug isis adj packets e0/0
IS-IS Adjacency related packets debugging is on
Router#
*Oct 11 18:04:17.455: ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0, length 55
*Oct 11 18:04:19.075: ISIS-Adj: Rec L2 IIH from aabb.cc00.6600 (Ethernet0/0), cir type L1L2, cir id 0000.0000.000B.01, length 1497
Related Commands
isis hello-interval
To specify the length of time between hello packets that the Cisco IOS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-interval {seconds | minimal} [level-1 | level-2]
no isis hello-interval [level-1 | level-2]
Syntax Description
Command Default
The hello interval is 10 seconds for non-DIS interfaces, and 3.333 seconds for DIS interfaces.
The hello interval is configured for both Level 1 and Level 2.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The hello interval multiplied by the hello multiplier equals the hold time. If the minimal keyword is specified, the hold time is 1 second and the system computes the hello interval based on the hello multiplier.
The hello interval can be configured independently for Level 1 and Level 2, except on serial point-to-point interfaces. (Because only a single type of hello packet is sent on serial links, it is independent of Level 1 or Level 2.) The level-1 and level-2 keywords are used on X.25, SMDS, and Frame Relay multiaccess networks or on LAN interfaces.
Although a slower hello interval saves bandwidth and CPU usage, there are some situations when a faster hello interval is preferred. In the case of a large configuration that uses Traffic Engineering (TE) tunnels, if the TE tunnel uses ISIS as the Interior Gateway Protocol (IGP), and the IP routing process is restarted at the router at the ingress point of the network (headend), then all the TE tunnels get resignaled with the default hello interval. A faster hello interval prevents this resignaling. To configure a faster hello interval, you need to increase the ISIS hello interval manually using the isis hello-interval command.
It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces.
Examples
The following example configures serial interface 0 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than the traffic generated by configuring a longer interval, but topological changes will be detected earlier.
interface serial 0
isis hello-interval 5 level-1
Related Commands
|
|
isis hello-multiplier |
Specifies the number of IS-IS hello packets that a neighbor must miss before the router should declare the adjacency as down. |
isis hello-multiplier
To specify the number of Intermediate System-to-Intermediate System (IS-IS) hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-multiplier multiplier [level-1 | level-2]
no isis hello-multiplier [level-1 | level-2]
Syntax Description
Defaults
multiplier: 3
Level 1 and Level 2
Command Modes
Interface configuration
Command History
Usage Guidelines
The "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated.
Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.
On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.
Examples
In the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.
interface serial 1
ip router isis
isis hello-interval 6 level-1
isis hello-multiplier 10 level-1
Related Commands
|
|
isis hello-interval |
Specifies the length of time between hello packets that the Cisco IOS software sends. |
isis lsp-interval
To configure the time delay between successive Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis lsp-interval milliseconds
no isis lsp-interval
Syntax Description
milliseconds |
Time delay between successive LSPs (in milliseconds). |
Defaults
The default time delay is 33 milliseconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and by implication the reception rate of other systems) to be reduced.
Examples
The following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on serial interface 0:
interface serial 0
isis lsp-interval 100
Related Commands
|
|
isis retransmit-interval |
Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links. |
isis mesh-group
To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command.
isis mesh-group [number | blocked]
no isis mesh-group [number | blocked]
Syntax Description
number |
(Optional) A number identifying the mesh group of which this interface is a member. |
blocked |
(Optional) Specifies that no LSP flooding will take place on this subinterface. |
Defaults
The interface performs normal flooding.
Command Modes
Interface configuration
Command History
Usage Guidelines
LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.
LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the blocked keyword is configured on a subinterface, then a newly received LSP is not flooded out over that interface.
To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.
Examples
In the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows:
•LSPs received first via ATM 1/0.1 are flooded to all interfaces except ATM 1/0.2 (which is part of the same mesh group) and ATM 1/2.1, which is blocked.
•LSPs received first via ATM 1/1.2 are flooded to all interfaces except ATM 1/1.1 (which is part of the same mesh group) and ATM 1/2.1, which is blocked.
•LSPs received first via ATM 1/2.1 are not ignored, but flooded as usual to all interfaces. LSPs received first via ATM 1/2.2 are flooded to all interfaces, except ATM 1/2.1, which is blocked.
interface atm 1/0.1 ip router isis isis mesh-group 10
interface atm 1/0.2
ip router isis isis mesh-group 10
interface atm 1/1.1 ip router isis isis mesh-group 11
interface atm 1/1.2 ip router isis isis mesh-group 11
interface atm 1/2.1 ip router isis
isis mesh-group blocked
interface atm 1/2.2 ip router isis
Related Commands
|
|
---|---|
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
isis metric
To configure the value of an Intermediate System-to-Intermediate System (IS-IS) metric, use the isis metric command in interface configuration or subinterface mode. To restore the default metric value, use the no form of this command.
isis metric {metric-value | maximum} [level-1 | level-2]
no isis metric {metric-value | maximum} [level-1 | level-2]
Syntax Description
Command Default
The default metric value is set to 10.
