OSPF is a link-state routing protocol that creates and keeps neighbor relationships by sharing routing updates with other OSPF routers. No routing information is exchanged and the only packets they exchange are Hello packets. Hello packets enables dynamic neighbor discovery and preserve neighbor connections. Passive interface command is used to suppress OSPF hello packets on a specified interface. It is also used in other routing protocols like RIP and EIGRP. Show
Enabling passive interfaces in our network devices mean that:
Why Do We Use OSPF Passive Interface?The passive interface should be configured on interfaces that do not have an OSPF router connected to them so that they won’t receive any OSPF information. By silencing routing announcements on network interfaces, we tell the router to “listen but don’t talk.” A protocol’s routing load on the CPU can be reduced by minimizing the number of interfaces with which it must interact. The ‘passive-interface’ command disables OSPF and EIGRP route processing for that interface. If you’re sure the routing protocol won’t need to communicate with anything on the specified interface, use this command. Another reason to apply passive interface is to increase security. An attacker could start an application that replies with OSPF hello packets then our router will try to establish neighbor relationship. The attacker could then advertise fake routes to misdirect traffic. OSPF Passive Interface ConfigurationThere are two ways to configure OSPF passive interface in our network devices. 1. If we only need to configure passive interface on a single or a couple of interfaces, we can individually configure them using the ‘passive-interface’ command: Router#conf t Router(config)#router ospf 1 Router(config-router)#passive-interface gi0/0/0 Router(config-router)#passive-interface gi0/0/12. If we need all interfaces to be passive interfaces and leaving a single or a couple of interfaces non-passive, we can set passive interface as the default configuration by using the ‘passive-interface default’ command: Router#conf t Router(config)#router ospf 1 Router(config-router)#passive-interface default Router(config-router)#no passive-interface gi0/0/0To verify our passive interface configuration, we can use the ‘show ip ospf interface command’: Router#sh ip ospf interface GigabitEthernet0/0/0 is up, line protocol is up Internet address is 10.10.10.10/24, Area 0 Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State WAITING, Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 No Hellos (Passive interface) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s)Take note that this interface is no longer sending OSPF Hellos or processing any received Hellos in our OSPF domain. Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book. We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
When you use the network command in OSPF, two things will happen:
Sometimes it’s undesirable to send OSPF hello packets on certain interfaces. Take a look at the image below: R1 and R2 are configured for OSPF. R1 is connected to network 192.168.10 /24 which has some computers connected to a switch. R1 wants to advertise this network to R2. Once we use the network command to advertise 192.168.10.0 /24 in OSPF, R1 will also send OSPF hello packets towards the switch. This is a bad idea, first of all because there are no routers on this network but it’s also a security risk. If someone on the computer starts an application that replies with OSPF hello packets then R1 will try to become neighbors. An attacker could advertise fake routes using this technique. To prevent this from happening, we can use the passive-interface command. This command tells OSPF not to send hello packets on certain interfaces. Let’s see how it works… ConfigurationHere’s the OSPF configuration of R1 and R2: R1(config)#router ospf 1 R1(config-router)#network 192.168.12.0 0.0.0.255 area 0 R1(config-router)#network 192.168.10.0 0.0.0.255 area 0 R2(config)#router ospf 1 R2(config-router)#network 192.168.12.0 0.0.0.255 area 0With the above configuration, R2 will learn network 192.168.10.0 /24: R2#show ip route ospf O 192.168.10.0/24 [110/20] via 192.168.12.1, 00:03:21, FastEthernet0/0This is great but a side-effect of this configuration is that R1 will send hello packets on its FastEthernet 0/1 interface. We can see this with a debug: R1#debug ip ospf hello OSPF hello events debugging is on OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/1 from 192.168.10.254 OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 192.168.12.1Above you can see that hello packets are sent in both directions. Let’s fix this. We will configure OSPF to stop the hello packets towards the switch: R1(config)#router ospf 1 R1(config-router)#passive-interface FastEthernet 0/1You only have to use the passive-interface command under the OSPF process. You can verify our work with the following command: To configure Intermediate System-to-Intermediate System (IS-IS) to advertise only prefixes that belong to passive interfaces, use the advertise-passive-only command in router configuration mode. To remove the restriction, use the no form of this command. advertise-passive-only no advertise-passive-only Syntax DescriptionThis command has no arguments or keywords. DefaultsThis command has no default behavior. Command ModesRouter configuration Command History
Usage GuidelinesThis command is an IS-IS mechanism to exclude IP prefixes of connected networks from link-state packet (LSP) advertisements, thereby reducing IS-IS convergence time. Configuring this command per IS-IS instance is a scalable solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP. This command relies on the fact that when enabling IS-IS on a loopback interface, you usually configure the loopback as passive (to prevent sending unnecessary hello packets out through it because there is no chance of finding a neighbor behind it). Thus, if you want to advertise only the loopback and if it has already been configured as passive, configuring the advertise-passive-only command per IS-IS instance would prevent the overpopulation of the routing tables. An alternative to this command is the no isis advertise-prefix command. The no isis advertise-prefix command is a small-scale solution because it is configured per interface. ExamplesThe following example uses the advertise-passive-only command, which affects the IS-IS instance, and thereby prevents advertising the IP network of Ethernet interface 0. Only the IP address of loopback interface 0 is advertised. Related Commands
area-passwordTo configure the Intermediate System-to-Intermediate System (IS-IS) area authentication password, use the area-password command in router configuration mode. To disable the password, use the no form of this command. area-password password [authenticate snp {validate | send-only}] no area-password [password] Syntax Description
