Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3 T
IP Routing Protocol Commands: ip policy route-map through is-type

Table Of Contents

ip policy route-map

ip policy-list

ip prefix-list description

ip prefix-list sequence-number

ip prefix-list

ip rip authentication key-chain

ip rip authentication mode

ip rip receive version

ip rip send version

ip rip triggered

ip rip v2-broadcast

ip route

ip route priority high

ip route profile

ip route static adjust-time

ip router isis

ip split-horizon (RIP)

ip split-horizon eigrp

ip summary-address eigrp

ip summary-address rip

ip verify unicast vrf

isis advertise-prefix

isis authentication key-chain

isis authentication mode

isis authentication send-only

isis circuit-type

isis csnp-interval

isis display delimiter

isis hello padding

isis hello-interval

isis hello-multiplier

isis lsp-interval

isis mesh-group

isis metric

isis network point-to-point

isis password

isis priority

isis protocol shutdown

isis retransmit-interval

isis retransmit-throttle-interval

isis tag

ispf

is-type


ip policy route-map

To identify a route map to use for policy routing on an interface, use the ip policy route-map command in interface configuration mode. To disable policy routing on the interface, use the no form of this command.

ip policy route-map map-tag

no ip policy route-map map-tag

Syntax Description

map-tag

Name of the route map to use for policy routing. The name must match a map-tag value specified by a route-map command.


Defaults

No policy routing occurs on the interface.

Command Modes

Interface configuration

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

You might enable policy routing if you want your packets to take a route other than the obvious shortest path.

The ip policy route-map command identifies a route map to use for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.

Policy routing can be performed on any match criteria that can be defined in an extended IP access list when using the match ip address command and referencing an extended IP access list.

Examples

The following example sends packets with the destination IP address of 172.120.16.18 to a router at IP address 172.130.3.20:

interface serial 0
 ip policy route-map wethersfield
!
route-map wethersfield
 match ip address 172.120.16.18
 set ip next-hop 172.130.3.20

Related Commands

Command
Description

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

match length

Bases policy routing on the Level 3 length of a packet.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

set default interface

Indicates where to output packets that pass a match clause of a route map for policy routing and have no explicit route to the destination.

set interface

Indicates where to output packets that pass a match clause of route map for policy routing.

set ip default next-hop

Indicates where to output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS software has no explicit route to a destination.

set ip next-hop

Indicates where to output packets that pass a match clause of a route map for policy routing.


ip policy-list

To create a Border Gateway Protocol (BGP) policy list, use the ip policy-list command in policy-map configuration mode. To remove a policy list, use the no form of this command.

ip policy-list policy-list-name {permit | deny}

no ip policy-list policy-list-name

Syntax Description

policy-list-name

Name of the configured policy list.

permit

Permits access for matching conditions.

deny

Denies access to matching conditions.


Defaults

This command is not enabled by default.

Command Modes

Policy-map configuration mode

Command History

Release
Modification

12.0(22)S

This command was introduced.

12.2(15)T

This command was integrated into 12.2(15)T.


Usage Guidelines

When a policy list is referenced within a route map, all the match statements within the policy list are evaluated and processed. Two or more policy lists can be configured with a route map. Policy- lists configured within a route map are evaluated with AND semantics or OR semantics. A policy list can also coexist with any other preexisting match and set statements that are configured within the same route map but outside of the policy list. When multiple policy lists perform matching within a route map entry, all policy lists match on the incoming attribute only.

Examples

In the following example, a policy list is configured that permits matches on the autonomous system path and metric:

Router(config)# ip policy-list POLICY-LIST-NAME-1 permit 
Router(config-policy-list)# match as-path 1
Router(config-policy-list)# match metric 10
Router(config-policy-list)# end

In the following example, a policy list is configured that permits traffic that matches the specified community:

Router(config)# ip policy-list POLICY-LIST-NAME-2 permit 
Router(config-policy-list)# match community 20
Router(config-policy-list)# match metric 10
Router(config-policy-list)# ip community-list 20 permit 20:1
Router(config-policy-list)# end

In the following example, a policy list is configured that denies traffic that matches the specified community:

Router(config)# ip policy-list POLICY-LIST-NAME-3 deny 
Router(config-policy-list)# match community 20
Router(config-policy-list)# match metric 10
Router(config-policy-list)# end

Related Commands

Command
Description

match as-path

References a policy list within a route map for evaluation and processing.

show ip policy-list

Displays configured policy lists.

show route-map

Displays configured route maps and information about referenced policy maps.


ip prefix-list description

To add a text description of a prefix list, use the ip prefix-list description command in global configuration mode. To remove the text description, use the no form of this command.

ip prefix-list list-name sequence-number description text

no ip prefix-list list-name sequence-number description text

Syntax Description

list-name

Specifies the prefix-list name.

sequence-number

Specifies the prefix-list entry.

text

Adds a text description. Up to 80 characters can be entered.


Defaults

No default behavior or values

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The ip prefix-list description command is used to add a text description to an IP prefix list. The prefix list description can be up to 80 characters in length.

Examples

In the following example, a prefix list description added to the prefix list named RED that states that routes are permitted from network A:

Router(config)# ip prefix-list RED description Permit routes from network A 

Related Commands

Command
Description

clear ip prefix-list

Resets the prefix list entry counters.

ip prefix-list

Creates an entry in a prefix list.

ip prefix-list sequence

Enables or disables default prefix-list sequencing.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

neighbor prefix-list

Filters routes from the specified neighbor using a prefix list.

show ip prefix-list

Displays information about a prefix list or prefix list entries.


ip prefix-list sequence-number

To enable the generation of default sequence numbers for entries in a prefix list, use the ip prefix-list sequence-number command in global configuration mode. To suppress default generation of sequence numbers, use the no form of this command.

ip prefix-list sequence-number

no ip prefix-list sequence-number

Syntax Description

This command has no arguments or keywords.

Defaults

Default sequence numbers are generated when an IP prefix list is configured.

Command Modes

Global configuration

Command History

Release
Modification

12.0

This command was introduced.


Examples

The following example suppresses the automatic generation of default sequence numbers for prefix list entries:

Router(config)# no ip prefix-list sequence-number 

Related Commands

Command
Description

clear ip prefix-list

Resets the prefix list entry counters.

ip prefix-list

Creates an entry in a prefix list.

ip prefix-list description

Adds a text description of a prefix list.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

neighbor prefix-list

Filters routes from the specified neighbor using a prefix list.

show ip prefix-list

Displays information about a prefix list or prefix list entries.


ip prefix-list

To create a prefix list or add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.

ip prefix-list list-name | list-number [seq number] {deny network/length | permit network/length} [ge length] [le length]

no ip prefix-list list-name | list-number [seq number] {deny network/length | permit network/length} [ge length] [le length]

Syntax Description

list-name

Configures a name to identify the prefix list.

list-number

Configures a number to identify the prefix list.

seq number

(Optional) Applies a sequence number to a prefix-list entry. The range of sequence numbers that can be entered is from 1 to 4294967294.

deny

Denies access for a matching condition.

permit

Permits access for a matching condition.

network/length

Configures the network address, and the length of the network mask in bits. The network number can be any valid IP address or prefix. The bit mask can be a number from 0 to 32.

ge length

(Optional) Applies the ge-value to the range specified. The length argument represents the minimum prefix length to be matched. (Optional) Specifies the lesser value of a range (the "from" portion of the range description).

le length

(Optional) Applies the le-value to the range specified. The length argument represents the minimum prefix length to be matched. (Optional) Specifies the greater value of a range (the "to" portion of the range description).


Defaults

An implicit deny is applied to traffic that does match any prefix-list entry.

A prefix list is processed as an exact match when the le or ge keyword is not entered.

If a sequence number is entered when configuring this command, a default sequence numbering is applied to the prefix list. The number 5 is applied to the first prefix entry, and subsequent unnumbered entries are incremented by 5.

Command Modes

Global configuration

Command History

Release
Modification

12.0(3)T

This command was introduced.


Usage Guidelines

The ip prefix-list command is used to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The IP address can be a classful network, a subnet, or a single host route. The bit mask is entered as a number from 1 to 32.

