5.6. Configuring IS-IS with CLI
This section provides information to configure the Intermediate System-to-Intermediate System (IS-IS) protocol using the command line interface.
Topics in this section include:
5.7. IS-IS Configuration Overview
The 7705 SAR supports multi-instance IS-IS (MI-IS-IS). For IS-IS to operate on 7705 SAR routers, IS-IS must be explicitly enabled for each instance, and at least one area address and interface must be configured for the instance. If IS-IS is enabled but no area address or interface is configured, no routes are exchanged. When at least one area address and interface are configured, adjacencies can be formed and routes exchanged.
5.8. Basic IS-IS Configuration
The basic IS-IS configuration tasks that must be performed are:
- enable IS-IS
- modify the level capability on the global level from the default level 1/2 (if required)
- define area addresses
- configure IS-IS interfaces
The following output displays IS-IS default values:
5.9. Configuring IS-IS Components
The following sections show the CLI syntax for:
5.9.1. Enabling IS-IS
An IS-IS instance must be enabled in order for the protocol to be active. If the isis command is used without an isis-instance specified, the default (“base”) instance is used.
 | Note: Careful planning is essential when implementing commands that can affect the behavior of global and interface levels. |
To configure an IS-IS instance on a router, enter the following command:
5.9.2. Configuring an IS-IS Instance Level
When an IS-IS instance is enabled, the global default level capability is level 1/2. This means that the instance operates with both level 1 and level 2 routing capabilities. To change the default value in order for the instance to operate as a level 1 router or a level 2 router only, you must explicitly modify the level-capability value.
Select level-1 to route traffic only within an area. Select level-2 to route traffic to destinations outside an area, toward other eligible level 2 routers.
If the level-capability is modified, the protocol restarts, which will likely affect adjacencies and routes.
The level-capability value can be configured at the global level and on a per-interface level. The level-capability value determines which level values can be assigned on the router instance level or on an interface level.
The level command lets you configure parameters for level 1 or level 2 instances (or both).
To configure the router instance level, enter the following command:
The following example displays a level configuration:
If the default value is not modified on any routers in the area, the routers try to form both level 1 and level 2 adjacencies on all IS-IS interfaces. If the default values are modified to level 1 or level 2, the number of adjacencies formed are limited to that level only. See Interface Level Capability for information on the types of adjacencies that can be established depending on the global and interface level values.
5.9.3. Configuring ISO Area Addresses
The area-id command specifies the area address portion of the NET, which is used to define the IS-IS area to which the router will belong. At least one area ID must be configured per instance for each router participating in IS-IS; a maximum of three area IDs are supported. Use the following syntax to configure an ISO area address.
For more information on area addresses, see ISO Network Addressing.
The following example shows the commands to configure the area ID.
The following example displays an area ID configuration:
5.9.4. Configuring Global IS-IS Parameters
Commands and parameters configured on the global level are inherited by the interface levels. Parameters specified in the interface configuration override the global configuration for that interface.
Use the following syntax to configure global IS-IS parameters:
The following example displays a global level configuration:
5.9.5. Configuring Interface Parameters
By default, there are no interfaces associated with IS-IS. You must configure at least one IS-IS interface in order for IS-IS to work. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas.
To enable IS-IS on an interface, first configure an IP interface in the config>router>interface context. Then, apply the interface in the config>router>isis>interface context.
The level-capability value can be configured on an interface. The default value is level 1/2. You can configure both level 1 parameters and level 2 parameters on an interface. The level-capability value determines which level values are used.
| Note: For point-to-point interfaces, only the values configured under level 1 are used, regardless of the operational level of the interface. |
Use the following syntax to configure interface parameters:
The following example displays a global level and interface configuration:
5.9.5.1. Example 1: Configuring a Level 1 Area
Interfaces are configured in the config>router>interface context. Figure 31 shows a level 1 area configuration.
Figure 31: Configuring a Level 1 Area
The following example shows the commands to configure a level 1 area:
The following example displays a level 1 area configuration:
5.9.5.2. Example 2: Modifying Router Level Capability
In the previous example, ALU-A, ALU-B, and ALU-C are configured as level 1 systems. Level 1 systems communicate with other level 1 systems in the same area. In this example, ALU-A is modified to set the level capability to level 1/2. Now the level 1 systems in the area with NET 49.0180.0001 forward PDUs to ALU-A for destinations that are not in the local area, as shown in Figure 32.
Figure 32: Configuring a Level 1/2 Area
The following example shows the commands to configure a level 1/2 area for ALU-A:
5.9.5.3. Interface Level Capability
The level capability value configured on the interface level is compared to the level capability value configured on the global level to determine the type of adjacencies that can be established. The default value for 7705 SAR routers and interfaces is level 1/2. Table 62 lists capability combinations and the potential adjacencies that can be formed.