DefaultsNo area password is defined, and area password authentication is disabled. Command ModesRouter configuration Command History
Usage GuidelinesUsing the area-password command on all routers in an area will prevent unauthorized routers from injecting false routing information into the link-state database. This password is exchanged as plain text and thus this feature provides only limited security. This password is inserted in Level 1 (station router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNP). If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs. ExamplesThe following example assigns an area authentication password and specifies that the password be inserted in SNPs and checked in SNPs that the system receives: Related Commands
authentication key-chainTo enable authentication for Intermediate System-to-Intermediate System (IS-IS), use the authentication key-chain command in router configuration mode. To disable such authentication, use the no form of this command. authentication key-chain name-of-chain [level-1 | level-2] no authentication key-chain name-of-chain [level-1 | level-2] Syntax Description
DefaultsNo key chain authentication is provided for IS-IS packets at the router level. Command ModesRouter configuration Command History
Usage GuidelinesIf no key chain is configured with the key chain command, no key chain authentication is performed. Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command. Only one authentication key chain is applied to IS-IS at one time. That is, if you configure a second authentication key-chain command, the first is overridden. If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels. You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command. ExamplesThe following example configures IS-IS to accept and send any key belonging to the key chain named site1: Related Commands
authentication modeTo specify the type of authentication used in Intermediate System-to-Intermediate System (IS-IS) packets for the IS-IS instance, use the authentication mode command in router configuration mode. To restore clear text authentication, use the no form of this command. authentication mode {md5 | text} [level-1 | level-2] no authentication mode Syntax Description
DefaultsNo authentication is provided for IS-IS packets at the router level by use of this command, although clear text (plain text) authentication could be configured by other means, such as the area-password command or the domain-password command. Command ModesRouter configuration Command History
Usage GuidelinesIf neither the level-1 nor level-2 keyword is configured, the mode applies to both levels. You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the isis authentication mode command. If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands. If you configure the authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no authentication mode command first. ExamplesThe following example configures for the IS-IS instance that Message Digest 5 (MD5) authentication is performed on Level 1 packets: Related Commands
authentication send-onlyTo specify for the Intermediate System-to-Intermediate System (IS-IS) instance that authentication is performed only on IS-IS packets being sent (not received), use the authentication send-only command in router configuration mode. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command. authentication send-only [level-1 | level-2] no authentication send-only Syntax Description
DefaultsIf authentication is configured at the router level, it applies to IS-IS packets being sent and received. Command ModesRouter configuration Command History
Usage GuidelinesUse this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no authentication send-only command to disable the send-only feature. If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels. This command could apply to clear text authentication or Message Digest 5 (MD5) authentication. The mode is determined by the authentication mode command. ExamplesThe following example configures IS-IS Level 1 packets to use clear text authentication on packets being sent (not received): Related Commands
clear isis lsp-fullTo clear the LSPFULL state, use the clear isis lsp-full command in privileged EXEC mode. clear isis lsp-full Syntax DescriptionThis command has no arguments or keywords. Command ModesPrivileged EXEC Command History
Usage GuidelinesIf the link-state PDU (LSP) becomes full because too many routes are redistributed, use the clear isis lsp-full command to clear the state after the problem has been resolved. ExamplesThis example clears the LSPFULL state: Related Commands
clear isis rib redistributionTo clear some or all prefixes in the Intermediate System-to-Intermediate System (IS-IS) redistribution cache, use the clear isis rib redistribution command in privileged EXEC mode. clear isis rib redistribution [level-1 | level-2] [network-prefix] [network-mask] Syntax Description
Command ModesPrivileged EXEC Command History
Usage GuidelinesWe recommend that you use this command in a troubleshooting situation only when a Cisco Technical Assistance Center representative requests you to do so following a software error. ExamplesThe following example clears the network prefix 10.1.0.0 from the IP local redistribution cache: Related Commands
default-information originate (IS-IS)To generate a default route into an Intermediate System-to-Intermediate System (IS-IS) routing domain, use the default-information originate command in router configuration mode. To disable this feature, use the no form of this command. default-information originate [route-map map-name] no default-information originate [route-map map-name] Syntax Description
DefaultsThis command is disabled by default. Command ModesRouter configuration Command History
Usage GuidelinesIf a router configured with this command has a route to 0.0.0.0 in the routing table, IS-IS will originate an advertisement for 0.0.0.0 in its link-state packets (LSPs). Without a route map, the default is advertised only in Level 2 LSPs. For Level 1 routing, there is another mechanism to find the default route, which is to look for the closest Level 1 or Level 2 router. The closest Level 1 or Level 2 router can be found by looking at the attached-bit (ATT) in Level 1 LSPs. A route map can be used for two purposes: •Make the router generate default in its Level 1 LSPs. •Advertise 0/0 conditionally. With a match ip address standard-access-list command, you can specify one or more IP routes that must exist before the router will advertise 0/0. ExamplesThe following example forces the software to generate a default external route into an IS-IS domain: Related Commands
domain-passwordTo configure the Intermediate System-to-Intermediate System (IS-IS) routing domain authentication password, use the domain-password command in router configuration mode. To disable a password, use the no form of this command. domain-password password [authenticate snp {validate | send-only}] no domain-password [password] Syntax Description
DefaultsNo domain password is specified and no authentication is enabled for exchange of Level 2 routing information. Command ModesRouter configuration Command History
Usage GuidelinesThis password is exchanged as plain text and thus this feature provides only limited security. This password is inserted in Level 2 (area router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNPs). If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs. ExamplesThe following example assigns an authentication password to the routing domain and specifies that the password be inserted in SNPs and checked in SNPs that the system receives: Related Commands
fast-floodTo fill Intermediate System-to-Intermediate System (IS-IS) link-state packets (LSPs), use the fast-flood command in router configuration mode. To disable the fast flooding, use the no form of this command. fast-flood [lsp-number] no fast-flood [lsp-number] Syntax Description
Command DefaultFast flooding is disabled. Command ModesRouter configuration (config-router) Command History
Usage GuidelinesThe fast-flood command sends a specified number of LSPs from the router. If no LSP number value is specified, the default it 5. The LSPs invoke SPF before running SPF. When you speed up the LSP flooding process, you improve overall network convergence time. If you are running SPF and if you have configured values shorter than 40 milliseconds for the initial delay that is set by the seconds argument of the incremental-spf command, the SPF computation might start before the LSP that triggered SPF is flooded to neighbors. The router should always flood, at least, the LSP that triggered SPF before the router runs the SPF computation. We recommend that you enable the fast flooding of LSPs before the router runs the SPF computation, in order to achieve a faster convergence time. Note Beginning with Cisco IOS Release 12.3(7)T, the ip fast-convergence command is replaced with the fast-flood command. ExamplesIn the following example, the fast-flood command is entered to configure the router to fill the first seven LSPs that invoke SPF, before the SPF computation is started. When the show running-configuration command is entered, the output confirms that fast flooding has been enabled on the router. Related Commands
fast-reroute load-sharing disableTo disable Fast Reroute (FRR) load sharing of prefixes, use the fast-reroute load-sharing disable command in router configuration mode. To restore the default setting, use the no form of this command. fast-reroute load-sharing {level-1 | level-2} disable no fast-reroute load-sharing {level-1 | level-2} disable Syntax Description
Command DefaultLoad sharing of prefixes is enabled by default. Command ModesRouter configuration (config-router) Command History
Usage GuidelinesYou must configure the router isis command before you can configure the fast-reroute load-sharing disable command. Load sharing equally distributes the prefixes that use the same protected primary path over the available loop-free alternates (LFAs). An LFA is a next hop that helps a packet reach its destination without looping back. ExamplesThe following example shows how to disable load sharing of Level 2 prefixes: Related Commands
fast-reroute per-prefixTo enable Fast Reroute (FRR) per prefix, use the fast-reroute per-prefix command in router configuration mode. To disable the configuration, use the no form of this command. fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name} no fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name} Syntax Description
Command DefaultFast Reroute per prefix is disabled. Command ModesRouter configuration (config-router) Command History
Usage GuidelinesYou must configure the router isis command before you can configure the fast-reroute per-prefix command. You must configure the all keyword to protect all prefixes or configure the route-map route-map-name keyword and argument pair to protect a selected set of prefixes. When you specify the all keyword, all paths are protected, except paths that use interfaces, which are not supported, or interfaces, which are not enabled for protection. Using the route-map route-map-name keyword and argument pair to specify protected routes provides you with the flexibility to select protected routes, including using administrative tags. Repair paths forward traffic during a routing transition. Repair paths are precomputed in anticipation of failures so that they can be activated when a failure is detected. ExamplesThe following example shows how to enable FRR for all Level 2 prefixes: Related Commands
fast-reroute tie-breakTo configure the Fast Reroute (FRR) tiebreaking priority, use the fast-reroute tie-break command in router configuration mode. To disable the configuration, use the no form of this command. fast-reroute tie-break {level-1 | level-2} {downstream | linecard-disjoint | lowest-backup-path-metric | node-protecting | primary-path | secondary-path | srlg-disjoint} priority-number no fast-reroute tie-break {level-1 | level-2} {downstream | linecard-disjoint | lowest-backup-path-metric | node-protecting | primary-path | secondary-path | srlg-disjoint} Syntax Description
Command DefaultTiebreaking is enabled by default. Command ModesRouter configuration (config-router) Command History
Usage GuidelinesYou must configure the router isis command before you can configure the fast-reroute tie-break command. Tiebreaking configurations are applied per IS-IS instance per address family. The lower the configured priority value, the higher the priority of the rule. The same attribute cannot be configured more than once in the same address family. The default tiebreaking rules have a priority value of 256. Hence, the tiebreaking rules that you configure will always have a higher priority than the default rule. Load sharing equally distributes the prefixes that use the same protected primary path over the available LFAs. An LFA is a next hop that helps a packet reach its destination without looping back. ExamplesThe following example shows how to set a tiebreaking priority of 5 for Level 2 packets: Related Commands
hello paddingTo reenable IS-IS hello padding at the router level, enter the hello padding command in router configuration mode. To disable IS-IS hello padding, use the no form of this command. hello padding no hello padding Syntax DescriptionThis command has no arguments or keywords. DefaultsIS-IS hello padding is enabled. Command ModesRouter configuration Command History
