-
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3 T
-
IP Routing Protocol Commands: T Through V
-
Introduction
-
IP Routing Protocol Commands: A
-
IP Routing Protocol Commands: B
-
IP Routing Protocols Commands: C through H
-
IP Routing Protocols Commands: ignore lsa mospf through ip ospf transmit-delay
-
IP Routing Protocol Commands: ip policy route-map through is-type
-
IP Routing Protocols Commands: K through M
-
IP Routing Protocols Commands: N
-
IP Routing Protocols Commands: O through R
-
IP Routing Protocols Commands: send-lifetime through set-overload-bit
-
IP Routing Protocols Commands: show bgp nsap through show ip bgp update-group
-
IP Routing Protocols Commands: show ip cache policy through show ip local policy
-
IP Routing Protocol Commands: show ip ospf through synchronization
-
Table Of Contents
ip prefix-list sequence-number
ip rip authentication key-chain
isis retransmit-throttle-interval
ip policy route-map
To identify a route map to use for policy routing on an interface, use the ip policy route-map command in interface configuration mode. To disable policy routing on the interface, use the no form of this command.
ip policy route-map map-tag
no ip policy route-map map-tag
Syntax Description
map-tag
Name of the route map to use for policy routing. The name must match a map-tag value specified by a route-map command.
Defaults
No policy routing occurs on the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
You might enable policy routing if you want your packets to take a route other than the obvious shortest path.
The ip policy route-map command identifies a route map to use for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
Policy routing can be performed on any match criteria that can be defined in an extended IP access list when using the match ip address command and referencing an extended IP access list.
Examples
The following example sends packets with the destination IP address of 172.120.16.18 to a router at IP address 172.130.3.20:
interface serial 0ip policy route-map wethersfield!route-map wethersfieldmatch ip address 172.120.16.18set ip next-hop 172.130.3.20Related Commands
ip policy-list
To create a Border Gateway Protocol (BGP) policy list, use the ip policy-list command in policy-map configuration mode. To remove a policy list, use the no form of this command.
ip policy-list policy-list-name {permit | deny}
no ip policy-list policy-list-name
Syntax Description
policy-list-name
Name of the configured policy list.
permit
Permits access for matching conditions.
deny
Denies access to matching conditions.
Defaults
This command is not enabled by default.
Command Modes
Policy-map configuration mode
Command History
12.0(22)S
This command was introduced.
12.2(15)T
This command was integrated into 12.2(15)T.
Usage Guidelines
When a policy list is referenced within a route map, all the match statements within the policy list are evaluated and processed. Two or more policy lists can be configured with a route map. Policy- lists configured within a route map are evaluated with AND semantics or OR semantics. A policy list can also coexist with any other preexisting match and set statements that are configured within the same route map but outside of the policy list. When multiple policy lists perform matching within a route map entry, all policy lists match on the incoming attribute only.
Examples
In the following example, a policy list is configured that permits matches on the autonomous system path and metric:
Router(config)# ip policy-list POLICY-LIST-NAME-1 permitRouter(config-policy-list)# match as-path 1Router(config-policy-list)# match metric 10Router(config-policy-list)# endIn the following example, a policy list is configured that permits traffic that matches the specified community:
Router(config)# ip policy-list POLICY-LIST-NAME-2 permitRouter(config-policy-list)# match community 20Router(config-policy-list)# match metric 10Router(config-policy-list)# ip community-list 20 permit 20:1Router(config-policy-list)# endIn the following example, a policy list is configured that denies traffic that matches the specified community:
Router(config)# ip policy-list POLICY-LIST-NAME-3 denyRouter(config-policy-list)# match community 20Router(config-policy-list)# match metric 10Router(config-policy-list)# endRelated Commands
ip prefix-list description
To add a text description of a prefix list, use the ip prefix-list description command in global configuration mode. To remove the text description, use the no form of this command.
ip prefix-list list-name sequence-number description text
no ip prefix-list list-name sequence-number description text
Syntax Description
list-name
Specifies the prefix-list name.
sequence-number
Specifies the prefix-list entry.
text
Adds a text description. Up to 80 characters can be entered.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
The ip prefix-list description command is used to add a text description to an IP prefix list. The prefix list description can be up to 80 characters in length.
