Configuring IS-IS in Gaia Clish

Important - On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must run the applicable commands in GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish of the applicable Security Group.

Workflow

  1. Connect to the command line.

  2. Log into Gaia Clish.

  3. Configure the Global Options:

    1. Configure the System ID.

    2. Add at least one Area.

    3. Optional: Configure other global options as required in your IS-IS domain.

      See Configuring IS-IS Global Options.

  4. Configure IS-IS interfaces:

    1. Configure at least one interface with an IS-IS address family.

    2. Optional: Configure other interface options as required in your IS-IS domain.

      See Configuring IS-IS Interfaces.

  5. Save the configuration.

Configuring IS-IS Global Options

Global settings apply to the IS-IS router as a whole.

Some options may be configured for each IS-IS level separately.

By default, if you do not specify the level, the configuration applies to 'Level 1' and 'Level 2'.

If you specify the IS-IS level, the configuration applies only to that level.

The output of the "show configuration" command shows the configuration for each IS-IS level.

set isis

      adjacency-check {on | off | default}

      area <IS-IS area ID> {on | off}

      authentication ignore <Packet Type> {on | off} [level {1 | 2}]

      authentication mode

            cryptographic

                  active-key <1-255> [level {1 | 2}]

                  key <1-255> algorithm <Algorithm>

                        encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                        secret <Clear Text Password> [level {1 | 2}]

            md5

                  active-key <1-255> [level {1 | 2}]

                  key <1-255>

                        encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                        secret <Clear Text Password> [level {1 | 2}]

            none

            simple

                  encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                  secret <Clear Text Password> [level {1 | 2}]

      default-metric {<1-16777214> | default} [level {1 | 2}]

      dynamic-hostname {on | off | default}

      export-routemap <Name of Routemap>

            off [level {1 | 2}]

            preference <1-65535>

                  family {inet | inet6 | inet-and-inet6} on [level {1 | 2}]

                  on [level {1 | 2}]

      hello padding {always | off | smart} [interface-type {broadcast | point-to-point}]

      ignore-attached-bit {on | off | default}

      is-type {level-1 | level-2 | level-1-2}

      lsp

            gen-interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

            lifetime {<1-65535> | default}

            mtu {<128-16000> | default}

            refresh-interval {<1-65535> | default}

      max-areas {<3-254> | default}

      metric-type {wide | narrow | transition} [level {1 | 2}]

      overload-bit {on | off}

      prc-interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

      spf interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

      system-id <ISO System ID>

Parameter

Description

adjacency-check {on | off | default}

Enables (on) or disables (off) the strict protocol checking with IS-IS neighbors.

During the normal operation, IS-IS neighbors should agree on which IP protocols they run (IPv4 only, IPv6 only, or the two of them).

In some cases, it may be necessary to run IS-IS between neighbors that do not run the same protocols (for example, maintaining adjacencies while migrating an IPv4-only IS-IS environment to an environment with IPv4 and IPv6).

If you turn off this feature, this IS-IS router forms adjacencies with neighbors that do not match the list of IP protocols this IS-IS router uses for IS-IS.

Options:

  • on - Enforces the strict protocol checking

  • off - Does not enforce the strict protocol checking

Default:

  • on

area <IS-IS area ID> {on | off}

Adds (on) or removes (off) an ISO area address for this IS-IS router.

An area address is a variable-length string ranging from 1 to 13 bytes.

The first byte of the area address can be two digits (00 to 99).

The rest of the area address is represented as a hex string, separated on two-byte boundaries by a "." (period).

An IS-IS router's configured areas determine whether to form 'Level 1' adjacencies with other routers.

An IS-IS router may belong to multiple areas, up to the configured maximum number of area addresses.

Example area addresses:

  • 49

  • 12.34

  • 99.1a2b.3c4d

  • 55.ff.1234.abcd

authentication ignore <Packet Type> {on | off} [level {1 | 2}]

Controls whether this IS-IS router ignores (on) or not (off) the authentication of specific types of the incoming IS-IS packets. If this IS-IS router ignores the authentication for a packet type, then this IS-IS router accepts the packets regardless of any authentication parameters.

Packet Types:

  • all - Controls whether to ignore authentication of all IS-IS packets

  • csnp - Controls whether to ignore authentication of CSNP packets

  • hello - Controls whether to ignore authentication of Hello packets

  • lsp - Controls whether to ignore authentication of LSP packets

  • none - Resets the ignore configuration (authenticates all packets)

  • psnp - Controls whether to ignore authentication of PSNP packets

Options:

  • on - Ignores authentication for the specified packet type

  • off - Does not ignore authentication for the specified packet type

Default:

  • off

Note - If you configured "on" for the specific packet types, and then it is necessary to configure "off" for those specific packet types, then you must do so explicitly for each packet type.

Configuring "off" for the packet type "all" does not restore the "off" setting for those specific packet types.

To restore the "off" setting for all packet types, use this command:

set isis authentication ignore none

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode <Mode> <options> [level {1 | 2}]

Configures IS-IS authentication for the incoming and outgoing LSP, CSNP, and PSNP packets.

You can configure IS-IS authentication for 'Hello' packets with interface authentication.