Usage GuidelinesIntermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces. You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode. To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. ExamplesIn the following example the no hello padding command is used to turn off hello padding at the router level: The show clns interfaces command is entered to show that hello padding has been turned off at router level: When the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497: Related Commands
hostname dynamicTo enable IS-IS dynamic hostname capability on the router, use the hostname dynamic command in router configuration mode. To disable the dynamic hostname feature, use the no form of this command. hostname dynamic no hostname dynamic Syntax DescriptionThis command has no arguments or keywords. Command DefaultThe dynamic hostname feature is enabled by default. Command ModesRouter configuration Command History
Usage GuidelinesIn the IS-IS routing domain, the system ID is used to represent each router. The system ID is part of the network entity title (NET) that is configured for each IS-IS router. For example, a router with a configured NET of 49.0001.0023.0003.000a.00 has a system ID of 0023.0003.000a. Router-name-to-system-ID mapping is difficult for network administrators to remember during maintenance and troubleshooting on the routers. Entering the show isis hostname command displays the entries in the system-ID-to-router-name mapping table. The dynamic hostname mechanism uses link-state protocol (LSP) flooding to distribute the router-name-to-system-ID mapping information across the entire network. Every router on the network will try to install the system ID-to-router name mapping information in its routing table. If a router that has been advertising the dynamic name type, length, value (TLV) on the network suddenly stops the advertisement, the mapping information last received will remain in the dynamic host mapping table for up to one hour, allowing the network administrator to display the entries in the mapping table during a time when the network experiences problems. Entering the show isis hostname command displays the entries in the mapping table. Note Locally defined mappings are always preferred over dynamically learned mappings. If you have already configured the clns host command to overwrite network advertised name mappings from LSPs, the clns host command will take precedence over the dynamic hostname feature. ExamplesThe following example changes the hostname from Router to RouterA and assigns the NET 49.0001.0000.0000.000b.00 to RouterA. The dynamic hostname feature is disabled by entering the no hostname dynamic command. The dynamic hostname feature is then reeanabled by entering the hostname dynamic command. Entering the show isis hostname command displays the dynamic host mapping table. The * symbol signifies that this is the hostname for the local router. The dynamic host mapping table confirms that system ID 0000.0000.000B belongs to a router with the dynamic hostname RouterA. This router is running the IS-IS process named CompanyA. Related Commands
ip fast-convergenceTo reduce packet loss when the metric of a path is changed, or to fast-flood Intermediate System-to-Intermediate System (IS-IS) link-state packets (LSPs), use the ip fast-convergence command in router configuration mode. To disable packet loss reduction or fast-flooding, use the no version of this command. ip fast-convergence no ip fast-convergence Note Effective with Release 12.3(7)T, the ip fast-convergence command is replaced by the fast-flood command. See the fast-flood command for more information. Syntax DescriptionThis command has no arguments or keywords. DefaultsThis command is disabled by default. Command ModesRouter configuration Command History
Usage GuidelinesTo reduce packet loss when the metric of a path is changed, use the ip fast-convergence command. Entering the ip fast-convergence command is especially helpful when Multiprotocol Label Switching (MPLS) traffic engineering with Fast Reroute (FRR) is deployed. If you are running Cisco IOS Release 12.2(11)T or a later release, you can enter the ip fast-convergence command to configure the router to flood the first five LSPs that invoke shortest path first (SPF) before running SPF. When you speed up the LSP flooding process, you improve overall network convergence time. We recommend that you enable the fast-flooding of LSPs before the router runs the SPF computation, in order to achieve a faster convergence time. ExamplesIn the following example, the ip fast-convergence command is entered to configure the router to flood the first five LSPs that invoke SPF, before the SPF computation is started. When the show running-configuration command is entered, the output confirms that fast-flooding has been enabled on the router. Related Commands
ip route priority highTo assign a high priority to an Integrated Intermediate System-to-Intermediate System (IS-IS) IP prefix, use the ip route priority high command in router configuration mode. To remove the IP prefix priority, use the no form of this command. ip route priority high tag tag-value no ip route priority high tag tag-value Syntax Description
DefaultsNo IP prefix priority is set. Command ModesRouter configuration Command History
Usage GuidelinesWhen you use the ip route priority high command to tag higher priority IS-IS IP prefixes for faster processing and installation in the global routing table, you can achieve faster convergence. For example, you can help Voice over IP (VoIP) gateway addresses get processed first to help VoIP traffic get updated faster than other types of packets. ExamplesThe following example uses the ip route priority high command to assign a tag value of 100 to the IS-IS IP prefix: Related Commands
ip router isisTo configure an Intermediate System-to-Intermediate System (IS-IS) routing process for IP on an interface and to attach an area designator to the routing process, use the ip router isis command in interface configuration mode. To disable IS-IS for IP, use the no form of the command. ip router isis area-tag no ip router isis area-tag Syntax Description
DefaultsNo routing processes are specified. Command ModesInterface configuration Command History
Usage GuidelinesBefore the IS-IS routing process is useful, a network entity title (NET) must be assigned with the net command and some interfaces must have IS-IS enabled. If you have IS-IS running and at least one International Organization for Standardization Interior Gateway Routing Protocol (ISO-IGRP) process, the IS-IS process and the ISO-IGRP process cannot both be configured without an area tag. The null tag can be used by only one process. If you run ISO-IGRP and IS-IS, a null tag can be used for IS-IS, but not for ISO-IGRP at the same time. However, each area in an IS-IS multiarea configuration should have a nonnull area tag to facilitate identification of the area. You can configure only one process to perform Level 2 (interarea) routing. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform intra-area (Level 1) routing at the same time. You can configure up to 29 additional processes as Level 1-only processes. Use the is-type command to remove Level 2 routing from a router instance. You can then use the is-type command to enable Level 2 routing on some other IS-IS router instance. An interface cannot be part of more than one area, except in the case where the associated routing process is performing both Level 1 and Level 2 routing. On media such as WAN media where subinterfaces are supported, different subinterfaces could be configured for different areas. ExamplesThe following example specifies IS-IS as an IP routing protocol for a process named Finance, and specifies that the Finance process will be routed on Ethernet interface 0 and serial interface 0: The following example shows an IS-IS configuration with two Level 1 areas and one Level 1-2 area: Related Commands
isis advertise-prefixTo allow the advertising of IP prefixes of connected networks in link-state packet (LSP) advertisements per Intermediate System-to-Intermediate System (IS-IS) interface, use the isis advertise-prefix command in interface configuration mode. To prevent IP prefixes of connected networks from being advertised, use the no form of this command. isis advertise-prefix no isis advertise-prefix Syntax DescriptionThis command has no arguments or keywords. DefaultsEnabled; IP prefixes are advertised. Command ModesInterface configuration Command History
Usage GuidelinesThe no isis advertise-prefix command is an IS-IS mechanism to exclude IP prefixes of connected networks from LSP advertisements, thereby reducing IS-IS convergence time. Configuring the no form of this command per IS-IS interface is a small-scale solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP. An alternative the isis advertise-prefix command is the advertise-passive-only command. The latter command is a scalable solution because it is configured per IS-IS instance. ExamplesThe following example uses the no isis advertise-prefix command on Ethernet interface 0. Only the IP address of loopback interface 0 is advertised. Related Commands
isis authentication key-chainTo enable authentication for an Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication key-chain command in interface configuration mode. To disable such authentication, use the no form of this command. isis authentication key-chain name-of-chain [level-1 | level-2] no isis authentication key-chain name-of-chain [level-1 | level-2] Syntax Description
DefaultsNo key chain authentication is configured for a specific IS-IS interface, although it might be configured at the IS-IS instance level. Command ModesInterface configuration Command History
Usage GuidelinesIf no key chain is configured with the key chain command, no key chain authentication is performed. Only one authentication key chain is applied to an IS-IS interface at one time. That is, if you configure a second isis authentication key-chain command, the first is overridden. If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels. You can specify authentication for an entire instance of IS-IS instead of at the interface level by using the authentication key-chain command. ExamplesThe following example configures Ethernet interface 0 to accept and send any key belonging to the key chain named second: Related Commands
isis authentication modeTo specify the type of authentication used for an Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command. isis authentication mode {md5 | text} [level-1 | level-2] no isis authentication mode Syntax Description
DefaultsNo authentication is provided for IS-IS packets on an interface level, although authentication could be provided at the IS-IS instance level by several means. Command ModesInterface configuration Command History
Usage GuidelinesIf neither the level-1 nor level-2 keyword is configured, the mode applies to both levels. If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands. If you configure the isis authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no isis authentication mode command first. You can specify the type of authentication and the level to which it applies for the entire IS-IS instance, rather than per interface, by using the authentication mode command. ExamplesThe following example configures IS-IS Level 2 packets to use MD5 authentication on Ethernet interface 0: Related Commands
isis authentication send-onlyTo specify that authentication is performed only on packets being sent (not received) on a specified Intermediate System-to-Intermediate System (IS-IS) interface, use the isis authentication send-only command in interface configuration mode. To restore the default value, use the no form of this command. isis authentication send-only [level-1 | level-2] no isis authentication send-only Syntax Description
DefaultsIf MD5 authentication is configured at the interface level, it applies to IS-IS packets being sent and received over all interfaces. Command ModesInterface configuration Command History
Usage GuidelinesUse this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no isis authentication send-only command to disable the send-only feature. If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels. ExamplesThe following example configures IS-IS Level-1 packets to use MD5 authentication on packets being sent (not received) on Ethernet interface 0: Related Commands
isis bfdTo enable or disable Bidirectional Forwarding Detection (BFD) on a specific interface configured for Intermediate System-to-Intermediate System (IS-IS), use the isis bfd command in interface configuration mode. To disable BFD on the IS-IS interface, use the disable keyword. To remove the isis bfd command, use the no form of this command. isis bfd [disable] no isis bfd Syntax Description
DefaultsWhen the disable keyword is not used, the default behavior is to enable BFD support for IS-IS on the interface. Command ModesInterface configuration Command History
Usage GuidelinesEnter the isis bfd command in interface mode to configure an IS-IS interface to use BFD for failure detection. If you have used the bfd-all interfaces command in router configuration mode to globally configure all IS-IS interfaces for an IS-IS process to use BFD, you can enter the isis bfd command with the disable keyword in interface configuration mode to disable BFD for a specific IS-IS interface. Entering the no isis bfd command will remove the command. In that case, whether or not an IS-IS interface for a particular IS-IS process is registered with the BFD protocol will depend on whether or not you have entered the bfd all-interfaces command in router configuration mode for the specific IS-IS process. ExamplesIn the following example, the interface associated with OSPF, Fast Ethernet interface 3/0, is configured for BFD: Related Commands
isis circuit-typeTo configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command. isis circuit-type [level-1 | level-1-2 | level-2-only] no isis circuit-type Syntax Description