Examples
In the following example, a prefix list description added to the prefix list named RED that states that routes are permitted from network A:
Router(config)# ip prefix-list RED description Permit routes from network ARelated Commands
ip prefix-list sequence-number
To enable the generation of default sequence numbers for entries in a prefix list, use the ip prefix-list sequence-number command in global configuration mode. To suppress default generation of sequence numbers, use the no form of this command.
ip prefix-list sequence-number
no ip prefix-list sequence-number
Syntax Description
This command has no arguments or keywords.
Defaults
Default sequence numbers are generated when an IP prefix list is configured.
Command Modes
Global configuration
Command History
Examples
The following example suppresses the automatic generation of default sequence numbers for prefix list entries:
Router(config)# no ip prefix-list sequence-numberRelated Commands
ip prefix-list
To create a prefix list or add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.
ip prefix-list list-name | list-number [seq number] {deny network/length | permit network/length} [ge length] [le length]
no ip prefix-list list-name | list-number [seq number] {deny network/length | permit network/length} [ge length] [le length]
Syntax Description
Defaults
An implicit deny is applied to traffic that does match any prefix-list entry.
A prefix list is processed as an exact match when the le or ge keyword is not entered.
If a sequence number is entered when configuring this command, a default sequence numbering is applied to the prefix list. The number 5 is applied to the first prefix entry, and subsequent unnumbered entries are incremented by 5.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip prefix-list command is used to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The IP address can be a classful network, a subnet, or a single host route. The bit mask is entered as a number from 1 to 32.
Prefix lists are configured to match an exact prefix length or a prefix range. The ge and le keywords are used to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. The prefix list is processed using an exact match when neither ge nor le keyword is entered. If only the ge value is entered, the range is the value entered for the ge length argument to a full 32-bit length. If only the le value is entered, the range is from value entered for the network/length argument to the le length argument. If both the ge length and le length keywords and arguments are entered, the range falls between the values used for length arguments. The following formula shows this behavior:
network/length < ge length < le length <= 32
A prefix list is configured with a name and/or sequence number. One or the other must be entered when configuring this command. If a sequence number is not entered, a default sequence number of 5 is applied to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and etc). If a sequence number is entered for the first prefix list entry but not subsequent entries, then the subsequent entries will also be incremented by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13,18, and etc). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Prefix lists are evaluated starting with the lowest sequence number. The longest most specific prefix is matched. The first successful match is processed for a given prefix. Once a match occurs, the permit or deny statement is processed, and the rest of the list is not evaluated.
Tips
For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.
The prefix list is applied to inbound or outbound updates for specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.
Examples
In the following example, a prefix list configured to deny the default route 0.0.0.0/0:
Router(config)# ip prefix-list RED deny 0.0.0.0/0In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:
Router(config)# ip prefix-list BLUE permit 172.16.1.0/24In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:
Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:
Router(config)# ip prefix-list PINK deny 10.0.0.0/8 ge 25In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:
Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24In the following example, a prefix list configured to deny any route with any mask length from the 10.0.0.0/8 network:
Router(config)# ip prefix-list ORANGE deny 10.0.0.0/8 le 32Related Commands
ip rip authentication key-chain
To enable authentication for Routing Information Protocol (RIP) Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode. To prevent authentication, use the no form of this command.
ip rip authentication key-chain name-of-chain
no ip rip authentication key-chain [name-of-chain]
Syntax Description
Defaults
No authentication is provided for RIP packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
If no key chain is configured with the key-chain command, no authentication is performed on the interface (not even the default authentication).