When you configure an authentication mode, this IS-IS router authenticates all outgoing LSP, CSNP, and PSNP packets using the configured mode.

Level authentication:

  • 'Level 1' authentication applies to all 'Level 1' IS-IS packets - LSP, CSNP, and PSNP.

  • 'Level 2' authentication applies to all 'Level 2' IS-IS packets - LSP, CSNP, and PSNP.

Important:

  • You can configure only one authentication mode per level at a time.

  • Configuration of a new authentication mode removes the previous mode's configuration.

Note - By default, this IS-IS router also authenticates all incoming IS-IS packets.

You can disable this behavior with this Gaia Clish command:

set isis authentication ignore <Packet Type> {on | off} [level {1 | 2}]

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode simple secret <Clear Text Password> [level {1 | 2}]

Enables the simple (plaintext) authentication for IS-IS packets.

This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

If neighbor routers detect a mismatch in authentication, they drop the packets that have mismatched authentication.

This command encrypts the specified password and saves it in the Gaia database.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode simple encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the simple (plaintext) authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

set isis authentication mode simple secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

If neighbor routers detect a mismatch in authentication, they drop the packets that have mismatched authentication.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode md5 key <1-255> secret <Clear Text Password> [level {1 | 2}]

Enables the HMAC MD5 authentication for IS-IS packets.

IS-IS packets include an MD5 digest of the packet, based on a configured secret key.

You configure this secret on the router. The router does not send this secret in plaintext.

As a result, this mode is more secure than the simple authentication.

This command encrypts the specified password and saves it in the Gaia database.

If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

Note - By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode md5 active-key <1-255> [level {1 | 2}

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode md5 key <1-255> encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the HMAC MD5 authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

set isis authentication mode md5 key <1-255> secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

You configure this secret on the router. The router does not send this secret in plaintext.

As a result, this mode is more secure than the simple authentication.

If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

Note - By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode md5 active-key <1-255> [level {1 | 2}

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode cryptographic key <1-255> algorithm <Algorithm> secret <Clear Text Password> [level {1 | 2}]

Enables the cryptographic authentication for IS-IS packets.

When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

Supported Cryptographic Algorithms:

  • hmac-sha-1

  • hmac-sha-256

  • hmac-sha-384

  • hmac-sha-512

This command encrypts the specified password and saves it in the Gaia database.

Note - By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode cryptographic active-key <1-255> [level {1 | 2}]

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode cryptographic key <1-255> algorithm <Algorithm> encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the cryptographic authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

authentication mode cryptographic key <1-255> algorithm <Algorithm> secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

Supported Cryptographic Algorithms:

  • hmac-sha-1

  • hmac-sha-256

  • hmac-sha-384

  • hmac-sha-512

Note - By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode cryptographic active-key <1-255> [level {1 | 2}]

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication mode none [level {1 | 2}]

Disables authentication for IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

default-metric {<1-16777214> | default} [level {1 | 2}]

Configures the default metric for all IS-IS interfaces.

This IS-IS router uses this default metric, if you do not configure another metric explicitly.

Range:

  • 1 - 16777214 - Uses the wide metric type

  • 1 - 63 - Uses the narrow metric type

Default:

  • 10

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

dynamic-hostname {on | off | default}

Enables (on) or disables (off) the dynamic hostname mapping for IS-IS System IDs.

It may be difficult to remember an IS-IS System ID as a string of numbers.

IS-IS supports the sending of the hostname information between neighbor routers to associate a System ID with a hostname.

Options:

  • on - Sends the local hostname and accepts neighbors' hostnames

  • off - Does not send the local hostname and does not accept neighbors' hostnames

Default:

  • on

export-routemap {<options>}

Controls the export of routes into IS-IS.

For more details on how to use Gaia Clish to configure routemaps, refer to sk100501.

Route Maps determine which routes are exported and optionally modify various properties of the routes as they are exported.

Route Maps control which routes are accepted and/or announced.

Similar to Route Redistribution Rules, Route Maps can export routes from one or more protocols.

However, Route Maps have additional capabilities and provide finer-grained control.

Important - If Route Maps are configured for IS-IS, all Route Redistribution Rules related to IS-IS are disabled automatically.

export-routemap <Name of Routemap> off [level {1 | 2}]

Disables the export of routes into IS-IS for the specified routemap.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

export-routemap <Name of Routemap> preference <1-65535> family {inet | inet6 | inet-and-inet6} on [level {1 | 2}]

Enables the export of routes for the specific IP address family into IS-IS for the specified routemap.

For more details on how to use Gaia Clish to configure routemaps, refer to sk100501.

Options:

  • inet - For IPv4 routes only

  • inet6 - For IPv6 routes only

  • inet-and-inet6 - For IPv4 and IPv6 routes

Default:

  • inet-and-inet6

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

export-routemap <Name of Routemap> preference <1-65535> on [level {1 | 2}]

Enables the export of routes into IS-IS for the specified routemap.

For more details on how to use Gaia Clish to configure routemaps, refer to sk100501.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

hello padding {always | off | smart} [interface-type {broadcast | point-to-point}]

Configures how this IS-IS router adds the padding in its 'Hello' packets.

