5.6. Configuring IS-IS with CLI

This section provides information to configure the Intermediate System-to-Intermediate System (IS-IS) protocol using the command line interface.

Topics in this section include:

5.7. IS-IS Configuration Overview

The 7705 SAR supports multi-instance IS-IS (MI-IS-IS). For IS-IS to operate on 7705 SAR routers, IS-IS must be explicitly enabled for each instance, and at least one area address and interface must be configured for the instance. If IS-IS is enabled but no area address or interface is configured, no routes are exchanged. When at least one area address and interface are configured, adjacencies can be formed and routes exchanged.

5.8. Basic IS-IS Configuration

The basic IS-IS configuration tasks that must be performed are:

  1. enable IS-IS
  2. modify the level capability on the global level from the default level 1/2 (if required)
  3. define area addresses
  4. configure IS-IS interfaces

The following output displays IS-IS default values:

Dut-B>config>router>isis# info detail
----------------------------------------------
            no router-id
            level-capability level-1/2
            no auth-keychain
            no authentication-key
            no authentication-type
            authentication-check
            csnp-authentication
            no ignore-lsp-errors
            lsp-lifetime 1200
            lsp-mtu-size 1492
            no database-export
            no overload
            no overload-on-boot
            no export
            hello-authentication
            psnp-authentication
            no traffic-engineering
            no reference-bandwidth
            no disable-ldp-sync
            no advertise-router-capability
            no rsvp-shortcut
            no advertise-tunnel-link
            no ignore-attached-bit
            no suppress-attached-bit
            no iid-tlv-enable
            no poi-tlv-enable
            loopfree-alternate
            no loopfree-alternate-exclude
            ipv4-routing
            no ipv6-routing
            no unicast-import-disable ipv4
            no multicast-import ipv4
            no strict-adjacency-check
            entropy-label
                override-tunnel-elc
            exit
            timers
                lsp-wait 5000 lsp-initial-wait 10 lsp-second-wait 1000
                spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000
            exit
            level 1
                advertise-router-capability
                no auth-keychain
                no authentication-key
                no authentication-type
                csnp-authentication
                no database-export-exclude
                external-preference 160
                hello-authentication
                no loopfree-alternate-exclude
                preference 15
                psnp-authentication
                no wide-metrics-only
            exit
            level 2
                advertise-router-capability
                no auth-keychain
                no authentication-key
                no authentication-type
                csnp-authentication
                no database-export-exclude
                external-preference 165
                hello-authentication
                no loopfree-alternate-exclude
                preference 18
                psnp-authentication
                no wide-metrics-only
            exit
            segment-routing
                shutdown
                adj-sid-hold 15
                entropy-label enable
                export-tunnel-table ldp
                no prefix-sid-range
                tunnel-table-pref 11
                no tunnel-mtu
                mapping-server
                    shutdown
                exit
            exit
            no shutdown
----------------------------------------------
Dut-B>config>router>isis#

5.9. Configuring IS-IS Components

The following sections show the CLI syntax for:

5.9.1. Enabling IS-IS

An IS-IS instance must be enabled in order for the protocol to be active. If the isis command is used without an isis-instance specified, the default (“base”) instance is used.

Note:

Careful planning is essential when implementing commands that can affect the behavior of global and interface levels.

To configure an IS-IS instance on a router, enter the following command:

CLI Syntax:
config
router router-name
isis [isis-instance]

5.9.2. Configuring an IS-IS Instance Level

When an IS-IS instance is enabled, the global default level capability is level 1/2. This means that the instance operates with both level 1 and level 2 routing capabilities. To change the default value in order for the instance to operate as a level 1 router or a level 2 router only, you must explicitly modify the level-capability value.

Select level-1 to route traffic only within an area. Select level-2 to route traffic to destinations outside an area, toward other eligible level 2 routers.

If the level-capability is modified, the protocol restarts, which will likely affect adjacencies and routes.

The level-capability value can be configured at the global level and on a per-interface level. The level-capability value determines which level values can be assigned on the router instance level or on an interface level.