Command Modes
Interface configuration
Subinterface configuration
Command History
Usage Guidelines
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop-count metrics.
It is strongly recommended to use the metric-style wide command to configure IS-IS to use the new-style type, length, value (TLV) because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only extended metrics. Cisco IOS software provides support of a 24-bit metric field, the so-called "wide metric." Using the new metric style, link metrics now have a maximum value of 16777214 with a total path metric of 4261412864.
Cisco IOS Release 12.4(13) and 12.4(13)T
Entering the maximum keyword will exclude the link from the SPF calculation. If a link is advertised with the maximum link metric, the link will not be considered during the normal SPF calculation. When the link is excluded from the SPF, it will not be advertised for calculating the normal SPF. An example would be a link that is available for traffic engineering, but not for hop-by-hop routing. If a link, such as one that is used for traffic engineering, should not be included in the SPF calculation, enter the isis metric command with the maximum keyword.
Note The isis metric maximum command applies only when the metric-style wide command has been entered. The metric-style wide command is used to configure IS-IS to use the new-style TLV because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only extended metrics.
Examples
The following example configures serial interface 0 for a link-state metric cost of 15 for Level 1:
Router(config)# interface serial 0
Router(config-if)# isis metric 15 level-1
The following example sets the IS-IS metric for the link to maximum. SPF will ignore the link for both Level 1 and Level 2 routing because neither the level-1 keyword nor the level-2 keyword was entered.
Router(config)# interface fastethernet 0/0
Router(config-if)# isis metric maximum
Cisco IOS Release 12.4(13) and 12.4(13)T
The following example configures the isis metric maximum command on Ethernet subinterface 1/1.9.
Router(config)# interface Ethernet 1/1.9
Router(config-subif)# isis metric maximum
Related Commands
|
|
---|---|
metric-style wide |
Configures a router running IS-IS so that it generates and accepts only new-style TLVs. |
isis network point-to-point
To configure a network of only two networking devices that use broadcast media and the integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol to function as a point-to-point link instead of a broadcast link, use the isis network point-to-point command in interface configuration mode. To disable the point-to-point usage, use the no form of this command.
isis network point-to-point
no isis network point-to-point
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command only on broadcast media in a network of only two networking devices. The command will cause the system to issue packets point-to-point rather than as broadcasts. Configure the command on both networking devices in the network.
Examples
The following example configures a Fast Ethernet interface to act as a point-to-point interface:
interface fastethernet 1/0
isis network point-to-point
isis password
To configure the authentication password for an interface, use the isis password command in interface configuration mode. To disable authentication for Intermediate System-to-Intermediate System (IS-IS), use the no form of this command.
isis password password [level-1 | level-2]
no isis password [level-1 | level-2]
Syntax Description
Defaults
This command is disabled by default.
If no keyword is specified, the default is level-1-2.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command enables you to prevent unauthorized routers from forming adjacencies with this router, and thus protects the network from intruders.
The password is exchanged as plain text and thus provides only limited security.
Different passwords can be assigned for different routing levels using the level-1 and level-2 keywords.
Specifying the level-1 or level-2 keyword disables the password only for Level 1 or Level 2 routing, respectively.
Examples
The following example configures a password for Ethernet interface 0 at Level 1:
interface ethernet 0
isis password analyst level-1
isis priority
To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.
isis priority number-value [level-1 | level-2]
no isis priority [level-1 | level-2]
Syntax Description
Defaults
Priority of 64
Level 1 and Level 2
Command Modes
Interface configuration
Command History
Usage Guidelines
Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.
The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.
In Intermediate System-to-Intermediate System (IS-IS), there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.
Examples
The following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS.
interface ethernet 0
isis priority 80 level-1
isis protocol shutdown
To disable the Intermediate System-to-Intermediate System (IS-IS) protocol so that it cannot form adjacencies on a specified interface and place the IP address of the interface into the link-state packet (LSP) that is generated by the router, use the isis protocol shutdown command in interface configuration mode. To reenable the IS-IS protocol, use the no form of this command.
isis protocol shutdown
no isis protocol shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Interface configuration
Command History
Usage Guidelines
The isis protocol shutdown command allows you to disable the IS-IS protocol for a specified interface without removing the configuration parameters. The IS-IS protocol will not form any adjacencies for the interface for which the isis protocol shutdown command has been configured, and the IP address of the interface will be put into the LSP that is generated by the router.
If you do not want IS-IS to form any adjacency on any interface and clear the IS-IS LSP database, you can enter the protocol shutdown command.
Examples
The following example disables the IS-IS protocol on Ethernet interface3/1:
Router(config)# interface Ethernet 3/1
Router(config-if)# isis protocol shutdown
Related Commands
|
|
---|---|
protocol shutdown |
Disables the IS-IS protocol so that it cannot form any adjacency on any interface and clears the IS-IS LSP database. |
isis retransmit-interval
To configure the amount of time between retransmission of each Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) on a point-to-point link, use the isis retransmit-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-interval seconds
no isis retransmit-interval seconds
Syntax Description
Defaults
5 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
The setting of the seconds argument should be conservative, or needless retransmission will result.