IS-IS does not advertise what its interface MTU is in 'Hello' packets.

Instead, it uses 'Hello' padding to make sure that neighbors have a matching MTU before they form an adjacency.

If the MTU between two neighbors does not match, the router with the lower MTU drops the padded 'Hello' packet as malformed and does not form an adjacency.

Options:

  • always - Always adds padding in each 'Hello' packet

  • off - Does not add padding in 'Hello' packets

  • smart - Adds padding in 'Hello' packets when forming a new adjacency

Default:

  • smart

Optional:

Use the additional "interface-type" parameter to apply the 'Hello' packet padding to a specific interface type.

If you do not use this parameter, the padding of 'Hello' packets applies to all interface types.

  • interface-type broadcast - Applies to broadcast interfaces only

  • interface-type point-to-point - Applies to point-to-point interfaces only

ignore-attached-bit {on | off | default}

Controls whether this IS-IS router ignores (on) or not (off) the attached bits configured by other 'Level 2'-connected IS-IS routers.

By default, 'Level 1-2' IS-IS routers do not send routes from 'Level 2' to 'Level 1'.

Instead, they configure an "attached bit" in their packets to 'Level 1' areas.

This attached bit shows that 'Level 1' routers should install a default route to the 'Level 2' router that configured it.

In some cases, it may be necessary to ignore these attached bits, and not to install a default route to 'Level 1-2' routers.

Options:

  • on - Does not install the default route to the "attached" routers

  • off - Installs the default route to the "attached" neighbors

Default:

  • off

is-type {level-1 | level-2 | level-1-2}

Configures the IS-IS levels, on which this IS-IS router works.

IS-IS 'Level 1' routers form adjacencies only with other IS-IS neighbors that are configured in the same area.

IS-IS 'Level 2' routers form adjacencies with other directly connected 'Level 2'-capable IS-IS routers, regardless of area.

IS-IS 'Level 1-2' routers form 'Level 1' and 'Level 2' adjacencies, where appropriate.

Best Practice - To conserve resources, configure an IS-IS router to work only on the level(s) that the IS-IS topology requires.

Options:

  • level-1 - Uses 'Level 1' only

  • level-2 - Uses 'Level 2' only

  • level-1-2 - Uses 'Level 1' and 'Level 2'

Default:

  • level-1-2

lsp gen-interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

Configures the delay before this IS-IS router generates an LSP packet again.

When an LSP must be generated again, it is delayed by a specified time period to prevent flooding the same LSP in rapid succession.

This configuration option determines how to calculate this delay.

This option uses an exponential backoff to determine the delay between events.

The delay before events after the "second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "max" periods, the router restores the delay to the "initial" value.

  • The "max" option:

    Specifies the maximum interval between two events

    • Range: 1 - 120 (seconds)

    • Default: 5

  • The "initial" option:

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 50

  • The "second" option:

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5000

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

lsp lifetime {<1-65535> | default}

Configures how long other IS-IS routers consider the LSP packets this IS-IS router generated to be valid.

IS-IS routers periodically update the LSP packets they generate to make sure these LSP packets are still valid.

Without this update, LSP packets eventually time out of neighbor routers' databases, and the routers remove the topology information related to these LSP.

The LSP lifetime determines how long an LSP is considered valid without an update.

Note - You must configure this value to be greater than the "lsp refresh-interval". You must configure a value that gives enough time between the lifetime and refresh interval to allow the refreshed LSP to propagate throughout the IS-IS domain before it can time out from any other router.

Range: 1 - 65535 (seconds)

Default: 1200

lsp mtu {<128-16000> | default}

Configures the maximum size of an LSP to send over any link.

Note - You must configure a value that is less than or equal to the smallest MTU of an interface that runs IS-IS, minus 8 bytes of overhead:

LSP MTU value <= (Smallest MTU of an interface that runs IS-IS) - (8 bytes of overhead)

For a standard Ethernet interface, this value is 1500 - 8 = 1492 bytes.

Range: 128 - 16000 (bytes)

Default: 1492

lsp refresh-interval {<1-65535> | default}

Configures how frequently this IS-IS router sends updates for its LSP packets.

IS-IS routers periodically update the LSP packets they generate to make sure these LSP packets are still valid.

Without this update, LSP packets eventually time out of neighbor routers' databases, and the routers remove the topology information related to these LSP.

Note - You must configure this value to be less than the "lsp lifetime". You must configure a value that gives enough time between the lifetime and refresh interval. This allows the refreshed LSP to propagate throughout the IS-IS domain before it can time out from any other router.

Range: 1 - 65535 (seconds)

Default: 900

max-areas {<3-254> | default}

Configures the maximum number of configurable areas for this IS-IS router.

The maximum number of configurable areas serves two purposes:

Shows to IS-IS neighbor routers (through a field in 'Hello' packets) the maximum number of areas, to which this IS-IS router belongs.

Shows the maximum number of configurable area addresses.

Note - The default value of 3 area addresses is sufficient to support most area migration scenarios.

Range: 3 - 254

Default: 3

metric-type {wide | narrow | transition} [level {1 | 2}]

Configures how this IS-IS router sends metric information to other IS-IS routers.