Table 62: Potential Adjacency Capabilities
Global Level | Interface Level | Potential Adjacency |
Level 1/2 | Level 1/2 | Level 1 and/or level 2 |
Level 1/2 | Level 1 | Level 1 only |
Level 1/2 | Level 2 | Level 2 only |
Level 2 | Level 1/2 | Level 2 only |
Level 2 | Level 2 | Level 2 only |
Level 2 | Level 1 | None |
Level 1 | Level 1/2 | Level 1 only |
Level 1 | Level 2 | None |
Level 1 | Level 1 | Level 1 only |
5.9.6. Configuring Authentication
Authentication must be explicitly configured and can be done using two separate mechanisms:
- configuration of an explicit authentication key and algorithm using the authentication-key and authentication-type commands in the IS-IS global or IS-IS level contexts; configuration of a Hello PDU authentication key using the hello-authentication-key and hello-authentication-type commands in the IS-IS interface and IS-IS interface level contexts
- configuration of an authentication keychain using the auth-keychain command in the config>system>security>keychain context and associating the keychain in the applicable IS-IS contexts
Either the authentication-key command or the auth-keychain command can be used by IS-IS, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
Use the following CLI syntax to configure authentication:
Use the following CLI syntax to associate IS-IS at the global level or IS-IS level with an authentication keychain and to associate an IS-IS interface or interface level with a Hello authentication keychain. The keychain must already be defined in the system>security>keychain context.
5.9.7. Configuring Leaking
IS-IS allows a two-level hierarchy to route PDUs. Level 1 areas can be interconnected by a contiguous level 2 backbone.
The level 1 link-state database contains information only about that area. The level 2 link-state database contains information about the level 2 system and each of the level 1 systems in the area. A level 1/2 router contains information about both level 1 and level 2 databases. A level 1/2 router advertises information about its level 1 area toward the other level 1/2 or level 2 routers.
Packets with destinations outside the level 1 area are forwarded toward the closest level 1/2 router which, in turn, forwards the packets to the destination area.
Sometimes the shortest path to an outside destination is not through the closest level 1/2 router, or the only level 1/2 router to forward packets out of an area is not operational. Route leaking provides a mechanism to leak level 2 information to level 1 routers to provide routing information regarding inter-area routes. Route leaking therefore gives a level 1 router more options to forward packets.
Configure a route policy to leak routes from level 2 into level 1 areas in the config> router>policy-options>policy-statement context. For more information on creating route policies, refer to the 7705 SAR Router Configuration Guide.
The following example shows the commands to configure prefix list (“loops”) and policy statement (“leak”) parameters in the config>router context.
The following example displays a prefix list and policy statement configuration:
Next, apply the policy in order to leak routes from level 2 into level 1 routers on ALU-A:
Then, after the policy is applied, create a policy statement (“isis-ext”) to redistribute external IS-IS routes from level 1 routers into the level 2 backbone (see Redistributing External IS-IS Routes). In the config>router context, configure the following policy statement parameters:
5.9.8. Redistributing External IS-IS Routes
By default, IS-IS does not redistribute level 1 external routes into level 2. The policy to redistribute external IS-IS routes must be explicitly applied. Policies are created in the config>router>policy-options context. Refer to the 7705 SAR Router Configuration Guide for information on creating policies.
The following example displays the policy statement configuration:
5.9.9. Configuring IS-IS Support for LDP-to-SR Stitching
Configure the export-tunnel-table command using the following CLI syntax to support LDP-to-SR stitching.
The following example displays the LDP-to-SR stitching IS-IS configuration output.
5.9.10. Configuring an SR Mapping Server for IPv4 /32 Prefixes
Use the following CLI syntax to configure an SR mapping server for IPv4 /32 prefixes
The following is an example of an SR mapping server configuration.
The following example displays the SR mapping server configuration.
5.10. IS-IS Configuration Management Tasks
This section discusses the following IS-IS configuration management tasks:
5.10.1. Disabling IS-IS
The shutdown command disables an IS-IS instance on the router. The configuration settings are not changed, reset, or removed.
Use the following CLI syntax to disable an IS-IS instance on a router:
5.10.2. Removing IS-IS
The no isis command deletes an IS-IS instance and reverts its configuration to default values for its next use.
Use the following CLI syntax to remove an IS-IS instance:
5.10.3. Modifying Global IS-IS Parameters
You can modify, disable, or remove global IS-IS parameters without shutting down entities. The changes are applied immediately. Modifying the level capability on the global level causes the IS-IS instance to restart.
The following example displays an IS-IS global parameter modification.
The following example displays the IS-IS configuration with the modifications entered in the previous example:
5.10.4. Modifying IS-IS Interface Parameters
You can modify, disable, or remove interface level IS-IS parameters without shutting down entities. Changes take effect immediately. Modifying the level capability on the interface causes the IS-IS instance on the interface to restart.
To remove an interface, use the no interface ip-int-name command.
To disable an interface, use the shutdown command in the interface context.
The following example displays an IS-IS interface parameter modification.
The following example displays the IS-IS configuration with the modifications entered in the previous example: