IS-IS Configurations

The examples in this section configure an IS-IS connection between two routers.

Basic Configuration

In this basic configuration, you set up an adjacency between two routers, set the metric for the link, and set up the IS to be a level 1 or level 2 system.

You must configure the interface, here, so-1/0/0 , to be under family iso , and you must configure the ISO address on the loopback interface, lo0 . In the protocols configuration, you specify the protocols as isis and include the interfaces you want. Disable fxp0 so that no IS-IS packets are sent over it. Configure the level under the interface. An interface can belong to level 1 or level 2 or in both; here, the interface is in both levels. To configure the metric of the link, include the metric keyword, specifying the cost of using that link.

 interfaces {     so-1/0/0 {         unit 0 {             family inet {                 address 10.10.10.5/30;             }             family iso;         }     }     fxp0 {         unit 0 {             family inet {                 address 192.168.5.239/24;             }         }     }     lo0 {         unit 0 {             family inet {                 address 127.0.0.1/32;                 address 10.255.245.239/32;             }             family iso {                 address 47.0005.80ff.f800.0000.0108.0001.0102.5524.5239.00;             }         }     } } protocols {     isis {         interface so-1/0/0.0 {             level 1 metric 10;             level 2 metric 20;         }         interface fxp0.0 {             disable;         }         interface lo0.0;     } } 

To check whether the adjacencies actually are formed , use the show isis adjacency CLI command.

Export Static Routes

To export some static routes, you configure a routing policy. First, include some static routes in the configuration by configuring the routing options with the static route, specifying the next hop to use:

 routing-options {     static {         /* corporate and alpha net */         route 172.16.0.0/12 {             next-hop 192.168.5.254;             retain;             no-readvertise;         }         /* old lab nets */         route 192.168.0.0/18 {             next-hop 192.168.5.254;             retain;             no-readvertise;         }         route 10.255.245.35/32 {             discard;             retain;         }     }     router-id 10.255.245.236;     autonomous-system 69; } 

Then configure a policy that accepts these static routes. Here, we have defined a policy named redist-static which accepts static routes by specifying the protocol to be static. We could in turn make the protocol to be EBGP or an IGP.

 policy-options {     policy-statement redist-static {         from protocol static;         then accept;     } } 

Finally, export these routes through IS-IS by including this policy in the IS-IS configuration. Here, we are exporting the policy redist-static under isis , which in turn means export all static routes that you learned into IS-IS.

 protocols {     isis {         export redist-static;         interface so-0/2/3.0 {             level 1 metric 10;             level 2 metric 20;         }         interface fxp0.0 {             disable;         }         interface lo0.0;     } } 

Simple Authentication

Simple authentication allows two ISs to perform system-level authentication using a nonencrypted alphanumeric password (key). To configure this, include the authentication-type statement, specifying the simple option. Then set the authentication key with the authentication-key statement.

 protocols {     isis {         export redist-static;         authentication-key "QZiq36A01E9ABRSy8LDjH"; # SECRET-DATA         authentication-type simple; # SECRET-DATA         interface so-0/2/3.0 {             level 1 metric 10;             level 2 metric 20;         }         interface fxp0.0 {             disable;         }         interface lo0.0;     } } 

Interface-Level Hello Authentication

Interface-level hello authentication verifies the hello messages exchanged across interfaces. You configure this by adding the hello-authentication-key statement to the IS-IS authentication configuration:

 protocols {     isis {         export redist-static;         authentication-key "QZiq36A01E9ABRSy8LDjH"; # SECRET-DATA         authentication-type simple; # SECRET-DATA         interface so-0/2/3.0 {             hello-authentication-key "$LdGNwgikPQ39mf39puhcs24"; # SECRET-DATA             hello-authentication-type simple; # SECRET-DATA             level 1 metric 10;             level 2 metric 20;         }         interface fxp0.0 {             disable;         }         interface lo0.0;     } } 

Passive Interfaces

A passive interface is one that cannot be used for sending and receiving IS-IS packets. Here, interface so-1/0/0 has been made passive. The show isis interface command shows this interface as passive.

 protocols {     isis {         export redist-static;         authentication-key "$vGHL-bZUHm5zjHfQn60O7Nd"; # SECRET-DATA         authentication-type simple; # SECRET-DATA         no-authentication-check;         interface so-1/0/0.0 {             hello-authentication-key " 
 protocols { isis { export redist-static; authentication-key "$9$vGHL-bZUHm5zjHfQn60O7Nd"; # SECRET-DATA authentication-type simple; # SECRET-DATA no-authentication-check; interface so-1/0/0.0 { hello-authentication-key "$9$0zzSISeNds4JDwYJDkqzFylK"; # SECRET-DATA hello-authentication-type simple; # SECRET-DATA level 1 { metric 10; hello-authentication-key "$9$4wZiq36CuBRVwoZjiPfREc"; # SECRET-DATA hello-authentication-type simple; # SECRET- DATA passive; } level 2 metric 8; } interface fxp0.0 { disable; } interface lo0.0; } } 
 zzSISeNds4JDwYJDkqzFylK"; # SECRET-DATA             hello-authentication-type simple; # SECRET-DATA             level 1 {                 metric 10;                 hello-authentication-key "wZiq36CuBRVwoZjiPfREc"; # SECRET-DATA                 hello-authentication-type simple; # SECRET- DATA                 passive;             }             level 2 metric 8;         }         interface fxp0.0 {             disable;         }         interface lo0.0;     } }