Prefix lists are configured to match an exact prefix length or a prefix range. The ge and le keywords are used to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. The prefix list is processed using an exact match when neither ge nor le keyword is entered. If only the ge value is entered, the range is the value entered for the ge length argument to a full 32-bit length. If only the le value is entered, the range is from value entered for the network/length argument to the le length argument. If both the ge length and le length keywords and arguments are entered, the range falls between the values used for length arguments. The following formula shows this behavior:

network/length < ge length < le length <= 32

A prefix list is configured with a name and/or sequence number. One or the other must be entered when configuring this command. If a sequence number is not entered, a default sequence number of 5 is applied to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and etc). If a sequence number is entered for the first prefix list entry but not subsequent entries, then the subsequent entries will also be incremented by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13,18, and etc). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.

Prefix lists are evaluated starting with the lowest sequence number. The longest most specific prefix is matched. The first successful match is processed for a given prefix. Once a match occurs, the permit or deny statement is processed, and the rest of the list is not evaluated.


Tips For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.


The prefix list is applied to inbound or outbound updates for specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.

Examples

In the following example, a prefix list configured to deny the default route 0.0.0.0/0:

Router(config)# ip prefix-list RED deny 0.0.0.0/0 

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:

Router(config)# ip prefix-list BLUE permit 172.16.1.0/24 

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:

Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24 

In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:

Router(config)# ip prefix-list PINK deny 10.0.0.0/8 ge 25 

In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24 

In the following example, a prefix list configured to deny any route with any mask length from the 10.0.0.0/8 network:

Router(config)# ip prefix-list ORANGE deny 10.0.0.0/8 le 32 

Related Commands

Command
Description

clear ip prefix-list

Resets the prefix list entry counters.

ip prefix-list description

Adds a text description of a prefix list.

ip prefix-list sequence

Enables or disables default prefix-list sequencing.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

neighbor prefix-list

Filters routes from the specified neighbor using a prefix list.

show ip prefix-list

Displays information about a prefix list or prefix list entries.


ip rip authentication key-chain

To enable authentication for Routing Information Protocol (RIP) Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode. To prevent authentication, use the no form of this command.

ip rip authentication key-chain name-of-chain

no ip rip authentication key-chain [name-of-chain]

Syntax Description

name-of-chain

Enables authentication and specifies the group of keys that are valid.


Defaults

No authentication is provided for RIP packets.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

If no key chain is configured with the key-chain command, no authentication is performed on the interface (not even the default authentication).

Examples

The following example configures the interface to accept and send any key belonging to the key chain named trees:

ip rip authentication key-chain trees

Related Commands

Command
Description

key chain

Enables authentication for routing protocols.


ip rip authentication mode

To specify the type of authentication used in Routing Information Protocol (RIP) Version 2 packets, use the ip rip authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.

ip rip authentication mode {text | md5}

no ip rip authentication mode

Syntax Description

text

Clear text authentication.

md5

Keyed Message Digest 5 (MD5) authentication.


Defaults

Clear text authentication is provided for RIP packets.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

RIP Version 1 does not support authentication.

Examples

The following example configures the interface to use MD5 authentication:

ip rip authentication mode md5

Related Commands

Command
Description

ip rip authentication key-chain

Enables authentication for RIP Version 2 packets and specifies the set of keys that can be used on an interface.

key chain

Enables authentication for routing protocols.


ip rip receive version

To specify a Routing Information Protocol (RIP) version to receive on an interface basis, use the ip rip receive version command in interface configuration mode. To follow the global version rules, use the no form of this command.

ip rip receive version [1] [2]

no ip rip receive version

Syntax Description

1

(Optional) Accepts only RIP Version 1 packets on the interface.

2

(Optional) Accepts only RIP Version 2 packets on the interface.


Defaults

This command is disabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured. You can configure the interface to accept both RIP versions.

Examples

The following example configures the interface to receive both RIP Version 1 and Version 2 packets:

ip rip receive version 1 2

The following example configures the interface to receive only RIP Version 1 packets:

ip rip receive version 1

Related Commands

Command
Description

key chain

Enables authentication for routing protocols.

ip rip authentication key-chain

Enables authentication for RIP Version 2 packets and specifies the set of keys that can be used on an interface.

ip rip send version

Specifies a RIP version to send on an interface basis.

version

Specifies a RIP version used globally by the router.


ip rip send version

To specify a Routing Information Protocol (RIP) version to send on an interface basis, use the ip rip send version command in interface configuration mode. To follow the global version rules, use the no form of this command.

ip rip send version [1] [2]

no ip rip send version

Syntax Description

1

(Optional) Sends only RIP Version 1 packets out the interface.

2

(Optional) Sends only RIP Version 2 packets out the interface.


Defaults

This command is disabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured.

Examples

The following example configures the interface to send both RIP Version 1 and Version 2 packets out the interface:

ip rip send version 1 2

The following example configures the interface to send only RIP Version 2 packets out the interface:

ip rip send version 2

Related Commands

Command
Description

ip rip receive version

Specifies a RIP version to receive on an interface basis.

version

Specifies a RIP version used globally by the router.


ip rip triggered

To enable triggered extensions to Routing Information Protocol (RIP), use the ip rip triggered command in interface configuration mode. To disable triggered extensions to RIP, use the no form of this command.

ip rip triggered

no ip rip triggered

Syntax Description

This command has no arguments or keywords.

Defaults

This command is disabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

When triggered extensions to RIP are enabled, routing updates are sent on the WAN only if one of the following events occurs:

The router receives a specific request for a routing update. (Full database is sent.)

Information from another interface modifies the routing database. (Only latest changes are sent.)

The interface comes up or goes down. (Partial database is sent.)

The router is first powered on, to ensure that at least one update is sent. (Full database is sent.)

You might want to enable this feature if you are using an on-demand circuit and you are charged for usage time. Fewer routing updates will incur lower usage costs.

Entries in the routing database can be either temporary or semipermanent. Entries learned from broadcasts on LANs are temporary; they will expire if not periodically refreshed by more broadcasts.

Entries learned from a triggered response on the WAN are semipermanent; they do not time out like other entries. Certain events can cause these routes to time out, such as the interface going down, or if the outgoing interface is the same as the incoming interface. Neighbor updates of the routes with a metric of 16 (infinity) mean the route is unreachable, and those routes are eventually removed from the routing table.

Examples

The following example enables triggered extensions to RIP:

interface serial 0
 ip rip triggered

Related Commands

Command
Description

show ip rip database

Displays the contents of the RIP private database when triggered extensions to RIP are enabled.


ip rip v2-broadcast

To allow Routing Information Protocol (RIP) Version 2 update packets to be sent as broadcast packets instead of multicast packets, use the rip v2-broadcast command in interface configuration mode. To disable the broadcast of IP RIP Version 2 update packets that are sent as broadcast packets, use the no form of this command.

ip rip v2-broadcast

no ip rip v2-broadcast

Syntax Description

This command has no arguments or keywords.

Defaults

This command is disabled by default. Unless the ip rip v2-broadcast commend is entered, RIP Version 2 update packets are sent as multicast packets.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(5)T

This command was introduced.


Usage Guidelines

Use the ip rip v2-broadcast command to broadcast RIP Version 2 broadcast updates to hosts that do not listen to multicast broadcasts. Version 2 updates (requests and responses) will be sent to the IP broadcast address 255.255.255.255 instead of the IP multicast address 244.0.0.9.

In order to reduce unnecessary load on those hosts that are not listening to RIP Version 2 broadcasts, the system uses an IP multicast address for periodic broadcasts. The IP multicast address is 244.0.0.9.


Note It is not necessary to configure Internet Group Management Protocol (IGMP) because the periodic broadcasts are inter router messages that are not forwarded.


Examples

The following example configures Version 2 IP broadcast updates on RIP Ethernet interface 3/1:

Router(config) interface ethernet3/1
Router(config-if) ip address 172.1.1.1 255.255.255.0
Router(config-if) ip rip v2-broadcast
.
.
.
Router(config-if) router rip
Router(config-if) version 2
Router(config-if) network 172.0.0.0

Enter debug ip rip command to verify that RIP Version 2 IP broadcast updates are being sent to the IP broadcast address 255.255.255 instead of IP multicast address 244.0.0.9:

Router# debug ip rip
14:41:59: RIP: sending v2 update to 255.255.255.255 via Ethernet3/1 (172.1.1.1)

If the ip rip v2-broadcast command has not been entered, the output from the debug ip rip command verifies that the RIP Version 2 IP broadcast updates are being sent to the IP multicast address 244.0.0.9:

Router# debug ip rip
15:45:16: RIP: sending v2 update to 244.0.0.9 via Ethernet3.1 (172.1.1.1)

Related Commands

Command
Description

debug ip rip

Displays information on RIP routing transactions.


ip route

To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.

ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent | track number] [tag tag]

no ip route prefix mask

Syntax Description

prefix

IP route prefix for the destination.

mask

Prefix mask for the destination.

ip-address

IP address of the next hop that can be used to reach that network.

interface-type interface-number

Network interface type and interface number.

distance

(Optional) An administrative distance. The default administrative distance for a static route is 1.

name

(Optional) Name of the specified route.

permanent

(Optional) Specifies that the route will not be removed, even if the interface shuts down.

track number

(Optional) Associates a track object with this route. Valid values for the number argument range from 1 to 500.

tag tag

(Optional) Tag value that can be used as a "match" value for controlling redistribution via route maps.


Defaults

No static routes are established.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.

12.3(2)XE

The track keyword and number argument were added.

12.3(8)T

The track keyword and number argument were integrated into Cisco IOS Release 12.3(8)T.


Usage Guidelines

The establishment of a static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination.

If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, routes derived with Interior Gateway Routing Protocol (IGRP) have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.

Static routes that point to an interface on a connected router will be advertised by way of Routing Information Protocol (RIP), IGRP, and Enhanced Interior Gateway Routing Protocol (EIGRP) regardless of whether redistribute static commands are specified for those routing protocols. This situation occurs because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. Also, the target of the static route should be included in the network (DHCP) command. If this condition is not met, no dynamic routing protocol will advertise the route unless a redistribute static command is specified for these protocols. With the following configuration:

rtr1 (serial 172.16.188.1/30)--------------> rtr2(Fast Ethernet 172.31.1.1/30) ------>

router [rip | eigrp | igrp]
 network 172.16.188.0
 network 172.31.0.0 

RIP and IGRP redistribute the route if the route is pointing to the Fast Ethernet interface:

ip route 172.16.188.252 255.255.255.252 FastEthernet0/0 

RIP and IGRP do not redistribute the route with the following ip route command because of the split horizon algorithm:

ip route 172.16.188.252 255.255.255.252 serial2/1 

EIGRP redistributes the route with both of the following commands:

ip route 172.16.188.252 255.255.255.252 FastEthernet0/0
ip route 172.16.188.252 255.255.255.252 serial2/1 

With the Open Shortest Path First (OSPF) protocol, static routes that point to an interface are not advertised unless a redistribute static command is specified.

Adding a static route to an Ethernet or other broadcast interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be inserted into the routing table only when the interface is up. This configuration is not generally recommended. When the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface, and therefore it will send Address Resolution Protocol (ARP) requests to any destination addresses that route through the static route.

The practical implication of configuring the ip route 0.0.0.0 0.0.0.0 Ethernet 1/2 command is that the router will consider all of the destinations that the router does not know how to reach through some other route as directly connected to Ethernet interface 1/2. So the router will send an ARP request for each host for which it receives packets on this network segment. This configuration can cause high processor utilization and a large ARP cache (along with memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause your router to reload.

Specifying a numerical next hop that is on a directly connected interface will prevent the router from using proxy ARP. However, if the interface with the next hop goes down and the numerical next hop can be reached through a recursive route, you may specify both the next hop and interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2 10.1.2.3) with a static route to prevent routes from passing through an unintended interface.

The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up.

Examples

The following example chooses an administrative distance of 110. In this case, packets for network 10.0.0.0 will be routed to a router at 172.31.3.4 if dynamic information with an administrative distance less than 110 is not available.

ip route 10.0.0.0 255.0.0.0 172.31.3.4 110

Note Specifying the next hop without specifying an interface when configuring a static route can cause traffic to pass through an unintended interface if the default interface goes down.


The following example routes packets for network 172.31.0.0 to a router at 172.31.6.6:

ip route 172.31.0.0 255.255.0.0 172.31.6.6 

The following example routes packets for network 192.168.1.0 directly to the next hop at 10.1.2.3. If the interface goes down, this route is removed from the routing table and will not be restored unless the interface comes back up.

ip route 192.168.1.0 255.255.0.0 Ethernet 0 10.1.2.3 

The following example installs the static route only if the state of track object 123 is up:

ip route 0.0.0.0 0.0.0.0 Ethernet 0/1 10.1.1.242 track 123

Related Commands

Command
Description

network (DHCP)

Configures the subnet number and mask for a Dynamic Host Configuration Protocol (DHCP) address pool on a Cisco IOS DHCP server.

redistribute (IP)

Redistributes routes from one routing domain into another routing domain.


ip route priority high

To assign a high priority to an Integrated Intermediate System-to-Intermediate System (IS-IS) IP prefix, use the ip route priority high command in router configuration mode. To remove the IP prefix priority, use the no form of this command.

ip route priority high tag tag-value

no ip route priority high tag tag-value

Syntax Description

tag tag-value

Assigns a high priority to IS-IS IP prefixes with a specific route tag in a range from 1 to 4294967295.


Defaults

No IP prefix priority is set.

Command Modes

Router configuration

Command History

Release
Modification

12.0(26)S

This command was introduced.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.


Usage Guidelines

When you use the ip route priority high command to tag higher priority IS-IS IP prefixes for faster processing and installation in the global routing table, you can achieve faster convergence. For example, you can help Voice over IP (VoIP) gateway addresses get processed first to help VoIP traffic get updated faster than other types of packets.

Examples

The following example uses the ip route priority high command to assign a tag value of 100 to the IS-IS IP prefix:

Router> enable
Router# configure terminal
Router(config)# interface Ethernet 0
Router(config-if)# ip router isis
Router(config-if)# isis tag 100
!
Router(config)# router isis
Router(config)# ip route priority high tag 100
!

Related Commands

Command
Description

debug isis rib

Displays debug information for IP Version 4 routes within the global or IS-IS local RIB.

show isis rib

Displays paths for routes in the IP Version 4 IS-IS local RIB.


ip route profile

To enable IP routing table statistics collection, use the ip route profile command in global configuration mode. To disable collection of routing table statistics, use the no form of the command.

ip route profile

no ip route profile

Syntax Description

This command has no arguments or keywords.

Defaults

The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.

Command Modes

Global configuration

Command History

Release
Modification

12.0

This command was introduced.


Usage Guidelines

The ip route profile command helps you to monitor routing table fluctuations that can occur as the result of route flapping, network failure, or network restoration.

This command identifies route flapping over brief time intervals. The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.

Two sets of statistics are collected. The per-interval statistics are collected over a sampling interval, while the routing table change statistics are the result of aggregating the per-interval statistics. The per-interval statistics are collected as a single set of counters, with one counter tracking one event. All counters are initialized at the beginning of each sampling interval; counters are incremented as corresponding events occur anywhere in the routing table.

At the end of a sampling interval, the per-interval statistics for that sampling interval are integrated with the routing table change statistics collected from the previous sampling intervals. The counters holding the per-interval statistics are reset and the process is repeated.

Routing table statistics are collected for the following events:

Forward-Path Change. This statistic is the number of changes in the forwarding path, which is the accumulation of prefix-add, next-hop change, and path count change statistics.

Prefix-Add. A new prefix was added to the routing table.

Next-Hop Change. A prefix is not added or removed, but the next hop changes. This statistic is only seen with recursive routes that are installed in the routing table.

Pathcount Change. The number of paths in the routing table has changed. This statistic is the result of an increase in the number of paths for an Interior Gateway Protocol (IGP) prefix in the routing table.

Prefix Refresh. Standard routing table maintenance; the forwarding behavior is not changed.

Use the show ip route profile command to display the routing table change statistics.

Examples

The following example enables the collection of routing table statistics:

ip route profile

Related Commands

Command
Description

show ip route profile

Displays routing table change statistics.


ip route static adjust-time

To change the time interval for IP static route adjustments during convergence, use the ip route static adjust-time command in global configuration mode. To reinstate the default adjustment time of 60 seconds, use the no form of this command.

ip route static adjust-time seconds

no ip route static adjust-time seconds

Syntax Description

seconds

Time of delay, in seconds, for convergence time during which the background process that monitors next-hop reachability is performed. The delay in convergence occurs when the route that covers the next hop is removed. The range is from 1 to 60. The default is 60.


Defaults

seconds: 60

Command Modes

Global configuration

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(10)

This command was integrated into Cisco IOS Release 12.3(10).