IS-IS has two metric types:

  • Wide - A new style of metric that supports 24 bits of data. This gives a maximum value of 16777215.

  • Narrow - An old style of metric that uses 6 bits to store the metric value. This gives a maximum metric of 63, which was considered too restrictive.

IS-IS supports narrow and wide metrics for compatibility with older implementations.

If all routers in an IS-IS domain support wide metrics, then configure wide metrics because they give greater flexibility.

The router accepts wide and narrow metric types, regardless of which types it sends.

Options:

  • wide - Sends the wide metric type only

  • narrow - Sends the narrow metric type only

  • transition - Sends the wide and narrow metric types

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

overload-bit {on | off}

Enables (on) or disables (off) the settings related to the overload bit for IPv6.

IS-IS routers may optionally configure an overload bit in the 'Hello' packets and LSP packets they send to other IS-IS routers.

This bit shows that the router should not be used as a transit router for routing decisions.

You can configure this bit permanently on routers that are never intended to pass traffic, except to directly connected subnets.

Options:

  • on - Enables the overload bit

  • off - Does not enable the overload bit

Default:

  • off

prc-interval {<options>}

Configures the delay between subsequent Partial Route Calculation (PRC) events for IPv6.

This option uses an exponential backoff to determine the delay between events.

The delay before events after the "second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "max" periods, the router restores the delay to the "initial" value.

Options:

  • The "max" option:

    Specifies the maximum interval between two events.

    • Range: 1 - 120 (seconds)

    • Default: 5

  • The "initial" option:

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 2000

  • The "second" option:

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5000

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

spf interval {<options>}

Configures the delay between subsequent SPF calculations.

When the information announced by an IS-IS router changes the topology, all routers in the domain must run SPF to re-create the shortest path tree.

The SPF interval determines how frequently these shortest path calculations may occur.

This option uses exponential backoff to determine the delay between events.

The delay before events after the "second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "max" periods, the router restores the delay to the "initial" value.

Options:

  • The "max" option:

    Specifies the maximum interval between two events.

    • Range: 1 - 120 (seconds)

    • Default: 10

  • The "initial" option:

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

  • The "second" option:

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

system-id <ISO System ID>

Configures the System ID for this IS-IS router.

The System ID of an IS-IS router uniquely identifies the router in the IS-IS domain. This System ID on each IS-IS router must be unique in the IS-IS domain.

In ClusterXL, and Scalable Platform, you must configure the same System ID on each Cluster MemberClosed Security Gateway that is part of a cluster. and Security Group Member.

You cannot change the System ID while IS-IS is already configured and running.

To change the System ID while IS-IS is running, first you must stop the IS-IS protocol in one of these ways:

  • Remove all IS-IS areas from the configuration

  • Remove all IS-IS interfaces from the configuration

The System ID is a 6 byte hex string, separated on two-byte boundaries by a "." (period). To remove the System ID you configured explicitly, configure the System ID to the "default" value.

Example System ID:

1a2b.3c4d.5e6f

Configuring IS-IS Interfaces

Interface options apply to each logical interface independently.

You must configure the address family on an interface before it can run IS-IS.

set isis interface <Name of Interface>

      address-family {ipv4 | ipv6 | ipv4-and-ipv6}

      advertise {on | off | default}

      authentication

            cryptographic

                  active-key <1-255> [level {1 | 2}]

                  key <1-255> algorithm <Algorithm>

                        encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                        secret <Clear Text Password> [level {1 | 2}]

            md5

                  active-key <1-255> [level {1 | 2}]

                  key <1-255>

                        encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                        secret <Clear Text Password> [level {1 | 2}]

            none

            simple

                  encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

                  secret <Clear Text Password> [level {1 | 2}]

      circuit-type {level-1 | level-2 | level-1-2}

      csnp-interval {<0-65535> | default} [level {1 | 2}]

      hello

            holdtime {<3-65535> | default} [level {1 | 2}]

            interval {<1-65535> | default} [level {1 | 2}]

            padding {always | global | off | smart}

      ip-reachability-detection {on | off | default}

      lsp-interval {<33-4294967295> | default}

      mesh-group

            blocked

            group <1-4294967295>

            off

      metric {<1-16777214> | default | maximum} [level {1 | 2}]

      off

      passive-mode {on | off | default}

      point-to-point

            {on | off}

            retransmit-interval {<0-65535> | default}

            retransmit-throttle-interval {<0-65535> | default}

      priority {<0-127> | default} [level {1 | 2}]

Parameter

Description

address-family {ipv4 | ipv6 | ipv4-and-ipv6}

Configures the address family on the specified IS-IS interface.

IS-IS sends and receives reachability information and calculates routes for the IP protocols that run on the specified interface.

You must configure the address family to run IS-IS on the specified interface.

Options:

  • ipv4 - Uses IPv4 only

  • ipv6 - Uses IPv6 only

  • ipv4-and-ipv6 - Uses IPv4 and IPv6

Default:

  • ipv4-and-ipv6

advertise {on | off | default}

Enables (on) or disables (off) the advertising of this interface's IPv4 prefix to this router's IS-IS neighbors.

By default, IS-IS includes all directly connected routes on the IS-IS interfaces in its Link State PDUs.

However, in some cases, these routes are not necessary (for example, transit links which are never used as a final destination).

In this case, it may be advantageous to not send these prefixes in LSP packets, so the total IS-IS link state database is smaller.

Options:

  • on - Sends this interface's IPv4 prefix in IS-IS LSP packets

  • off - Does not send this interface's IPv4 prefix in IS-IS LSP packets

Default:

  • on

authentication <Mode> <options> [level {1 | 2}]

Configures IS-IS authentication for the incoming and outgoing LSP, CSNP, and PSNP packets.

You can configure IS-IS authentication for 'Hello' packets with interface authentication.

When you configure an authentication mode, this IS-IS router authenticates all outgoing LSP, CSNP, and PSNP packets using the configured mode.

Level authentication:

  • 'Level 1' authentication applies to all 'Level 1' IS-IS packets - LSP, CSNP, and PSNP.

  • 'Level 2' authentication applies to all 'Level 2' IS-IS packets - LSP, CSNP, and PSNP.

Important:

  • You can configure only one authentication mode per level at a time.

  • Configuration of a new authentication mode removes the previous mode's configuration.

Note - By default, this IS-IS router also authenticates all incoming IS-IS packets.

You can disable this behavior with this Gaia Clish command:

set isis authentication ignore <Packet Type> {on | off} [level {1 | 2}]

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication simple secret <Clear Text Password> [level {1 | 2}]

Enables the simple (plaintext) authentication for IS-IS packets.

This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

If neighbor routers detect a mismatch in authentication, they drop the packets that have mismatched authentication.

This command encrypts the specified password and saves it in the Gaia database.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication simple encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the simple (plaintext) authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

set isis authentication mode simple secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

This IS-IS router authenticates IS-IS packets using a plaintext password that is included with each IS-IS packet.

If neighbor routers detect a mismatch in authentication, they drop the packets that have mismatched authentication.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication md5 key <1-255> secret <Clear Text Password> [level {1 | 2}]

Enables the HMAC MD5 authentication for IS-IS packets.

IS-IS packets include an MD5 digest of the packet, based on a configured secret key.

You configure this secret on the router. The router does not send this secret in plaintext.

As a result, this mode is more secure than the simple authentication.

This command encrypts the specified password and saves it in the Gaia database.

If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

Note - By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode md5 active-key <1-255> [level {1 | 2}

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication md5 key <1-255> encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the HMAC MD5 authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

set isis authentication mode md5 key <1-255> secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

You configure this secret on the router. The router does not send this secret in plaintext.

As a result, this mode is more secure than the simple authentication.

If neighbor routers detect a mismatch in authentication, they ignore the packets with a mismatched authentication.

Note - By default, this IS-IS router uses the lowest configured MD5 Key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode md5 active-key <1-255> [level {1 | 2}

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication cryptographic key <1-255> algorithm <Algorithm> secret <Clear Text Password> [level {1 | 2}]

Enables the cryptographic authentication for IS-IS packets.

When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

Supported Cryptographic Algorithms:

  • hmac-sha-1

  • hmac-sha-256

  • hmac-sha-384

  • hmac-sha-512

This command encrypts the specified password and saves it in the Gaia database.

Note - By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode cryptographic active-key <1-255> [level {1 | 2}]

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication cryptographic key <1-255> algorithm <Algorithm> encrypted-secret <Password Encrypted by Gaia> [level {1 | 2}]

Enables the cryptographic authentication for IS-IS packets.

Important - You must enter the encrypted authentication secret that Gaia saved in its database after you ran this command:

authentication mode cryptographic key <1-255> algorithm <Algorithm> secret <Clear Text Password> [level {1 | 2}]

To see the encrypted authentication secret in the Gaia database, run:

show configuration isis

When using cryptographic authentication, each key-algorithm-secret triplet must match exactly on other IS-IS routers that are authenticating the same packets.

Supported Cryptographic Algorithms:

  • hmac-sha-1

  • hmac-sha-256

  • hmac-sha-384

  • hmac-sha-512

Note - By default, this IS-IS router uses the lowest configured Cryptographic key ID to authenticate outgoing IS-IS packets.

Use this command to change this behavior:

set isis authentication mode cryptographic active-key <1-255> [level {1 | 2}]

If you remove the configured Active Key from the list of IS-IS authentication keys, the IS-IS router returns to the default behavior.

The router can use any key ID to authenticate incoming IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

authentication none [level {1 | 2}]

Disables authentication for IS-IS packets.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

circuit-type {level-1 | level-2 | level-1-2}

Configures the IS-IS levels on which this IS-IS interface works.

Usually, IS-IS interfaces works on the same levels the IS-IS router is configured to support.

If the router supports 'Level 1' and 'Level 2', but a link uses only one of these levels, you can restrict this link to work on a single level.

This decreases the protocol traffic and resource consumption.

Note - Use this command only if the IS-IS "is-type" option is configured with the value "level-1-2" (its default value). If an interface is configured to run only at 'Level 1', and the IS-IS instance only runs at 'Level 2' (or the opposite), the interface does not run IS-IS.

csnp-interval {<0-65535> | default} [level {1 | 2}]

Note - This command applies only to broadcast interfaces.

