![]() ![]() |
7.5 | ![]() |
Configuration of Integrated IS-IS | |
7.5.1 | ![]() |
Basic configuration of Integrated IS-IS |
As with any routing protocol, the first
step is to plan out the logical topology, the addressing scheme, and the
participating interfaces. Once this initial step is complete,
Integrated IS-IS can be configured on the network. To enable Integrated IS-IS on a router for IP routing is easy. There
are many more commands used to tune the IS-IS processes. However, only
the following three commands are required to start Integrated IS-IS:
These commands enable Integrated IS-IS on the router. However, further commands may be required to tune the IS-IS operation. To troubleshoot Integrated IS-IS, even in an IP-only world, requires some investigation of CLNS data. For example, the IS-IS neighbor relationships are established over OSI, not over IP. To view IS-IS neighbors requires using the show clns neighbors command. Two ends of a CLNS adjacency can actually have IP addresses on different subnets, with no impact on the operation of IS-IS. However, IP next-hop resolution could be an issue.
Figure
Informative
show
command output for this topology is
displayed in Figures
For added security, configure IS-IS passwords for areas or domains. The area authentication password is inserted in L1, which is the station router level, LSPs, CSNPs, and PSNPs. The routing domain authentication password is inserted in L2, which is the area router level, LSPs, CSNPs, and PSNPs. To configure area or domain authentication passwords, respectively, use the following commands in router configuration mode:
Authentication for an interface can also be configured using the isis password interface configuration command. This command gives the ability to prevent unauthorized routers from forming adjacencies with this router, and therefore, protects the network from intruders. The password is exchanged as plain text and in this way provides only limited security. Different passwords can be assigned for different routing levels using the level-1 and level-2 keyword arguments. Specifying the level-1 or level-2 keyword enables the password only for L1 or L2 routing, respectively. Lastly, as with OSPF, aggregate addresses can be created with IS-IS, which are represented in the routing table by a summary address. One summary address can include multiple groups of addresses for a given level. Routes learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the more specific routes. To create a summary of addresses for a given level, use the command summary-address address mask {level-1 | level-1-2 | level-2} in router configuration mode.
|