12.3(11)T

This command was integrated into Cisco IOS Release 12.3(11)T.


Usage Guidelines

By default, static route adjustments are made every 60 seconds. To adjust the timer to any interval from 1 to 60 seconds, enter the ip route static adjust-time command.

The benefit of reducing the timer from the 60-second default value is to increase the convergence when static routes are used. However, reducing the interval can be CPU intensive if the value is set very low and a large number of static routes are configured.

Examples

In the following example, the adjustment time for static routes has been changed from the default 60 seconds to 30 seconds:

Router(config)# ip route static adjust-time 30

To remove the 30-second adjusted time interval and reinstate the default 60-second value, enter the no route ip static adjust-time command:

Router(config)# no ip route static adjust-time 30

Related Commands

Command
Description

show ip route

Displays the current state of the routing table.


ip router isis

To configure an IS-IS routing process for IP on an interface and to attach an area designator to the routing process, use the ip router isis command in interface configuration mode. To disable IS-IS for IP, use the no form of the command.

ip router isis area-tag

no ip router isis area-tag

Syntax Description

area-tag

Meaningful name for a routing process. If it is not specified, a null tag is assumed and the process is referenced with a null tag. This name must be unique among all IP or Connectionless Network Service (CLNS) router processes for a given router.

Required for multiarea IS-IS configuration. Optional for conventional IS-IS configuration.

Note Each area in a multiarea configuration should have a nonnull area tag to facilitate identification of the area.


Defaults

No routing processes are specified.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

12.0(5)T

Multiarea functionality was added, changing the way the tag argument (now area-tag) is used.


Usage Guidelines

Before the IS-IS routing process is useful, a network entity title (NET) must be assigned with the net command and some interfaces must have IS-IS enabled.

If you have IS-IS running and at least one International Organization for Standardization Interior Gateway Routing Protocol (ISO-IGRP) process, the IS-IS process and the ISO-IGRP process cannot both be configured without an area tag. The null tag can be used by only one process. If you run ISO-IGRP and IS-IS, a null tag can be used for IS-IS, but not for ISO-IGRP at the same time. However, each area in an IS-IS multiarea configuration should have a nonnull area tag to facilitate identification of the area.

You can configure only one process to perform Level 2 (interarea) routing. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform intra-area (Level 1) routing at the same time. You can configure up to 29 additional processes as Level 1-only processes. Use the is-type command to remove Level 2 routing from a router instance. You can then use the is-type command to enable Level 2 routing on some other IS-IS router instance.

An interface cannot be part of more than one area, except in the case where the associated routing process is performing both Level 1 and Level 2 routing. On media such as WAN media where subinterfaces are supported, different subinterfaces could be configured for different areas.

Examples

The following example specifies IS-IS as an IP routing protocol for a process named Finance, and specifies that the Finance process will be routed on Ethernet interface 0 and serial interface 0:

router isis Finance
 net 49.0001.aaaa.aaaa.aaaa.00
interface Ethernet 0
 ip router isis Finance
interface serial 0
 ip router isis Finance

The following example shows an IS-IS configuration with two Level 1 areas and one Level 1-2 area:

ip routing

.
.
.

interface Tunnel529
 ip address 10.0.0.5 255.255.255.0
 ip router isis BB

interface Ethernet1
 ip address 10.1.1.5 255.255.255.0
 ip router isis A3253-01
1
!
interface Ethernet2
 ip address 10.2.2.5 255.255.255.0
 ip router isis A3253-02


.
.
.

! Defaults to "is-type level-1-2"
router isis BB
 net 49.2222.0000.0000.0005.00
!
router isis A3253-01
 net 49.0553.0001.0000.0000.0005.00
 is-type level-1
!
router isis A3253-02
 net 49.0553.0002.0000.0000.0005.00
 is-type level-1

Related Commands

Command
Description

is-type

Configures the routing level for an IS-IS routing process.

net

Configures an IS-IS NET for a CLNS routing process.

router isis

Enables the IS-IS routing protocol.


ip split-horizon (RIP)

To enable the split horizon mechanism, use the ip split-horizon command in interface configuration mode. To disable the split horizon mechanism, use the no form of this command.

ip split-horizon

no ip split-horizon

Syntax Description

This command has no arguments or keywords.

Defaults

Default behavior varies with media type.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

For all interfaces except those for which either Frame Relay or Switched Multimegabit Data Service (SMDS) encapsulation is enabled, the default condition for this command is ip split-horizon; in other words, the split horizon feature is active. If the interface configuration includes either the encapsulation frame-relay or encapsulation smds command, then the default is for split horizon to be disabled. Split horizon is not disabled by default for interfaces using any of the X.25 encapsulations.


Note For networks that include links over X.25 packet switched networks (PSNs), the neighbor router configuration command can be used to defeat the split horizon feature. You can as an alternative explicitly specify the no ip split-horizon command in your configuration. However, if you do so you must similarly disable split horizon for all routers in any relevant multicast groups on that network.



Note If split horizon has been disabled on an interface and you want to enable it, use the ip split-horizon command to restore the split horizon mechanism.



Note In general, changing the state of the default for the ip split-horizon command is not recommended, unless you are certain that your application requires a change in order to properly advertise routes. If split horizon is disabled on a serial interface (and that interface is attached to a PSN), you must disable split horizon for all routers and access servers in any relevant multicast groups on that network.


Examples

The following simple example disables split horizon on a serial link. The serial link is connected to an X.25 network.

interface serial 0
encapsulation x25
no ip split-horizon

Related Commands

Command
Description

neighbor (RIP)

Defines a neighboring router with which to exchange routing information.


ip split-horizon eigrp

To enable Enhanced Interior Gateway Routing Protocol (EIGRP) split horizon, use the ip split-horizon eigrp command in interface configuration mode. To disable split horizon, use the no form of this command.

ip split-horizon eigrp as-number

no ip split-horizon eigrp as-number

Syntax Description

as-number

Autonomous system number.


Defaults

The behavior of this command is enabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

For networks that include links over X.25 packet-switched networks (PSNs), you can use the neighbor router configuration command to defeat the split horizon feature. As an alternative, you can explicitly specify the no ip split-horizon eigrp command in your configuration. However, if you do so, you must similarly disable split horizon for all routers and access servers in any relevant multicast groups on that network.


Note In general, we recommend that you not change the default state of split horizon unless you are certain that your application requires the change in order to properly advertise routes. Remember that if split horizon is disabled on a serial interface and that interface is attached to a packet-switched network, you must disable split horizon for all routers and access servers in any relevant multicast groups on that network.


Examples

The following example disables split horizon on a serial link connected to an X.25 network:

interface serial 0
 encapsulation x25
 no ip split-horizon eigrp 101

Related Commands

Command
Description

ip split-horizon (RIP)

Enables the split horizon mechanism.

neighbor (EIGRP)

Defines a neighboring router with which to exchange routing information.


ip summary-address eigrp

To configure a summary aggregate address for a specified interface, use the ip summary-address eigrp command in interface configuration mode. To disable a configuration, use the no form of this command.

ip summary-address eigrp as-number ip-address wildcard-mask [admin-distance] [leak-map name]

no ip summary-address eigrp as-number ip-address wildcard-mask

Syntax Description

as-number

Autonomous system number.

ip-address

Summary IP address to apply to an interface.

wildcard-mask

Wildcard mask.

admin-distance

(Optional) Administrative distance. A value from 0 to 255.

leak-map name

(Optional) Route-map reference to configure route leaking through the summary.


Defaults

An administrative distance of 5 is applied to EIGRP summary routes.

EIGRP automatically summarizes to the network level, even for a single host route.

No summary addresses are predefined.

The default administrative distance metric for EIGRP is 90.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

12.0(7)T

The admin-distance argument was introduced.

12.3(14)T

The leak-map keyword was introduced.


Usage Guidelines

The ip summary-address eigrp command is used to configure interface-level address summarization. EIGRP summary routes are given an administrative distance value of 5. The administrative distance metric is used to advertise a summary without installing it in the routing table.

By default, EIGRP summarizes subnet routes to the network level. The no auto-summary command can be entered to configure subnet level summarization.

EIGRP Support For Leaking Routes

Configuring the leak-map keyword allows to advertise a component route that would otherwise be suppressed by the manual summary. Any component subset of the summary can be leaked. A route map and access list must be defined to source the leaked route.

The following is default behavior if an incomplete configuration is entered:

If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised but all component routes are suppressed.

If the leak-map keyword is configured but the access-list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.

Examples

The following example, starting in Global configuration mode, configures an administrative distance of 95 on interface Ethernet 0/0 for the 192.168.0.0/16 summary address:

Router(config)# router eigrp 1 
Router(config-router)# exit 
Router(config)# interface Ethernet 0/0 
Router(config-if)# ip summary-address eigrp 1 192.168.0.0 0.0.255.255 95 

The following example, starting in Global configuration mode, configures the 10.1.1.0/24 subnet to be leaked through the 10.0.0.0 summary address:

Router(config)# router eigrp 1 
Router(config-router)# exit 
Router(config)# access-list 1 permit 10.1.1.0 0.0.0.255 
Router(config)# ! 
Router(config)# route-map LEAK-10-1-1 permit 10 
Router(config-route-map)# match ip address 1 
Router(config-route-map)# exit 
Router(config)# interface Serial 0/0 
Router(config-if)# ip summary-address eigrp 1 10.0.0.0 0.0.0.255 leak-map LEAK-10-1-1 
Router(config-if)# end 

Related Commands

Command
Description

auto-summary (EIGRP)

Configures automatic summarization of subnet routes to network-level routes (default behavior).


ip summary-address rip

To configure a summary aggregate address under an interface for the Routing Information Protocol (RIP), use the ip summary-address rip command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.

ip summary-address rip ip-address ip-network-mask

no ip summary-address rip ip-address ip-network-mask

Syntax Description

ip-address

IP address to be summarized.

ip-network-mask

IP network mask that drives route summarization for the specified IP address.


Defaults

RIP automatically summarizes to classful network boundaries.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(6)T

This command was introduced.


Usage Guidelines

The ip summary-address rip command is used to summarize an address or subnet under a specific interface. RIP automatically summarizes to classful network boundaries. Only one summary address can be configured for each classful subnet.

Examples

In the following example the major network is 10.0.0.0. The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0, so that 10.2.0.0 is advertised out Ethernet interface 1 and 10.0.0.0 is not advertised.


Note If split horizon is enabled, neither autosummary nor interface summary addresses (those configured with the ip summary-address rip command) are advertised.


interface Ethernet1
 ip address 10.1.1.1 255.255.255.0
 ip summary-address rip 10.2.0.0 255.255.0 
 exit

router rip
 network 10.0.0.0
 end

Related Commands

Command
Description

auto-summary (RIP)

Restores the default behavior of automatic summarization of subnet routes into network-level routes.

ip split-horizon (RIP)

Enables the split horizon mechanism.


ip verify unicast vrf

To enable Unicast Reverse Path Forwarding (Unicast RPF) verification for the specified VRF, use the ip verify unicast vrf command in Interface configuration mode. To disable the Unicast RPF check for a VRF, use the no form of this command.

ip verify unicast vrf vrf-name deny | permit

no ip verify unicast vrf vrf-name deny | permit

Syntax Description

vrf-name

Specifies the VRF name.

deny

Specifies IPv4 multicast prefixes to import.

permit

(Optional) Specifies the number of prefixes to import. The range for this argument is a number from 1 to 2147483647.


Defaults

No default behavior or values

Command Modes

Interface configuration mode

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Usage Guidelines

Unicast Reverse Path Forwarding (Unicast RPF) is configured to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if traffic is forward or dropped.

Examples

The following example configures Unicast RPF verification for VRF GREEN and RED. VRF GREEN TRAFFIC is forwarded. VRF RED traffic is dropped.

Router(config)# interface Ethernet 0
Router(config-if)# ip verify unicast vrf GREEN permit
Router(config-if)# ip verify unicast vrf RED deny 
Router(config-if)# end 

Related Commands

Command
Description

import ipv4

Configures an import map to import IPv4 prefixes from the global routing table to a VRF table.

ip vrf

Configures a VRF routing table.

rd

Creates routing and forwarding tables for a VRF.

show ip bgp

Displays entries in the BGP routing table.

show ip bgp vpnv4

Displays VPN address information from the BGP table.

show ip vrf

Displays the set of defined VRFs and associated interfaces.


isis advertise-prefix

To allow the advertising of IP prefixes of connected networks in LSP advertisements per IS-IS interface, use the isis advertise-prefix command in interface configuration mode. To prevent IP prefixes of connected networks from being advertised, use the no form of this command.

isis advertise-prefix

no isis advertise-prefix

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled; IP prefixes are advertised.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(22)S

This command was introduced.

12.3(2)T

This command was integrated.


Usage Guidelines

The no isis advertise-prefix command is an IS-IS mechanism to exclude IP prefixes of connected networks from LSP advertisements, thereby reducing IS-IS convergence time.

Configuring the no form of this command per IS-IS interface is a small-scale solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP.

An alternative to this command is the advertise-passive-only command. The latter is a scalable solution because it is configured per IS-IS instance.

Examples

The following example uses the no isis advertise-prefix command on Ethernet interface 0. Only the IP address of loopback interface 0 is advertised.

!
interface loopback 0
 ip address 192.168.10.1 255.255.255.255
 no ip directed-broadcast
!
interface Ethernet 0
 ip address 192.168.20.1 255.255.255.0
 no ip directed-broadcast
 ip router isis 
 no isis advertise-prefix
!
!.
!.
!.
!
router isis 
 passive-interface loopback 0
 net 47.0004.004d.0001.0001.0c11.1111.00
 log-adjacency-changes
!

Related Commands

Command
Description

advertise-passive-only

Configures the IS-IS instance to advertise only prefixes that belong to passive interfaces.


isis authentication key-chain

To enable authentication for an IS-IS interface, use the isis authentication key-chain command in interface configuration mode. To disable such authentication, use the no form of this command.

isis authentication key-chain name-of-chain [level-1 | level-2]

no isis authentication key-chain name-of-chain [level-1 | level-2]

Syntax Description

name-of-chain

Enables authentication and specifies the group of keys that are valid.

level-1

(Optional) Enables authentication for Level 1 packets only.

level-2

(Optional) Enables authentication for Level 2 packets only.


Defaults

No key chain authentication is configured for a specific IS-IS interface, although it might be configured at the IS-IS instance level.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(21)ST

This command was introduced.


Usage Guidelines

If no key chain is configured with the key chain command, no key chain authentication is performed.

Only one authentication key chain is applied to an IS-IS interface at one time. That is, if you configure a second isis authentication key-chain command, the first is overridden.

If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.

You can specify authentication for an entire instance of IS-IS instead of at the interface level by using the authentication key-chain command.

Examples

The following example configures Ethernet interface 0 to accept and send any key belonging to the key chain named trees:

interface Ethernet0
 ip address 10.1.1.1 255.255.255.252
 ip router isis real_secure_network
 isis authentication mode md5 level-1
 isis authentication key-chain trees level-1

Related Commands

Command
Description

authentication key-chain

Enables authentication for IS-IS at the instance level.

key chain

Enables authentication for routing protocols.


isis authentication mode

To specify the type of authentication used for an IS-IS interface, use the isis authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.

isis authentication mode {md5 | text} [level-1 | level-2]

no isis authentication mode

Syntax Description

md5

Message Digest 5 (MD5) authentication.

text

Clear text authentication.

level-1

(Optional) Enables the specified authentication on the interface for Level 1 packets only.

level-2

(Optional) Enables the specified authentication on the interface for Level 2 packets only.


Defaults

No authentication is provided for IS-IS packets on an interface level, although authentication could be provided at the IS-IS instance level by several means.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(21)ST

This command was introduced.


Usage Guidelines

If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.

If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.

If you configure the isis authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no isis authentication mode command first.

You can specify the type of authentication and the level to which it applies for the entire IS-IS instance, rather than per interface, by using the authentication mode command.

Examples

The following example configures IS-IS Level 2 packets to use MD5 authentication on Ethernet interface 0:

interface Ethernet0
 ip address 10.1.1.1 255.255.255.252
 ip router isis real_secure_network
 isis authentication mode md5 level-2
 isis authentication key-chain cisco level-2

Related Commands

Command
Description

area-password

Configures the IS-IS area authentication password.

authentication mode

Specifies the type of authentication used in IS-IS packets for the IS-IS instance.

domain-password

Configures the IS-IS routing domain authentication password.

key chain

Enables authentication for routing protocols.


isis authentication send-only

To specify that authentication is performed only on packets being sent (not received) on a specified IS-IS interface, use the isis authentication send-only command in interface configuration mode. To restore the default value, use the no form of this command.

isis authentication send-only [level-1 | level-2]

no isis authentication send-only

Syntax Description

level-1

(Optional) Authentication is performed only on Level 1 packets that are being sent (not received).

level-2

(Optional) Authentication is performed only on Level 2 packets that are being sent (not received).