This command has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability.
Retransmissions occur only when LSPs are dropped. So setting the seconds argument to a higher value has little effect on reconvergence. The more neighbors routers have, and the more paths over which LSPs can be flooded, the higher this value can be made.
The value should be higher for serial lines.
Examples
The following example configures serial interface 0 for retransmission of IS-IS LSP, every 60 seconds for a large serial line:
interface serial 0
isis retransmit-interval 60
Related Commands
isis retransmit-throttle-interval
To configure the amount of time between retransmissions on each Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) on a point-to-point interface, use the isis retransmit-throttle-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-throttle-interval milliseconds
no isis retransmit-throttle-interval
Syntax Description
milliseconds |
Minimum delay (in milliseconds) between LSP retransmissions on the interface. |
Defaults
The delay is determined by the isis lsp-interval command.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This command controls the rate at which LSPs can be re-sent on the interface.
The isis retransmit-throttle-interval command is distinct from the rate at which LSPs are sent on the interface (controlled by the isis lsp-interval command) and the period between retransmissions of a single LSP (controlled by the isis retransmit-interval command). These commands may all be used in combination to control the offered load of routing traffic from one router to its neighbors.
Examples
The following example configures serial interface 0 to limit the rate of LSP retransmissions to one every 300 milliseconds:
interface serial 0
isis retransmit-throttle-interval 300
Related Commands
isis tag
To set a tag on the IP address configured for an interface when this IP prefix is put into an Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP), use the isis tag command in interface configuration mode. To stop tagging the IP address, use the no form of this command.
isis tag tag-number
no isis tag tag-number
Syntax Description
tag-number |
Integer that serves as a tag on an IS-IS route. |
Command Default
No route tag is associated for IP addresses configured for the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
No action occurs on a tagged route until the tag is used, for example, to redistribute routes or summarize routes.
Configuring the isis tag command triggers the router to generate new LSPs because the tag is a new piece of information in the packet.
Examples
In this example, two interfaces are tagged with different tag values. By default, these two IP addresses would have been put into the IS-IS Level 1 and Level 2 database. However, if you use the redistribute command with a route map to match tag 110, only IP address 172.16. 0.0 is put into the Level 2 database.
interface ethernet 1/0
ip address 10.1.1.1 255.255.255.0
ip router isis
isis tag 120
interface ethernet 1/1
ip address 172.16.0.0
ip router isis
isis tag 110
router isis
net 49.0001.0001.0001.0001.00
redistribute isis ip level-1 into level-2 route-map match-tag
route-map match-tag permit 10
match tag 110
ispf
To enable incremental shortest path first (SPF), use the ispf command in router configuration mode. To disable incremental SPF, use the no form of this command.
ispf {level-1 | level-2 | level-1-2} [seconds]
no ispf
Syntax Description
Command Default
Incremental SPF is disabled.
seconds: 120
Command Modes
Router configuration
Command History
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) use Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type 1 or Type 2 link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recompute only the affected part of the tree. Recomputing only a portion of the tree rather than the entire tree results in faster OSPF convergence and saves CPU resources. Note that if the change to a Type 1 or Type 2 LSA occurs in the calculating router itself, then the full SPT is performed.
Incremental SPF computes only the steps needed to apply the changes in the network topology diagram. That process requires that the system keep more information about the topology in order to apply the incremental changes. Also, more processing must be done on each node for which the system receives a new link-state packet (LSP). However, incremental SPF typically reduces demand on CPU.
Incremental SPF is scheduled in the same way as the full SPF. Routers enabled with incremental SPF and routers not enabled with incremental SPF can function in the same internetwork.
Incremental SPF works only for IPv4.
Even if incremental SPF is configured, there are some cases where full SPF is executed; for example, periodic SPF, a calculation change for the routing calculation (such as a change in metric, is-type, and so on), the configuration of the clear ip route or clear isis commands, or adjacency changes.
Examples
The following example enables OSPF incremental SPF:
Router(config)# router ospf 1
Router(config-router)# ispf level-1
The following examples enables IS-IS incremental SPF for Level 1 and Level 2 packets:
Router(config)# router isis
Router(config-router)# ispf level-1-2
is-type
To configure the routing level for an instance of the Intermediate System-to-Intermediate System (IS-IS) routing process, use the is-type command in router configuration mode. To reset the default value, use the no form of this command.
is-type [level-1 | level-1-2 | level-2-only]
no is-type [level-1 | level-1-2 | level-2-only]
Syntax Description
Defaults
In conventional IS-IS configurations, the router acts as both a Level 1 (intra-area) and a Level 2 (interarea) router.
In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a Level 1-2 (intra-area and interarea) router. The remaining instances of the IS-IS process configured by default are Level 1 routers.
Command Modes
Router configuration
Command History
Usage Guidelines
We highly recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router.
If only one area is in the network, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are by default Level 1 areas.
If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device.
Examples
The following example specifies an area router:
router isis
is-type level-2-only