DefaultsA Level 1 and Level 2 adjacency is established. Command ModesInterface configuration Command History
Usage GuidelinesNormally, this command need not be configured. The proper way is to configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet. A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface. A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default. Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface. ExamplesIn the following example, other routers on Ethernet interface 0 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos. isis csnp-intervalTo configure the Intermediate System-to-Intermediate System (IS-IS) complete sequence number PDUs (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command. isis csnp-interval seconds [level-1 | level-2] no isis csnp-interval [level-1 | level-2] Syntax Description
Defaults 10 seconds Command ModesInterface configuration Command History
Usage GuidelinesIt is very unlikely you will need to change the default value of this command. This command applies only for the designated router (DR) for a specified interface. Only DRs send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2. Configuring the CSNP interval does not apply to serial point-to-point interfaces. It does apply to WAN connections if the WAN is viewed as a multiaccess meshed network. For multiaccess WAN interfaces such as ATM, Frame Relay, and X.25, we highly recommend that you configure the nonbroadcast multiaccess (NBMA) cloud as multiple point-to-point subinterfaces. Doing so will make routing much more robust if one or more permanent virtual circuits (PVCs) fails. The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature. ExamplesThe following example configures Ethernet interface 0 for sending CSNPs every 30 seconds: isis display delimiterTo make output from multiarea displays easier to read by specifying the delimiter to use to separate displays of information, use the isis display delimiter command in global configuration mode. To disable this output format, use the no form of the command. isis display delimiter [return count | character count] no isis display delimiter [return count | character count] Syntax Description
DefaultsThe isis display delimiter command is disabled by default. Command ModesGlobal configuration Command History
Usage GuidelinesUse this command to customize display output when the IS-IS multiarea feature is used. The isis display delimiter command displays the output from different areas as a string or additional white space. ExamplesThe following command causes different areas in multiarea displays (such as show command output) to be delimited by a string of dashes (-): With three IS-IS neighbors configured, this command displays the following output from the show clns neighbors command: Related Commands
isis hello paddingTo reenable Intermediate System-to-Intermediate System (IS-IS) hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command. isis hello padding no isis hello padding Syntax DescriptionThis command has no arguments or keywords. DefaultsIS-IS hello padding is enabled. Command ModesInterface configuration Command History
Usage GuidelinesIntermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces. You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches. To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode. ExamplesTo turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode: When the show clns neighbor command is entered for Ethernet interface 0/0, the output confirms that hello padding has been turned off for both Level 1 and Level 2 circuit types: When the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497: Related Commands
isis hello-intervalTo specify the length of time between hello packets that the Cisco IOS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command. isis hello-interval {seconds | minimal} [level-1 | level-2] no isis hello-interval [level-1 | level-2] Syntax Description
Command Default The hello interval is 10 seconds for non-DIS interfaces, and 3.333 seconds for DIS interfaces. Command ModesInterface configuration (config-if) Command History
Usage GuidelinesThe hello interval multiplied by the hello multiplier equals the hold time. If the minimal keyword is specified, the hold time is 1 second and the system computes the hello interval based on the hello multiplier. The hello interval can be configured independently for Level 1 and Level 2, except on serial point-to-point interfaces. (Because only a single type of hello packet is sent on serial links, it is independent of Level 1 or Level 2.) The level-1 and level-2 keywords are used on X.25, SMDS, and Frame Relay multiaccess networks or on LAN interfaces. Although a slower hello interval saves bandwidth and CPU usage, there are some situations when a faster hello interval is preferred. In the case of a large configuration that uses Traffic Engineering (TE) tunnels, if the TE tunnel uses ISIS as the Interior Gateway Protocol (IGP), and the IP routing process is restarted at the router at the ingress point of the network (headend), then all the TE tunnels get resignaled with the default hello interval. A faster hello interval prevents this resignaling. To configure a faster hello interval, you need to increase the ISIS hello interval manually using the isis hello-interval command. It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces. ExamplesThe following example configures serial interface 0 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than the traffic generated by configuring a longer interval, but topological changes will be detected earlier. Related Commands
isis hello-multiplierTo specify the number of Intermediate System-to-Intermediate System (IS-IS) hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command. isis hello-multiplier multiplier [level-1 | level-2] no isis hello-multiplier [level-1 | level-2] Syntax Description
Defaults multiplier: 3 Command ModesInterface configuration Command History
Usage GuidelinesThe "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated. Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure. On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media. ExamplesIn the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested. Related Commands
isis lsp-intervalTo configure the time delay between successive Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command. isis lsp-interval milliseconds no isis lsp-interval Syntax Description
DefaultsThe default time delay is 33 milliseconds. Command ModesInterface configuration Command History
Usage GuidelinesIn topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and by implication the reception rate of other systems) to be reduced. ExamplesThe following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on serial interface 0: Related Commands