Defaults

If MD5 authentication is configured at the interface level, it applies to IS-IS packets being sent and received over all interfaces.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(21)ST

This command was introduced.


Usage Guidelines

Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no isis authentication send-only command to disable the send-only feature.

If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.

Examples

The following example configures IS-IS Level-1 packets to use MD5 authentication on packets being sent (not received) on Ethernet interface 0:

interface Ethernet0
 ip address 10.1.1.1 255.255.255.252
 ip router isis real_secure_network
 isis authentication send-only level-1
 isis authentication mode md5 level-1
 isis authentication key-chain cisco level-1

Related Commands

Command
Description

isis authentication key-chain

Enables authentication for IS-IS packets and specifies the set of keys that can be used on an interface.

isis authentication mode

Specifies the type of authentication used in IS-IS packets for the interface.

key chain

Enables authentication for routing protocols.


isis circuit-type

To configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command.

isis circuit-type [level-1 | level-1-2 | level-2-only]

no isis circuit-type

Syntax Description

level-1

(Optional) Configures a router for Level 1 adjacency only.

level-1-2

(Optional) Configures a router for Level 1 and Level 2 adjacency.

level-2-only

(Optional) Configures a router for Level 2 adjacency only.


Defaults

A Level 1 and Level 2 adjacency is established.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

Normally, this command need not be configured. The proper way is to configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.

A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.

A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.

Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.

Examples

In the following example, other routers on Ethernet interface 0 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.

interface ethernet 0 
ip router isis
interface ethernet 1 
 isis circuit-type level-2-only

isis csnp-interval

To configure the IS-IS complete sequence number PDUs (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command.

isis csnp-interval seconds [level-1 | level-2]

no isis csnp-interval [level-1 | level-2]

Syntax Description

seconds

Interval of time between transmission of CSNPs on multiaccess networks. This interval only applies for the designated router. The default is 10 seconds. The range is from 0 to 65535.

level-1

(Optional) Configures the interval of time between transmission of CSNPs for Level 1 independently.

level-2

(Optional) Configures the interval of time between transmission of CSNPs for Level 2 independently.


Defaults

10 seconds
Level 1 and Level 2

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

It is very unlikely you will need to change the default value of this command.

This command applies only for the designated router (DR) for a specified interface. Only DRs send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2. Configuring the CSNP interval does not apply to serial point-to-point interfaces. It does apply to WAN connections if the WAN is viewed as a multiaccess meshed network.

For multiaccess WAN interfaces such as ATM, Frame Relay, and X.25, we highly recommend that you configure the nonbroadcast multiaccess (NBMA) cloud as multiple point-to-point subinterfaces. Doing so will make routing much more robust if one or more permanent virtual circuits (PVCs) fails.

The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.

Examples

The following example configures Ethernet interface 0 for sending CSNPs every 30 seconds:

interface ethernet 0
 isis csnp-interval 30 level-1

isis display delimiter

To make output from multiarea displays easier to read by specifying the delimiter to use to separate displays of information, use the isis display delimiter command in global configuration mode. To disable this output format, use the no form of the command.

isis display delimiter [return count | character count]

no isis display delimiter [return count | character count]

Syntax Description

return

(Optional) Delimit with carriage returns.

count

(Optional) Number of carriage returns or length of string to use for the delimiter.

character

(Optional) Character to use for the delimiter string.


Defaults

The isis display delimiter command is disabled by default.

Command Modes

Global configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.


Usage Guidelines

Use this command to customize display output when the IS-IS multiarea feature is used. The isis display delimiter command displays the output from different areas as a string or additional white space.

Examples

The following command causes different areas in multiarea displays (such as show command output) to be delimited by a string of dashes (-):

isis display delimiter - 14

With three IS-IS neighbors configured, this command displays the following output from the show clns neighbors command:

Router# show clns neighbors
--------------
Area L2BB:
System Id      Interface   SNPA                State  Holdtime  Type Protocol
0000.0000.0009 Tu529       172.21.39.9         Up     25        L1L2 IS-IS
--------------
Area A3253-01:
System Id      Interface   SNPA                State  Holdtime  Type Protocol
0000.0000.0053 Et1         0060.3e58.ccdb      Up     22        L1   IS-IS
0000.0000.0003 Et1         0000.0c03.6944      Up     20        L1   IS-IS
--------------
Area A3253-02:
System Id      Interface   SNPA                State  Holdtime  Type Protocol
0000.0000.0002 Et2         0000.0c03.6bc5      Up     27        L1   IS-IS
0000.0000.0053 Et2         0060.3e58.ccde      Up     24        L1   IS-IS

Related Commands

Command
Description

show clns es-neighbors

Lists the ES neighbors that this router knows.

show clns is-neighbors

Displays IS-IS related information for IS-IS router adjacencies.

show clns neighbors

Displays both ES and IS neighbors.

show clns protocol

Lists the protocol-specific information for each ISO IGRP routing process in the router.

show clns traffic

Lists the CLNS packets this router has seen.

show isis database

Displays the IS-IS link-state database.

show isis routes

Displays the IS-IS Level 1 forwarding table for IS-IS learned routes.

show isis spf-log

Displays how often and why the router has run a full SPF calculation.

show isis topology

Displays a list of all connected routers in all areas.


isis hello padding

To reenable IS-IS hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command.

isis hello padding

no isis hello padding

Syntax Description

This command has no arguments or keywords.

Defaults

IS-IS hello padding is enabled.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.0(5)S

This command was integrated into Cisco IOS Release 12.0(5)S.


Usage Guidelines

Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.

You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.

To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.

Examples

To turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode:


Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface e0/0
Router(config-if)# no isis hello padding
Router(config-if)# end

When the show clns neighbor command is entered for Ethernet interface 0/0, the output confirms that hello padding has been turned off for both Level 1 and Level 2 circuit types:

Router_A# show clns interface e0/0

Ethernet0/0 is up, line protocol is up
  Checksums enabled, MTU 1497, Encapsulation SAP
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching enabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 47 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-1-2
    Interface number 0x0, local circuit ID 0x1
    Level-1 Metric: 10, Priority: 64, Circuit ID: Router_B.01
    Level-1 IPv6 Metric: 10
    Number of active level-1 adjacencies: 1
    Level-2 Metric: 10, Priority: 64, Circuit ID: Router_B.01
    Level-2 IPv6 Metric: 10
    Number of active level-2 adjacencies: 1
    Next IS-IS LAN Level-1 Hello in 2 seconds
!   No hello padding
    Next IS-IS LAN Level-2 Hello in 2 seconds
!   No hello padding

When the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497:

Router# debug isis adj packets e0/0

IS-IS Adjacency related packets debugging is on
Router#
*Oct 11 18:04:17.455: ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0, length 55
*Oct 11 18:04:19.075: ISIS-Adj: Rec L2 IIH from aabb.cc00.6600 (Ethernet0/0), cir type 
L1L2, cir id 0000.0000.000B.01, length 1497

Related Commands

Command
Description

hello padding

Reenables IS-IS hello padding at the router level.

debug isis adj packets

Displays information on all adjacency-related activity such as hello packets sent and received and IS-IS adjacencies going up and down.

show clns interface

Lists the CLNS-specific information about each interface.


isis hello-interval

To specify the length of time between hello packets that the Cisco IOS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command.

isis hello-interval {seconds | minimal} [level-1 | level-2]

no isis hello-interval [level-1 | level-2]

Syntax Description

seconds

An integer value. By default, a value three times the hello interval seconds is advertised as the hold time in the hello packets sent. (Change the multiplier of 3 by specifying the isis hello-multiplier command.) With smaller hello intervals, topological changes are detected faster, but there is more routing traffic. The default is 10 seconds. The range is from 0 to 65535.

minimal

Causes the system to compute the hello interval based on the hello multiplier (specified by the isis hello-multiplier command) so that the resulting hold time is 1 second.

level-1

(Optional) Configures the hello interval for Level 1 independently. Use this on X.25, Switched Multimegabit Data Service (SMDS), and Frame Relay multiaccess networks.

level-2

(Optional) Configures the hello interval for Level 2 independently. Use this on X.25, SMDS, and Frame Relay multiaccess networks.