Configures how frequently this IS-IS router sends a CSNP from the specified interface, if this router is the Designated Intermediate System (DIS) for this link.

Range:

  • 0 - 65535 (seconds)

    Note - The value 0 means this router does not send CSNP packets.

Default:

  • 10

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

hello holdtime {<3-65535> | default} [level {1 | 2}]

Configures the 'Hello' hold time for the specified interface.

The hold time determines how long other IS-IS routers wait without receiving a 'Hello' packet from this IS-IS router before they consider this router as down.

Range:

  • 3 - 65535 (seconds)

Default: One of these:

  • 30 (if you did not configure the 'Hello' interval)

  • The configured 'Hello' interval multiplied by 3 (maximum of 65535)

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

hello interval {<1-65535> | default} [level {1 | 2}]

Configures how frequently this IS-IS router sends 'Hello' packets on the specified interface.

This interval need not match other IS-IS routers on the link.

Range:

  • 1 - 65535 (seconds)

Default: One of these:

  • 10 (if you did not configure the 'Hello' hold time)

  • The configured 'Hello' hold time divided by 3 (rounded down)

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

hello padding {always | global | off | smart}

Configures how this IS-IS routers adds the padding in 'Hello' packets on the specified interface.

This configuration overrides the IS-IS instance configuration for 'Hello' padding.

IS-IS does not show what its interface MTU is in IS-IS 'Hello' packets.

Instead, it uses 'Hello' padding to make sure that neighbors have a matching MTU before they form an adjacency.

If the MTU between two neighbors does not match, the router with the lower MTU drops the padded 'Hello' packet as malformed and does not form an adjacency.

Options:

  • always - Always adds padding in each 'Hello' packet

  • global - Uses the 'Hello' padding configuration from the IS-IS instance

  • off - Does not add padding in 'Hello' packets

  • smart - Adds padding in 'Hello' packets when a new adjacency is forming

Default:

  • global

ip-reachability-detection {on | off | default}

Enables (on) or disables (off) Bidirectional Forwarding Detection (BFD) on the specified interface.

If you enable this feature, this IS-IS router creates a BFD session on the specified interface with all IS-IS neighbors that also have BFD enabled.

While a BFD session is active between two neighbors, the IS-IS state responds to changes in the BFD state:

  • If the BFD state change to 'Down', then the state of that IS-IS link also changes to 'Down'.

  • If one IS-IS neighbor has BFD enabled and the other neighbor does not, then these neighbors do not create a BFD session, and BFD does not have an effect on the adjacency state.

Notes for IPv6 Multi-Topology:

  • If you did not enable IPv6 Multi-Topology, then this command tries to enable BFD for all address families (IPv4, IPv6) that you configured on the specified interface.

  • If you enabled IPv6 Multi-Topology, then this command tries to enable BFD only for IS-IS neighbors that use IPv4.

Options:

  • on - Enables BFD for this interface

  • off - Disables BFD for this interface

Default:

  • off

lsp-interval {<33-4294967295> | default}

Configures the minimum delay between LSP packets this IS-IS router sends on the specified interface.

Note - The lower the configured number, the faster the IS-IS converges on IS-IS neighbors, but the higher the system load on this IS-IS router.

Range: 33 - 4294967295 (milliseconds)

Default: 33

mesh-group {<options>}

Configures the specified interface as a member of a mesh group.

Usually, when an IS-IS router receives an LSP on one interface, the router automatically sends this LSP from all other interfaces.

When several IS-IS routers are connected in a tight mesh, LSP packets are flooded more than is necessary to send database updates to all IS-IS routers in the domain.

Configuring router interfaces as members of mesh groups causes routers to send LSP packets more selectively.

This can reduce network traffic.

Options:

  • blocked

    Does not send LSP packets from this interface.

    Warning - Use this option carefully. If enough interfaces in a mesh are blocked, some routers may not receive each LSP. As a result, these routers will have an inconsistent link state database and make routing errors.

  • group <1-4294967295>

    Configures this interface as a member of a mesh group.

    When an interface is a member of a mesh group, this IS-IS router sends LSP packets only from interfaces that are not members of the same mesh group as the interface on which the router received this LSP.

    Warning - Use this option carefully. If enough interfaces in a mesh change their state to 'Down', LSP packets do not get to all members of the domain. As a result, the database becomes inconsistent, which leads to routing errors.

  • off

    Disables mesh grouping for this interface.

    This IS-IS router sends all LSP packets it received on other interfaces from this interface.

    This is the default behavior.

Range: 1 - 4294967295

Default: No mesh group

metric {<1-16777214> | default | maximum} [level {1 | 2}]

Configures the metric (cost) related to the specified interface.

The metric of each link in an IS-IS topology determines the total cost of a given route to a destination.

Configure a metric on each IS-IS interface on an IS-IS router based on how much traffic you expect this interface to pass compared to other IS-IS interfaces.

Supported Values:

  • "maximum" - The SPF algorithm uses an infinite cost for this interface

  • 1 - 16777214 - Uses the wide metric type

  • 1 - 63 - Uses the narrow metric type

Default:

  • The value configured as the default-metric in the IS-IS instance configuration.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

off

Disables the IS-IS operation on the specified interface.