isis mesh-groupTo optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command. isis mesh-group [number | blocked] no isis mesh-group [number | blocked] Syntax Description
DefaultsThe interface performs normal flooding. Command ModesInterface configuration Command History
Usage GuidelinesLSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way. LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the blocked keyword is configured on a subinterface, then a newly received LSP is not flooded out over that interface. To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance. ExamplesIn the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows: •LSPs received first via ATM 1/0.1 are flooded to all interfaces except ATM 1/0.2 (which is part of the same mesh group) and ATM 1/2.1, which is blocked. •LSPs received first via ATM 1/1.2 are flooded to all interfaces except ATM 1/1.1 (which is part of the same mesh group) and ATM 1/2.1, which is blocked. •LSPs received first via ATM 1/2.1 are not ignored, but flooded as usual to all interfaces. LSPs received first via ATM 1/2.2 are flooded to all interfaces, except ATM 1/2.1, which is blocked. Related Commands
isis metricTo configure the value of an Intermediate System-to-Intermediate System (IS-IS) metric, use the isis metric command in interface configuration or subinterface mode. To restore the default metric value, use the no form of this command. isis metric {metric-value | maximum} [level-1 | level-2] no isis metric {metric-value | maximum} [level-1 | level-2] Syntax Description
Command DefaultThe default metric value is set to 10. Command Modes Interface configuration Command History
Usage GuidelinesSpecifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively. We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop-count metrics. It is strongly recommended to use the metric-style wide command to configure IS-IS to use the new-style type, length, value (TLV) because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only extended metrics. Cisco IOS software provides support of a 24-bit metric field, the so-called "wide metric." Using the new metric style, link metrics now have a maximum value of 16777214 with a total path metric of 4261412864. Cisco IOS Release 12.4(13) and 12.4(13)T Entering the maximum keyword will exclude the link from the SPF calculation. If a link is advertised with the maximum link metric, the link will not be considered during the normal SPF calculation. When the link is excluded from the SPF, it will not be advertised for calculating the normal SPF. An example would be a link that is available for traffic engineering, but not for hop-by-hop routing. If a link, such as one that is used for traffic engineering, should not be included in the SPF calculation, enter the isis metric command with the maximum keyword. Note The isis metric maximum command applies only when the metric-style wide command has been entered. The metric-style wide command is used to configure IS-IS to use the new-style TLV because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only extended metrics. ExamplesThe following example configures serial interface 0 for a link-state metric cost of 15 for Level 1: The following example sets the IS-IS metric for the link to maximum. SPF will ignore the link for both Level 1 and Level 2 routing because neither the level-1 keyword nor the level-2 keyword was entered. Cisco IOS Release 12.4(13) and 12.4(13)T The following example configures the isis metric maximum command on Ethernet subinterface 1/1.9. Related Commands
isis network point-to-pointTo configure a network of only two networking devices that use broadcast media and the integrated Intermediate System-to-Intermediate System (IS-IS) routing protocol to function as a point-to-point link instead of a broadcast link, use the isis network point-to-point command in interface configuration mode. To disable the point-to-point usage, use the no form of this command. isis network point-to-point no isis network point-to-point Syntax DescriptionThis command has no arguments or keywords. DefaultsNo default behavior or values. Command ModesInterface configuration Command History
Usage GuidelinesUse this command only on broadcast media in a network of only two networking devices. The command will cause the system to issue packets point-to-point rather than as broadcasts. Configure the command on both networking devices in the network. ExamplesThe following example configures a Fast Ethernet interface to act as a point-to-point interface: isis passwordTo configure the authentication password for an interface, use the isis password command in interface configuration mode. To disable authentication for Intermediate System-to-Intermediate System (IS-IS), use the no form of this command. isis password password [level-1 | level-2] no isis password [level-1 | level-2] Syntax Description
DefaultsThis command is disabled by default. If no keyword is specified, the default is level-1-2. Command ModesInterface configuration Command History
Usage GuidelinesThis command enables you to prevent unauthorized routers from forming adjacencies with this router, and thus protects the network from intruders. The password is exchanged as plain text and thus provides only limited security. Different passwords can be assigned for different routing levels using the level-1 and level-2 keywords. Specifying the level-1 or level-2 keyword disables the password only for Level 1 or Level 2 routing, respectively. ExamplesThe following example configures a password for Ethernet interface 0 at Level 1: isis priorityTo configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command. isis priority number-value [level-1 | level-2] no isis priority [level-1 | level-2] Syntax Description
Defaults Priority of 64 Command ModesInterface configuration Command History
Usage GuidelinesPriorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively. The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS. In Intermediate System-to-Intermediate System (IS-IS), there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie. ExamplesThe following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS. isis protocol shutdownTo disable the Intermediate System-to-Intermediate System (IS-IS) protocol so that it cannot form adjacencies on a specified interface and place the IP address of the interface into the link-state packet (LSP) that is generated by the router, use the isis protocol shutdown command in interface configuration mode. To reenable the IS-IS protocol, use the no form of this command. isis protocol shutdown no isis protocol shutdown Syntax DescriptionThis command has no arguments or keywords. DefaultsNo default behavior or values Command ModesInterface configuration Command History