Defaults

10 seconds
Level 1 and Level 2

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

12.0(5)T

The minimal keyword was added.


Usage Guidelines

The hello interval multiplied by the hello multiplier equals the hold time. If the minimal keyword is specified, the hold time is 1 second and the system computes the hello interval based on the hello multiplier.

The hello interval can be configured independently for Level 1 and Level 2, except on serial point-to-point interfaces. (Because only a single type of hello packet is sent on serial links, it is independent of Level 1 or Level 2.) The level-1 and level-2 keywords are used on X.25, SMDS, and Frame Relay multiaccess networks or LAN interfaces.

A faster hello interval gives faster convergence, but increases bandwidth and CPU usage. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU. Especially when used in combination with a higher hello multiplier, this configuration may increase overall network stability.

It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces.

Examples

The following example configures serial interface 0 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than configuring a longer interval, but topological changes will be detected earlier.

interface serial 0
 isis hello-interval 5 level-1

Related Commands

Command
Description

isis hello-multiplier

Specifies the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down.


isis hello-multiplier

To specify the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command.

isis hello-multiplier multiplier [level-1 | level-2]

no isis hello-multiplier [level-1 | level-2]

Syntax Description

multiplier

Integer value from 3 to 1000. The advertised hold time in IS-IS hello packets will be set to the hello multiplier times the hello interval. Neighbors will declare an adjacency to this router down after not having received any IS-IS hello packets during the advertised hold time. The hold time (and thus the hello multiplier and the hello interval) can be set on a per-interface basis, and can be different between different routers in one area.

Using a smaller hello multiplier will give fast convergence, but can result in more routing instability. Increment the hello multiplier to a larger value to help network stability when needed. Never configure a hello multiplier lower than the default value of 3.

level-1

(Optional) Configures the hello multiplier independently for Level 1 adjacencies.

level-2

(Optional) Configures the hello multiplier independently for Level 2 adjacencies.


Defaults

multiplier: 3
Level 1 and Level 2

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated.

Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.

On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.

Examples

In the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.

interface serial 1
 ip router isis
 isis hello-interval 6 level-1
 isis hello-multiplier 10 level-1

Related Commands

Command
Description

isis hello-interval

Specifies the length of time between hello packets that the Cisco IOS software sends.


isis lsp-interval

To configure the time delay between successive IS-IS link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command.

isis lsp-interval milliseconds

no isis lsp-interval

Syntax Description

milliseconds

Time delay between successive LSPs (in milliseconds).


Defaults

The default time delay is 33 milliseconds.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and by implication the reception rate of other systems) to be reduced.

Examples

The following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on serial interface 0:

interface serial 0
 isis lsp-interval 100

Related Commands

Command
Description

isis retransmit-interval

Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links.


isis mesh-group

To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command.

isis mesh-group [number | blocked]

no isis mesh-group [number | blocked]

Syntax Description

number

(Optional) A number identifying the mesh group of which this interface is a member.

blocked

(Optional) Specifies that no LSP flooding will take place on this subinterface.


Defaults

The interface performs normal flooding.

Command Modes

Interface configuration

Command History

Release
Modification

12.0

This command was introduced.


Usage Guidelines

LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.

LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the blocked keyword is configured on a subinterface, then a newly received LSP is not flooded out over that interface.

To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.

Examples

In the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows:

LSPs received first via ATM 1/0.1 are flooded to all interfaces except ATM 1/0.2 (which is part of the same mesh group) and ATM 1/2.1, which is blocked.

LSPs received first via ATM 1/1.2 are flooded to all interfaces except ATM 1/1.1 (which is part of the same mesh group) and ATM 1/2.1, which is blocked.

LSPs received first via ATM 1/2.1 are not ignored, but flooded as usual to all interfaces. LSPs received first via ATM 1/2.2 are flooded to all interfaces, except ATM 1/2.1, which is blocked.

interface atm 1/0.1 
ip router isis 
isis mesh-group 10

interface atm 1/0.2
ip router isis 
isis mesh-group 10

interface atm 1/1.1 
ip router isis 
isis mesh-group 11

interface atm 1/1.2 
ip router isis 
isis mesh-group 11

interface atm 1/2.1 
ip router isis
isis mesh-group blocked

interface atm 1/2.2 
ip router isis

Related Commands

Command
Description

router isis

Enables the IS-IS routing protocol and specifies an IS-IS process.


isis metric

To configure the metric for an interface, use the isis metric command in interface configuration mode. To restore the default metric value, use the no form of this command.

isis metric default-metric [level-1 | level-2]

no isis metric [level-1 | level-2]

Syntax Description

default-metric

Metric assigned to the link and used to calculate the cost from each other router via the links in the network to other destinations. You can configure this metric for Level 1 or Level 2 routing. The range is from 0 to 63. The default value is 10.

level-1

(Optional) This metric should be used only in the shortest path first (SPF) calculation for Level 1 (intra-area) routing.

level-2

(Optional) This metric should be used only in the SPF calculation for Level 2 (interarea) routing.


Defaults

If no keyword is specified, the default is level-1-2.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.

We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop count metrics.

Examples

The following example configures serial interface 0 for a default link-state metric cost of 15 for Level 1:

interface serial 0
 isis metric 15 level-1

isis network point-to-point

To configure a network of only two networking devices that use broadcast media and the integrated IS-IS routing protocol to function as a point-to-point link instead of a broadcast link, use the isis network point-to-point command in interface configuration mode. To disable the point-to-point usage, use the no form of this command.

isis network point-to-point

no isis network point-to-point

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(8)T

This command was introduced.


Usage Guidelines

Use this command only on broadcast media in a network of only two networking devices. The command will cause the system to issue packets point-to-point rather than as broadcasts. Configure the command on both networking devices in the network.

Examples

The following example configures a Fast Ethernet interface to act as a point-to-point interface:

interface fastethernet 1/0
 isis network point-to-point

isis password

To configure the authentication password for an interface, use the isis password command in interface configuration mode. To disable authentication for IS-IS, use the no form of this command.

isis password password [level-1 | level-2]

no isis password [level-1 | level-2]

Syntax Description

password

Authentication password you assign for an interface.

level-1

(Optional) Configures the authentication password for Level 1 independently. For Level 1 routing, the router acts as a station router only.

level-2

(Optional) Configures the authentication password for Level 2 independently. For Level 2 routing, the router acts as an area router only.


Defaults

This command is disabled by default.

If no keyword is specified, the default is level-1-2.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

This command enables you to prevent unauthorized routers from forming adjacencies with this router, and thus protects the network from intruders.

The password is exchanged as plain text and thus provides only limited security.

Different passwords can be assigned for different routing levels using the level-1 and level-2 keywords.

Specifying the level-1 or level-2 keyword disables the password only for Level 1 or Level 2 routing, respectively.

Examples

The following example configures a password for Ethernet interface 0 at Level 1:

interface ethernet 0
 isis password frank level-1

isis priority

To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.

isis priority number-value [level-1 | level-2]

no isis priority [level-1 | level-2]

Syntax Description

number-value

Sets the priority of a router and is a number from 0 to 127. The default value is 64.

level-1

(Optional) Sets the priority for Level 1 independently.

level-2

(Optional) Sets the priority for Level 2 independently.


Defaults

Priority of 64
Level 1 and Level 2

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.

The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.

In IS-IS, there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.

Examples

The following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS.

interface ethernet 0
 isis priority 80 level-1

isis protocol shutdown

To disable the Intermediate System-to-Intermediate System (IS-IS) protocol so that it cannot form adjacencies on a specified interface and place the IP address of the interface into the link-state packet (LSP) that is generated by the router, use the isis protocol shutdown command in interface configuration mode. To reenable the IS-IS protocol, use the no form of this command.

isis protocol shutdown

no isis protocol shutdown

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release
Modification

12.3(4)T

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release12.2(25)S.


Usage Guidelines

The isis protocol shutdown command allows you to disable the IS-IS protocol for a specified interface without removing the configuration parameters. The IS-IS protocol will not form any adjacencies for the interface for which the isis protocol shutdown command has been configured, and the IP address of the interface will be put into the LSP that is generated by the router.

If you do not want IS-IS to form any adjacency on any interface and clear the IS-IS LSP database, you can enter the protocol shutdown command.