The router immediately removes IS-IS protocol state and the configuration related to this interface.

passive-mode {on | off | default}

Enables (on) or disables (off) passive IS-IS operation on this interface.

When an IS-IS interface runs in passive mode, it does not send protocol packets from the specified interface, but the IP connectivity information related to the interface is still included in LSP packets the IS-IS router sends from other active IS-IS interfaces.

This mode is ideal for stub networks.

Note - The IS-IS router enables this mode implicitly on loopback interfaces.

Options:

  • on - This interface does not send protocol packets

  • off - This interface works as a normal IS-IS interface

Default:

  • off

point-to-point {on | off}

Configures a broadcast IS-IS interface to behave as a point-to-point IS-IS interface.

In certain topologies, it may be advantageous to make a broadcast interface behave as if it is point-to-point.

This prevents the overhead present on broadcast interfaces.

Note - Use this option only if this link has exactly two IS-IS routers (including this one).

Options:

  • on - This interface behaves as point-to-point

  • off - This interface behaves as broadcast

Default:

  • off

point-to-point retransmit-interval {<0-65535> | default}

Note - This command only applies to point-to-point interfaces.

This command does not apply if the specified interface is not point-to-point, or is not a broadcast interface that behaves as point-to-point.

Configures the retransmit interval for LSP packets this IS-IS routers sends over a point-to-point link.

IS-IS requires an IS-IS router to send acknowledgments for LSP packets it receives from its neighbor over a point-to-point link.

If this router sends an LSP and does not get this acknowledgment within the configured retransmit interval, this router sends the LSP again, until it gets an acknowledgment.

Range: 0 - 65535 (seconds)

Default: 5 seconds

point-to-point retransmit-throttle-interval {<0-65535> | default}

Note - This command only applies to point-to-point interfaces.

This command does not apply if the specified interface is not point-to-point, or is not a broadcast interface that behaves as point-to-point.

Configures how frequently this IS-IS router retransmits LSP packets over a point-to-point link to its neighbor when multiple packets are waiting to be sent.

Range: 0 - 65535 (milliseconds)

Default: The value of the "lsp-interval" parameter for this interface.

priority {<0-127> | default} [level {1 | 2}]

Configures the Designated Intermediate System (DIS) priority for the specified broadcast interface.

On broadcast IS-IS interfaces, the IS-IS router with the highest priority is automatically elected to be the DIS.

Configure the priority value to get the desired DIS on each IS-IS link.

Range: 0 - 127

Default: 64

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

Configuring IS-IS IPv6 Multi-Topology Options

The IPv6 Multi-Topology configuration allows an IS-IS router to consider IPv4 and IPv6 as separate routing domains.

As a result, it is safer and easier to configure networks that have mixed support for both IPv4 and IPv6.

Important - IPv6 options in IS-IS apply only after you enable IPv6 Multi-Topology.

If IPv6 Multi-Topology is disabled, IPv6 settings get their values from the non-IPv6 versions of these commands, and the IPv6 commands do not apply.

set isis ipv6

      default-metric {<1-16777214> | default} [level {1 | 2}]

      ignore-attached-bit {on | off | default}

      multi-topology {on | off | transition}

      overload-bit {on | off}

      prc-interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

      spf interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

set isis interface <Name of Interface> ipv6

      advertise {on | off | default}

      ip-reachability-detection {on | off | default}

      metric {<1-16777214> | default | maximum} [level {1 | 2}]

Parameter

Description

ipv6 default-metric {<1-16777214> | default} [level {1 | 2}]

Configures the default metric for all IPv6 IS-IS interfaces. The interface uses this metric if you do not configure another IPv6 metric explicitly.

Note - The IPv6 metric takes effect only if you ran this command:

set isis multi-topology on

Range:

  • 1 - 16777214 - Uses the wide metric type

  • 1 - 63 - Uses the narrow metric type

Default:

  • 10

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

ipv6 ignore-attached-bit {on | off | default}

Use this option to ignore attached bits set by level-2-connected IS-IS IPv6 routers.

By default, 'Level 1-2' IS-IS routers do not send routes from 'Level 2' to 'Level 1'.

Instead, they configure an "attached bit" in the packets they send to 'Level 1' areas.

This attached bit shows that 'Level 1' routers should install a default route to the 'Level 2' router that configured it.

In some cases, it may be necessary to ignore these attached bits, and not install a default route on 'Level 1-2' routers.

Options:

  • on - Does not install the default route on "attached" routers

  • off - Installs the default route on "attached" neighbors

Default:

  • off

ipv6 multi-topology {on | off | transition}

Configures Multi-Topology for IPv6 unicast.

Multi-Topology maintains separate topologies for each Multi-Topology, on which it is enabled.

As a result, IS-IS runs SPF and calculates routes separately for IPv4 and IPv6.

In addition, adjacencies form as long as there is at least one common address family supported.

If you enable this feature, this IS-IS router ignores the "adjacency-check" option (as if it "off").

Options:

  • on

    Enables Multi-Topology for IPv6.