Usage GuidelinesThe isis protocol shutdown command allows you to disable the IS-IS protocol for a specified interface without removing the configuration parameters. The IS-IS protocol will not form any adjacencies for the interface for which the isis protocol shutdown command has been configured, and the IP address of the interface will be put into the LSP that is generated by the router. If you do not want IS-IS to form any adjacency on any interface and clear the IS-IS LSP database, you can enter the protocol shutdown command. ExamplesThe following example disables the IS-IS protocol on Ethernet interface3/1: Related Commands
isis retransmit-intervalTo configure the amount of time between retransmission of each Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) on a point-to-point link, use the isis retransmit-interval command in interface configuration mode. To restore the default value, use the no form of this command. isis retransmit-interval seconds no isis retransmit-interval seconds Syntax Description
Defaults5 seconds Command ModesInterface configuration Command History
Usage GuidelinesThe setting of the seconds argument should be conservative, or needless retransmission will result. This command has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability. Retransmissions occur only when LSPs are dropped. So setting the seconds argument to a higher value has little effect on reconvergence. The more neighbors routers have, and the more paths over which LSPs can be flooded, the higher this value can be made. The value should be higher for serial lines. ExamplesThe following example configures serial interface 0 for retransmission of IS-IS LSP, every 60 seconds for a large serial line: Related Commands
isis retransmit-throttle-intervalTo configure the amount of time between retransmissions on each Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) on a point-to-point interface, use the isis retransmit-throttle-interval command in interface configuration mode. To restore the default value, use the no form of this command. isis retransmit-throttle-interval milliseconds no isis retransmit-throttle-interval Syntax Description
DefaultsThe delay is determined by the isis lsp-interval command. Command ModesInterface configuration Command History
Usage GuidelinesThis command may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This command controls the rate at which LSPs can be re-sent on the interface. The isis retransmit-throttle-interval command is distinct from the rate at which LSPs are sent on the interface (controlled by the isis lsp-interval command) and the period between retransmissions of a single LSP (controlled by the isis retransmit-interval command). These commands may all be used in combination to control the offered load of routing traffic from one router to its neighbors. ExamplesThe following example configures serial interface 0 to limit the rate of LSP retransmissions to one every 300 milliseconds: Related Commands
isis tagTo set a tag on the IP address configured for an interface when this IP prefix is put into an Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP), use the isis tag command in interface configuration mode. To stop tagging the IP address, use the no form of this command. isis tag tag-number no isis tag tag-number Syntax Description
Command DefaultNo route tag is associated for IP addresses configured for the interface. Command ModesInterface configuration Command History
Usage GuidelinesNo action occurs on a tagged route until the tag is used, for example, to redistribute routes or summarize routes. Configuring the isis tag command triggers the router to generate new LSPs because the tag is a new piece of information in the packet. ExamplesIn this example, two interfaces are tagged with different tag values. By default, these two IP addresses would have been put into the IS-IS Level 1 and Level 2 database. However, if you use the redistribute command with a route map to match tag 110, only IP address 172.16. 0.0 is put into the Level 2 database. ispfTo enable incremental shortest path first (SPF), use the ispf command in router configuration mode. To disable incremental SPF, use the no form of this command. ispf {level-1 | level-2 | level-1-2} [seconds] no ispf Syntax Description
Command Default Incremental SPF is disabled. Command ModesRouter configuration Command History
Usage GuidelinesIntermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) use Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type 1 or Type 2 link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recompute only the affected part of the tree. Recomputing only a portion of the tree rather than the entire tree results in faster OSPF convergence and saves CPU resources. Note that if the change to a Type 1 or Type 2 LSA occurs in the calculating router itself, then the full SPT is performed. Incremental SPF computes only the steps needed to apply the changes in the network topology diagram. That process requires that the system keep more information about the topology in order to apply the incremental changes. Also, more processing must be done on each node for which the system receives a new link-state packet (LSP). However, incremental SPF typically reduces demand on CPU. Incremental SPF is scheduled in the same way as the full SPF. Routers enabled with incremental SPF and routers not enabled with incremental SPF can function in the same internetwork. Incremental SPF works only for IPv4. Even if incremental SPF is configured, there are some cases where full SPF is executed; for example, periodic SPF, a calculation change for the routing calculation (such as a change in metric, is-type, and so on), the configuration of the clear ip route or clear isis commands, or adjacency changes. ExamplesThe following example enables OSPF incremental SPF: The following examples enables IS-IS incremental SPF for Level 1 and Level 2 packets: is-typeTo configure the routing level for an instance of the Intermediate System-to-Intermediate System (IS-IS) routing process, use the is-type command in router configuration mode. To reset the default value, use the no form of this command. is-type [level-1 | level-1-2 | level-2-only] no is-type [level-1 | level-1-2 | level-2-only] Syntax Description
DefaultsIn conventional IS-IS configurations, the router acts as both a Level 1 (intra-area) and a Level 2 (interarea) router. In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a Level 1-2 (intra-area and interarea) router. The remaining instances of the IS-IS process configured by default are Level 1 routers. Command ModesRouter configuration Command History
Usage GuidelinesWe highly recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router. If only one area is in the network, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are by default Level 1 areas. If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device. ExamplesThe following example specifies an area router: Related Commands
|