Examples

The following example disables the IS-IS protocol on Ethernet interface3/1:

Router(config)# interface Ethernet 3/1
Router(config-if)# isis protocol shutdown

Related Commands

Command
Description

protocol shutdown

Disables the IS-IS protocol so that it cannot form any adjacency on any interface and clears the IS-IS LSP database.


isis retransmit-interval

To configure the amount of time between retransmission of each IS-IS link-state packet (LSP) on a point-to-point link, use the isis retransmit-interval command in interface configuration mode. To restore the default value, use the no form of this command.

isis retransmit-interval seconds

no isis retransmit-interval seconds

Syntax Description

seconds

Time (in seconds) between retransmission of each LSP. It is an integer that should be greater than the expected round-trip delay between any two routers on the attached network. The default is 5 seconds. The range is from 0 to 65535.


Defaults

5 seconds

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The setting of the seconds argument should be conservative, or needless retransmission will result.

This command has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability.

Retransmissions occur only when LSPs are dropped. So setting the seconds argument to a higher value has little effect on reconvergence. The more neighbors routers have, and the more paths over which LSPs can be flooded, the higher this value can be made.

The value should be higher for serial lines.

Examples

The following example configures serial interface 0 for retransmission of IS-IS LSP, every 60 seconds for a large serial line:

interface serial 0
 isis retransmit-interval 60

Related Commands

Command
Description

isis lsp-interval

Configures the time delay between successive IS-IS LSP transmissions.

isis retransmit-throttle-interval

Configures the amount of time between retransmissions of any IS-IS LSPs on a point-to-point interface.


isis retransmit-throttle-interval

To configure the amount of time between retransmissions on each IS-IS link-state packet (LSP) on a point-to-point interface, use the isis retransmit-throttle-interval command in interface configuration mode. To restore the default value, use the no form of this command.

isis retransmit-throttle-interval milliseconds

no isis retransmit-throttle-interval

Syntax Description

milliseconds

Minimum delay (in milliseconds) between LSP retransmissions on the interface.


Defaults

The delay is determined by the isis lsp-interval command.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

This command may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This command controls the rate at which LSPs can be re-sent on the interface.

The isis retransmit-throttle-interval command is distinct from the rate at which LSPs are sent on the interface (controlled by the isis lsp-interval command) and the period between retransmissions of a single LSP (controlled by the isis retransmit-interval command). These commands may all be used in combination to control the offered load of routing traffic from one router to its neighbors.

Examples

The following example configures serial interface 0 to limit the rate of LSP retransmissions to one every 300 milliseconds:

interface serial 0
 isis retransmit-throttle-interval 300

Related Commands

Command
Description

isis lsp-interval

Configures the time delay between successive IS-IS LSP transmissions.

isis retransmit-interval

Configures the amount of time between retransmission of each IS-IS LSPs over a point-to-point link.


isis tag

To set a tag on the IP address configured for an interface when this IP prefix is put into an IS-IS LSP, use the isis tag command in interface configuration mode. To stop tagging the IP address, use the no form of this command.

isis tag tag-number

no isis tag tag-number

Syntax Description

tag-number

Integer that serves as a tag on an IS-IS route.


Defaults

No route tag is associated for IP addresses configured for the interface.

Command Modes

Interface configuration

Command History

Release
Modification

12.3(2)T

This command was introduced.


Usage Guidelines

Tagging a route does nothing for you until you use the tag, for example, to redistribute routes or summarize routes.

Configuring the isis tag command triggers the router to generate new LSPs because the tag is a new piece of information in the packet.

Examples

In this example, two interfaces are tagged with different tag values. By default, these two IP addresses would have been put into the IS-IS Level 1 and Level 2 database. However, by using the redistribute command with a route map to match tag 110, only IP address 20.1.1.1 255.255.255.0 is put into the Level 2 database.

interface ethernet 1/0
 ip address 10.1.1.1 255.255.255.0
 ip router isis
 isis tag 120
interface ethernet 1/1
 ip address 20.1.1.1 255.255.255.0
 ip router isis
 isis tag 110
router isis
 net 49.0001.0001.0001.0001.00
 redistribute isis ip level-1 into level-2 route-map match-tag
 route-map match-tag permit 10
 match tag 110

ispf

To enable incremental Shortest Path First (SPF), use the ispf command in router configuration mode. To disable incremental SPF, use the no form of this command.

ispf {level-1 | level-2 | level-1-2} [seconds]

no ispf

Syntax Description

level-1

Enables incremental SPF for Level 1 packets only. The level-1 keyword applies only when you have enabled Intermediate System-to-Intermediate System (IS-IS).

level-2

Enables incremental SPF for Level 2 packets only. The level-2 keyword applies only when you have enabled IS-IS.

level-1-2

Enables incremental SPF for Level 1 and Level 2 packets. The level-1-2 keyword applies only when you have enabled IS-IS.

seconds

(Optional) Number of seconds after configuring this command that incremental SPF is activated. Value can be in the range from 1 to 600. The default value is 120 seconds. The seconds argument applies only when you have enabled IS-IS.


Defaults

Incremental SPF is disabled.
seconds: 120

Command Modes

Router configuration

Command History

Release
Modification

12.0(24)S

This command was introduced.

12.3(2)T

This command was integrated into Cisco IOS Release 12.3(2)T.

12.2(18)S

This command was integrated into Cisco IOS Release 12.2(18)S.


Usage Guidelines

Intermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) use Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type 1 or Type 2 link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recompute only the affected part of the tree. Recomputing only a portion of the tree rather than the entire tree results in faster OSPF convergence and saves CPU resources. Note that if the change to a Type 1 or Type 2 LSA occurs in the calculating router itself, then the full SPT is performed.

Incremental SPF computes only the steps needed to apply the changes in the network topology diagram. That process requires that the system keep more information about the topology in order to apply the incremental changes. Also, more processing must be done on each node for which the system receives a new link-state packet (LSP). However, incremental SPF typically reduces demand on CPU.

Incremental SPF is scheduled in the same way as the full SPF. Routers enabled with incremental SPF and routers not enabled with incremental SPF can function in the same internetwork.

Incremental SPF works only for IPv4.

Even if incremental SPF is configured, there are some cases where full SPF is executed; for example, periodic SPF, a calculation change for the routing calculation (such as a change in metric, is-type, and so on), the configuration of the clear ip route or clear isis commands, or adjacency changes.

Examples

The following example enables OSPF incremental SPF:

Router(config)# router ospf 1
Router(config-router)# ispf

The following examples enables IS-IS incremental SPF for Level 1 and Level 2 packets:

Router(config)# router isis
Router(config-router)# ispf level-1-2

is-type

To configure the routing level for an instance of the IS-IS routing process, use the is-type command in router configuration mode. To reset the default value, use the no form of this command.

is-type [level-1 | level-1-2 | level-2-only]

no is-type [level-1 | level-1-2 | level-2-only]

Syntax Description

level-1

(Optional) Router performs only Level 1 (intra-area) routing. This router learns only about destinations inside its area. Level 2 (interarea) routing is performed by the closest Level 1-2 router.

level-1-2

(Optional) Router performs both Level 1 and Level 2 routing. This router runs two instances of the routing process. It has one link-state packet database (LSDB) for destinations inside the area (Level 1 routing) and runs a shortest path first (SPF) calculation to discover the area topology. It also has another LSDB with link-state packets (LSPs) of all other backbone (Level 2) routers, and runs another SPF calculation to discover the topology of the backbone, and the existence of all other areas.

level-2-only

(Optional) Routing process acts as a Level 2 (interarea) router only. This router is part of the backbone, and does not communicate with Level 1-only routers in its own area.


Defaults

In conventional IS-IS configurations, the router acts as both a Level 1 (intra-area) and a Level 2 (interarea) router.

In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a Level 1-2 (intra-area and interarea) router. The remaining instances of the IS-IS process configured by default are Level 1 routers.

Command Modes

Router configuration

Command History

Release
Modification

10.3

This command was introduced.

12.0(5)T

This command was modified to include multiarea IS-IS routing.


Usage Guidelines

We highly recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router.

If only one area is in the network, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are by default Level 1 areas.

If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device.

Examples

The following example specifies an area router:

router isis 
 is-type level-2-only

Related Commands

Command
Description

router isis

Enables the IS-IS routing protocol and specifies an IS-IS process.

show clns neighbor areas

Displays information about IS-IS neighbors and the areas to which they belong.