    This IS-IS router sends only Multi-Topology TLVs in LSP packets.

    All IS-IS routers in the area must support Multi-Topology to install IPv6 routes correctly.

  • transition

    Enables Multi-Topology mode for IPv6.

    This IS-IS router sends the Single-Topology and Multi-Topology TLVs in LSP packets.

    The router creates adjacencies with Single-Topology and Multi-Topology routers, but continues to work in Single-Topology mode.

  • off

    Disables Multi-Topology for IPv6.

    This IS-IS router sends only Single-Topology TLVs in LSP packets, and does not work with other routers that run in Multi-Topology mode.

Default:

  • off

ipv6 overload-bit {on | off}

Enables (on) or disables (off) the settings related to the overload bit for IPv6.

IS-IS routers may optionally configure an overload bit in the 'Hello' packets and LSP packets they send to other IS-IS routers. This bit shows that the router should not be used as a transit router for routing decisions.

You can configure this bit permanently on routers that are never intended to pass traffic, except to directly connected subnets.

Options:

  • on - Enables the overload bit for IPv6

  • off - Disables the overload bit for IPv6

Default:

  • off

ipv6 prc-interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

Configures the delay between subsequent Partial Route Calculation (PRC) events for IPv6.

This option uses an exponential backoff to determine the delay between events.

The delay before events after the "second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "max" periods, the router restores the delay to the "initial" value.

Options:

  • max:

    • Range: 1 - 120 (seconds)

    • Default: 5

  • initial:

    • Range: 50 - 120000 (milliseconds)

    • Default: 2000

  • second:

    • Range: 50 - 120000 (milliseconds)

    • Default: 5000

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

ipv6 spf interval max {<1-120> | default} initial {<50-120000> | default} second {<50-120000> | default} [level {1 | 2}]

Use this command to configure the delay between subsequent SPF calculations.

When the information announced by an IS-IS router changes the topology, all routers in the domain must run SPF to re-create the shortest path tree.

The SPF interval determines how frequently these shortest path calculations may occur.

This option uses exponential backoff to determine the delay between events.

Note - You must enable IPv6 Multi-Topology with this command:

set isis multi-topology on

The delay before events after the "second" period is the previous delay multiplied by two, up to the maximum delay.

If an event does not occur for two "max" periods, the router restores the delay to the "initial" value.

Options:

  • The "max" option:

    Specifies the maximum interval between two events.

    • Range: 1 - 120 (seconds)

    • Default: 10

  • The "initial" option:

    Specifies the initial delay between when an event is scheduled, and when it actually takes place.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

  • The "second" option:

    Specifies the delay between the first event and the second event.

    • Range: 50 - 120000 (milliseconds)

    • Default: 5500

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.

interface <Name of Interface> ipv6 advertise {on | off | default}

Enables (on) or disables (off) the advertising of this interface's IPv6 prefix to this router's IS-IS neighbors.

By default, IS-IS includes all directly connected routes on the IS-IS interfaces in its Link State PDUs.

However, in some cases, these routes are not necessary (for example, transit links which are never used as a final destination).

In this case, it may be advantageous to not send these prefixes in LSP packets, so the total IS-IS link state database is smaller.

Options:

  • on - Sends this interface's IPv6 prefix in IS-IS LSP packets

  • off - Does not send this interface's IPv6 prefix in IS-IS LSP packets

Default:

  • on

interface <Name of Interface> ipv6 ip-reachability-detection {on | off | default}

Enables (on) or disables (off) Bidirectional Forwarding Detection (BFD) on the specified interface.

If you enable this feature, this IS-IS router creates a BFD session on the specified interface with all IS-IS neighbors that also have BFD enabled.

While a BFD session is active between two neighbors, the IS-IS state responds to changes in the BFD state:

  • If the BFD state change to 'Down', then the state of that IS-IS link also changes to 'Down'.

  • If one IS-IS neighbor has BFD enabled and the other neighbor does not, then these neighbors do not create a BFD session, and BFD does not have an effect on the adjacency state.

Notes for IPv6 Multi-Topology:

  • If you did not enable IPv6 Multi-Topology, then this option tries to enable BFD for the IPv6 address you configured on the specified interface.

  • If you enabled IPv6 Multi-Topology, then this option tries to enable BFD only for IS-IS neighbors that use IPv6.

Options:

  • on - Enables BFD for this interface

  • off - Disables BFD for this interface

Default:

  • off

interface <Name of Interface> ipv6 metric {<1-16777214> | default | maximum} [level {1 | 2}]

Configures the metric (cost) related to the specified interface.

The metric of each link in an IS-IS topology determines the total cost of a given route to a destination.

Configure a metric on each IS-IS interface on an IS-IS router based on how much traffic you expect this interface to pass compared to other IS-IS interfaces.

Options:

  • "maximum" - The SPF algorithm uses an infinite cost for this interface

  • 1 - 16777214 - Uses the wide metric type

  • 1 - 63 - Uses the narrow metric type

Default:

  • The value configured as the default-metric in the IS-IS instance configuration.

Optional:

Specify an additional "level" parameter to apply this command to 'Level 1' or 'Level 2' only.

Without this parameter, this command applies to 'Level 1' and 'Level 2' configuration.