The level command lets you configure parameters for level 1 or level 2 instances (or both).

To configure the router instance level, enter the following command:

CLI Syntax:
config>router# isis [isis-instance]
level-capability {level-1 | level-2 | level-1/2}
level (1 | 2)

The following example displays a level configuration:

A:ALU-A>config>router>isis# info
----------------------------------------------
     level-capability level-1/2
     level 1
          no hello-authentication
          preference 150
     level 2
          preference 200
----------------------------------------------
A:ALU-A>config>router>isis#

If the default value is not modified on any routers in the area, the routers try to form both level 1 and level 2 adjacencies on all IS-IS interfaces. If the default values are modified to level 1 or level 2, the number of adjacencies formed are limited to that level only. See Interface Level Capability for information on the types of adjacencies that can be established depending on the global and interface level values.

5.9.3. Configuring ISO Area Addresses

The area-id command specifies the area address portion of the NET, which is used to define the IS-IS area to which the router will belong. At least one area ID must be configured per instance for each router participating in IS-IS; a maximum of three area IDs are supported. Use the following syntax to configure an ISO area address.

For more information on area addresses, see ISO Network Addressing.

CLI Syntax:
config>router# isis [isis-instance]
area-id area-address

The following example shows the commands to configure the area ID.

Example:
config>router>isis#
config>router>isis# area-id 49.0180.0001
config>router>isis# area-id 49.0180.0002
config>router>isis# area-id 49.0180.0003

The following example displays an area ID configuration:

A:ALU-A>config>router>isis# info
----------------------------------------------
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
----------------------------------------------
A:ALU-A>config>router>isis#

5.9.4. Configuring Global IS-IS Parameters

Commands and parameters configured on the global level are inherited by the interface levels. Parameters specified in the interface configuration override the global configuration for that interface.

Use the following syntax to configure global IS-IS parameters:

CLI Syntax:
config>router# isis [isis-instance]
level-capability {level-1 | level-2 | level-1/2}
[no] authentication-check
authentication-key {authentication-key | hash-key} [hash | hash2]
authentication-type {password | message-digest}
overload [timeout seconds]
traffic-engineering

The following example displays a global level configuration:

A:ALU-A>config>router>isis# info
----------------------------------------------
     level-capability level-2
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
     authentication-key "H5vv6WrAAQU" hash
     authentication-type password
     overload timeout 90
     traffic-engineering
----------------------------------------------
A:ALU-A>config>router>isis#

5.9.5. Configuring Interface Parameters

By default, there are no interfaces associated with IS-IS. You must configure at least one IS-IS interface in order for IS-IS to work. An interface belongs to all areas configured on a router. Interfaces cannot belong to separate areas.

To enable IS-IS on an interface, first configure an IP interface in the config>router>interface context. Then, apply the interface in the config>router>isis>interface context.

The level-capability value can be configured on an interface. The default value is level 1/2. You can configure both level 1 parameters and level 2 parameters on an interface. The level-capability value determines which level values are used.

Note:

For point-to-point interfaces, only the values configured under level 1 are used, regardless of the operational level of the interface.

Use the following syntax to configure interface parameters:

CLI Syntax:
config>router# isis [isis-instance]
level {1 | 2}
[no] wide-metrics-only
interface ip-int-name
level-capability {level-1 | level-2 | level-1/2}
mesh-group [value | blocked]
interface-type {broadcast | point-to-point}

The following example displays a global level and interface configuration:

----------------------------------------------
A:ALU-A>config>router>isis# info
     level-capability level-2
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
     authentication-key "H5vv6WrAAQU" hash
     authentication-type password
     traffic-engineering
     level 1
          wide-metrics-only
     exit
     level 2
          wide-metrics-only
     exit
     interface "system"
     exit
     interface "ALU-1-2"
          level-capability level-2
          mesh-group 85
     exit
     interface "ALU-1-3"
          level-capability level-1
          interface-type point-to-point
          mesh-group 101
     exit
     interface "ALU-1-5"
          level-capability level-1
          interface-type point-to-point
          mesh-group 85
     exit
     interface "to-103"
          mesh-group 101
     exit
----------------------------------------------
A:ALU-A>config>router>isis#

5.9.5.1. Example 1: Configuring a Level 1 Area

Interfaces are configured in the config>router>interface context. Figure 31 shows a level 1 area configuration.

Figure 31:  Configuring a Level 1 Area 

The following example shows the commands to configure a level 1 area:

Example:
A:ALU-A>config>router# isis
..>isis# area-id 49.0180.0001
..>isis# level-capability level-1
..>isis# interface system
..>isis>if# exit
..>isis# interface “A-B”
..>isis>if# exit
..>isis# interface “A-C”
..>isis>if# exit
..>isis#
A:ALU-B>config>router# isis
..>isis# area-id 49.0180.0001
..>isis# level-capability level-1
..>isis# interface system
..>isis>if# exit
..>isis# interface “B-A”
..>isis>if# exit
..>isis# interface “B-C”
..>isis>if# exit
..>isis#
A:ALU-C>config>router# isis
..>isis# area-id 49.0180.0001
..>isis# level-capability level-1
..>isis# interface system
..>isis>if# exit
..>isis# interface "C-A"
..>isis>if# exit
..>isis# interface "C-B"
..>isis>if# exit

The following example displays a level 1 area configuration:

A:ALU-A>config>router>isis# info
----------------------------------------------
     level-capability level-1
     area-id 49.0180.0001
     interface "system"
     exit
     interface "A-B"
     exit
     interface "A-C"
     exit
----------------------------------------------
A:ALU-A>config>router>isis#
 
A:ALU-B>config>router>isis# info
----------------------------------------------
     level-capability level-1
     area-id 49.0180.0001
     interface "system"
     exit
     interface "B-A"
     exit
     interface "B-C"
     exit
----------------------------------------------
A:ALU-B>config>router>isis#
 
A:ALU-C>config>router>isis# info
#------------------------------------------
echo "ISIS"
----------------------------------------------
     level-capability level-1
     area-id 49.0180.0001
     interface "system"
     exit
     interface "C-A"
     exit
     interface "C-B"
     exit
----------------------------------------------
A:ALU-C>config>router>isis#

5.9.5.2. Example 2: Modifying Router Level Capability

In the previous example, ALU-A, ALU-B, and ALU-C are configured as level 1 systems. Level 1 systems communicate with other level 1 systems in the same area. In this example, ALU-A is modified to set the level capability to level 1/2. Now the level 1 systems in the area with NET 49.0180.0001 forward PDUs to ALU-A for destinations that are not in the local area, as shown in Figure 32.

Figure 32:  Configuring a Level 1/2 Area 

The following example shows the commands to configure a level 1/2 area for ALU-A:

Example:
A:ALU-A>config>router# isis
..>isis# level-capability level-1/2

5.9.5.3. Interface Level Capability

The level capability value configured on the interface level is compared to the level capability value configured on the global level to determine the type of adjacencies that can be established. The default value for 7705 SAR routers and interfaces is level 1/2. Table 62 lists capability combinations and the potential adjacencies that can be formed.

Table 62:  Potential Adjacency Capabilities 

Global Level

Interface Level

Potential Adjacency

Level 1/2

Level 1/2

Level 1 and/or level 2

Level 1/2

Level 1

Level 1 only

Level 1/2

Level 2

Level 2 only

Level 2

Level 1/2

Level 2 only

Level 2

Level 2

Level 2 only

Level 2

Level 1

None

Level 1

Level 1/2

Level 1 only

Level 1

Level 2

None

Level 1

Level 1

Level 1 only

5.9.6. Configuring Authentication

Authentication must be explicitly configured and can be done using two separate mechanisms:

  1. configuration of an explicit authentication key and algorithm using the authentication-key and authentication-type commands in the IS-IS global or IS-IS level contexts; configuration of a Hello PDU authentication key using the hello-authentication-key and hello-authentication-type commands in the IS-IS interface and IS-IS interface level contexts
  2. configuration of an authentication keychain using the auth-keychain command in the config>system>security>keychain context and associating the keychain in the applicable IS-IS contexts

Either the authentication-key command or the auth-keychain command can be used by IS-IS, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.

Use the following CLI syntax to configure authentication:

CLI Syntax:
config>router# isis [isis-instance]
[no] authentication-check
authentication-key {authentication-key | hash-key} [hash | hash2]
authentication-type {password | message-digest}
[no] hello-authentication
level {1 | 2}
authentication-key {authentication-key | hash-key} [hash | hash2]
authentication-type {password | message-digest}
CLI Syntax:
config>router# isis [isis-instance]
interface ip-int-name
[no] hello-authentication
hello-authentication-key {authentication-key | hash-key} [hash | hash2]
hello-authentication-type {password | message-digest}
level {1 | 2}
hello-authentication-key {authentication-key | hash-key} [hash | hash2]
hello-authentication-type {password | message-digest}

Use the following CLI syntax to associate IS-IS at the global level or IS-IS level with an authentication keychain and to associate an IS-IS interface or interface level with a Hello authentication keychain. The keychain must already be defined in the system>security>keychain context.

CLI Syntax:
config>router# isis [isis-instance]
auth-keychain name
level {1 | 2}
auth-keychain name
CLI Syntax:
config>router# isis [isis-instance]
interface ip-int-name
hello-auth-keychain name
level {1 | 2}
hello-auth-keychain name

5.9.7. Configuring Leaking

IS-IS allows a two-level hierarchy to route PDUs. Level 1 areas can be interconnected by a contiguous level 2 backbone.

The level 1 link-state database contains information only about that area. The level 2 link-state database contains information about the level 2 system and each of the level 1 systems in the area. A level 1/2 router contains information about both level 1 and level 2 databases. A level 1/2 router advertises information about its level 1 area toward the other level 1/2 or level 2 routers.

Packets with destinations outside the level 1 area are forwarded toward the closest level 1/2 router which, in turn, forwards the packets to the destination area.

Sometimes the shortest path to an outside destination is not through the closest level 1/2 router, or the only level 1/2 router to forward packets out of an area is not operational. Route leaking provides a mechanism to leak level 2 information to level 1 routers to provide routing information regarding inter-area routes. Route leaking therefore gives a level 1 router more options to forward packets.

Configure a route policy to leak routes from level 2 into level 1 areas in the config> router>policy-options>policy-statement context. For more information on creating route policies, refer to the 7705 SAR Router Configuration Guide.

The following example shows the commands to configure prefix list (“loops”) and policy statement (“leak”) parameters in the config>router context.

Example:
config>router>policy-options# prefix-list loops
..>policy-options>prefix-list# prefix 10.1.1.0/8 longer
..>policy-options>prefix-list# exit
..>policy-options# policy-statement leak
..>policy-options>policy-statement# entry 10
..>policy-options>policy-statement>entry# from
..>policy-options>policy-statement>entry>from# prefix-   list loops
..>policy-options>policy-statement>entry>from# level 2
..>policy-options>policy-statement>entry>from# exit
..>policy-options>policy-statement>entry# to
..>policy-options>policy-statement>entry>to# level 1
..>policy-options>policy-statement>entry>to# exit
..>policy-options>policy-statement>entry# action accept
..>policy-options>policy-statement>entry>action# exit
..>policy-options>policy-statement>entry# exit
..>policy-options>policy-statement# exit
..>policy-options# commit
..>policy-options#

The following example displays a prefix list and policy statement configuration:

A:ALU-A>config>router>policy-options# info
----------------------------------------------
     prefix-list "loops"
          prefix 10.1.1.0/8 longer
     exit
     policy-statement "leak"
          entry 10
               from
                    prefix-list "loop"
                    level 2
               exit
               to
                    level 1
               exit
               action accept
               exit
          exit
     exit
----------------------------------------------
A:ALU-A>config>router>policy-options#

Next, apply the policy in order to leak routes from level 2 into level 1 routers on ALU-A:

CLI Syntax:
config>router# isis [isis-instance]
export leak
A:ALU-A>config>router>isis# info
----------------------------------------------
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
     authentication-key "//oZrvL4FPn06nyRIJ5E" hash
     authentication-type password
     no authentication-check
     export "leak"
...
----------------------------------------------
A:ALU-A>config>router>isis#

Then, after the policy is applied, create a policy statement (“isis-ext”) to redistribute external IS-IS routes from level 1 routers into the level 2 backbone (see Redistributing External IS-IS Routes). In the config>router context, configure the following policy statement parameters:

Example:
config>router>policy-options# begin
..>policy-options# policy-statement "isis-ext"
..>policy-options>policy-statement# entry 10
..>policy-options>policy-statement>entry$ from
..>policy-options>policy-statement>entry>from$ external
..>policy-options>policy-statement>entry>from# exit
..>policy-options>policy-statement>entry# to
..>policy-options>policy-statement>entry>to$ level 2
..>policy-options>policy-statement>entry>to# exit
..>policy-options>policy-statement>entry# action accept
..>policy-options>policy-statement>entry>action# exit
..>policy-options>policy-statement>entry# exit
..>policy-options>policy-statement# exit
..>policy-options# commit

5.9.8. Redistributing External IS-IS Routes

By default, IS-IS does not redistribute level 1 external routes into level 2. The policy to redistribute external IS-IS routes must be explicitly applied. Policies are created in the config>router>policy-options context. Refer to the 7705 SAR Router Configuration Guide for information on creating policies.

The following example displays the policy statement configuration:

A:ALU-A>config>router>policy-options# info
----------------------------------------------
     prefix-list "loops"
          prefix 10.1.1.0/8 longer
     exit
     policy-statement "leak"
          entry 10
            from
                 prefix-list "loop"
                 level 2
            exit
            to
                 level 1
            exit
            action accept
            exit
          exit
     exit
     policy-statement "isis-ext"
          entry 10
            from
                 external
            exit
            to
                 level 2
            exit
            action accept
            exit
          exit
     exit
----------------------------------------------
A:ALU-A>config>router>policy-options#

5.9.9. Configuring IS-IS Support for LDP-to-SR Stitching

Configure the export-tunnel-table command using the following CLI syntax to support LDP-to-SR stitching.

CLI Syntax:
config>router# isis
segment-routing
export-tunnel-table ldp

The following example displays the LDP-to-SR stitching IS-IS configuration output.

A:NOK-1 Dut-A>config>router>isis# info detail
----------------------------------------------
            ....
            segment-routing
                ....
                export-tunnel-table ldp
                ....
                exit
            exit
            no shutdown
----------------------------------------------
A:NOK-1 Dut-A>config>router>isis#

5.9.10. Configuring an SR Mapping Server for IPv4 /32 Prefixes

Use the following CLI syntax to configure an SR mapping server for IPv4 /32 prefixes

CLI Syntax:
config>router# isis [isis-instance]
segment-routing
mapping-server
sid-map node-sid {index value [range value]} prefix {ip-address/mask | ip-address netmask} [set-flags {s}] [level {1 | 2 | 1/2}]

The following is an example of an SR mapping server configuration.

Example:
config>router>isis 1
config>router>isis$ segment-routing
config>router>isis>segm-rtng$ mapping-server
config>router>isis>segm-rtng>map-serv$ sid-map node-sid index 10 range 10 prefix 10.10.10.10/32 set-flags s level 1
config>router>isis>segm-rtng>map-serv$ exit
config>router>isis>segm-rtng$ exit
config>router>isis$ exit

The following example displays the SR mapping server configuration.

A:NOK-1 Dut-A>config>router>isis# info detail
----------------------------------------------
            ...
            segment-routing
                mapping-server
                    shutdown
                    sid-map node-sid index 10 range 10 prefix 10.10.10.10/32 set-
                    flags s level 1
                exit
            exit
            no shutdown
----------------------------------------------
A:NOK-1 Dut-A>config>router>isis#

5.10. IS-IS Configuration Management Tasks

This section discusses the following IS-IS configuration management tasks:

5.10.1. Disabling IS-IS

The shutdown command disables an IS-IS instance on the router. The configuration settings are not changed, reset, or removed.

Use the following CLI syntax to disable an IS-IS instance on a router:

CLI Syntax:
config>router# isis [isis-instance]
shutdown

5.10.2. Removing IS-IS

The no isis command deletes an IS-IS instance and reverts its configuration to default values for its next use.

Use the following CLI syntax to remove an IS-IS instance:

CLI Syntax:
config>router#
no isis [isis-instance]

5.10.3. Modifying Global IS-IS Parameters

You can modify, disable, or remove global IS-IS parameters without shutting down entities. The changes are applied immediately. Modifying the level capability on the global level causes the IS-IS instance to restart.

The following example displays an IS-IS global parameter modification.

Example:
config>router>isis# overload timeout 500
config>router>isis# level-capability level-1/2
config>router>isis# no authentication-check
config>router>isis# authentication-key raider123

The following example displays the IS-IS configuration with the modifications entered in the previous example:

A:ALU-A>config>router>isis# info
----------------------------------------------
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
     authentication-key "//oZrvtvFPn06nyRIJ5E" hash
     authentication-type password
     no authentication-check
     overload timeout 500
     level 1
          wide-metrics-only
     exit
     level 2
          wide-metrics-only
     exit
     interface "system"
     exit
     interface "ALU-1-2"
          level-capability level-2
          mesh-group 85
     exit
     interface "ALU-1-3"
          level-capability level-1
          interface-type point-to-point
          mesh-group 101
     exit
     interface "ALU-1-5"
          level-capability level-1
          interface-type point-to-point
          mesh-group 85
     exit
     interface "to-103"
          mesh-group 101
     exit
     interface "A-B"
     exit
     interface "A-C"
     exit

5.10.4. Modifying IS-IS Interface Parameters

You can modify, disable, or remove interface level IS-IS parameters without shutting down entities. Changes take effect immediately. Modifying the level capability on the interface causes the IS-IS instance on the interface to restart.

To remove an interface, use the no interface ip-int-name command.

To disable an interface, use the shutdown command in the interface context.

The following example displays an IS-IS interface parameter modification.

Example:
config>router# isis
config>router>isis# interface ALU-1-3
config>router>isis>if# mesh-group 85
config>router>isis>if# passive
config>router>isis>if# lsp-pacing-interval 5000
config>router>isis>if# exit
config>router>isis# interface to-103
config>router>isis>if# hello-authentication-type message-digest
config>router>isis>if# hello-authentication-key 49ersrule
config>router>isis>if# exit

The following example displays the IS-IS configuration with the modifications entered in the previous example:

A:ALU-A>config>router>isis# info
----------------------------------------------
     area-id 49.0180.0001
     area-id 49.0180.0002
     area-id 49.0180.0003
     authentication-key "//oZrvtvFPn06nyRIJ5E" hash
     authentication-type password
     no authentication-check
     overload timeout 500
     level 1
          wide-metrics-only
     exit
     level 2
          wide-metrics-only
     exit
     interface "system"
     exit
     interface "ALU-1-2"
          level-capability level-2
          mesh-group 85
     exit
     interface "ALU-1-3"
          level-capability level-1
          interface-type point-to-point
          lsp-pacing-interval 5000
          mesh-group 85
          passive
     exit
     interface "ALU-1-5"
          level-capability level-1
          interface-type point-to-point
          mesh-group 85
     exit
     interface "to-103"
          hello-authentication-key "DvR5l2xxB6XMTvbAZ1mE" hash
          hello-authentication-type message-digest
          mesh-group 101
     exit
     interface "A-B"
     exit
----------------------------------------------
A:ALU-A>config>router>isis#