Examples
The following example configures the interface to accept and send any key belonging to the key chain named trees:
ip rip authentication key-chain treesRelated Commands
ip rip authentication mode
To specify the type of authentication used in Routing Information Protocol (RIP) Version 2 packets, use the ip rip authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
ip rip authentication mode {text | md5}
no ip rip authentication mode
Syntax Description
Defaults
Clear text authentication is provided for RIP packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
RIP Version 1 does not support authentication.
Examples
The following example configures the interface to use MD5 authentication:
ip rip authentication mode md5Related Commands
ip rip receive version
To specify a Routing Information Protocol (RIP) version to receive on an interface basis, use the ip rip receive version command in interface configuration mode. To follow the global version rules, use the no form of this command.
ip rip receive version [1] [2]
no ip rip receive version
Syntax Description
1
(Optional) Accepts only RIP Version 1 packets on the interface.
2
(Optional) Accepts only RIP Version 2 packets on the interface.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured. You can configure the interface to accept both RIP versions.
Examples
The following example configures the interface to receive both RIP Version 1 and Version 2 packets:
ip rip receive version 1 2The following example configures the interface to receive only RIP Version 1 packets:
ip rip receive version 1Related Commands
ip rip send version
To specify a Routing Information Protocol (RIP) version to send on an interface basis, use the ip rip send version command in interface configuration mode. To follow the global version rules, use the no form of this command.
ip rip send version [1] [2]
no ip rip send version
Syntax Description
1
(Optional) Sends only RIP Version 1 packets out the interface.
2
(Optional) Sends only RIP Version 2 packets out the interface.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured.
Examples
The following example configures the interface to send both RIP Version 1 and Version 2 packets out the interface:
ip rip send version 1 2The following example configures the interface to send only RIP Version 2 packets out the interface:
ip rip send version 2Related Commands
ip rip receive version
Specifies a RIP version to receive on an interface basis.
version
Specifies a RIP version used globally by the router.
ip rip triggered
To enable triggered extensions to Routing Information Protocol (RIP), use the ip rip triggered command in interface configuration mode. To disable triggered extensions to RIP, use the no form of this command.
ip rip triggered
no ip rip triggered
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
When triggered extensions to RIP are enabled, routing updates are sent on the WAN only if one of the following events occurs:
•
•
•
•
You might want to enable this feature if you are using an on-demand circuit and you are charged for usage time. Fewer routing updates will incur lower usage costs.
Entries in the routing database can be either temporary or semipermanent. Entries learned from broadcasts on LANs are temporary; they will expire if not periodically refreshed by more broadcasts.
Entries learned from a triggered response on the WAN are semipermanent; they do not time out like other entries. Certain events can cause these routes to time out, such as the interface going down, or if the outgoing interface is the same as the incoming interface. Neighbor updates of the routes with a metric of 16 (infinity) mean the route is unreachable, and those routes are eventually removed from the routing table.
Examples
The following example enables triggered extensions to RIP:
interface serial 0ip rip triggeredRelated Commands
show ip rip database
Displays the contents of the RIP private database when triggered extensions to RIP are enabled.
ip rip v2-broadcast
To allow Routing Information Protocol (RIP) Version 2 update packets to be sent as broadcast packets instead of multicast packets, use the rip v2-broadcast command in interface configuration mode. To disable the broadcast of IP RIP Version 2 update packets that are sent as broadcast packets, use the no form of this command.
ip rip v2-broadcast
no ip rip v2-broadcast
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default. Unless the ip rip v2-broadcast commend is entered, RIP Version 2 update packets are sent as multicast packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use the ip rip v2-broadcast command to broadcast RIP Version 2 broadcast updates to hosts that do not listen to multicast broadcasts. Version 2 updates (requests and responses) will be sent to the IP broadcast address 255.255.255.255 instead of the IP multicast address 244.0.0.9.
In order to reduce unnecessary load on those hosts that are not listening to RIP Version 2 broadcasts, the system uses an IP multicast address for periodic broadcasts. The IP multicast address is 244.0.0.9.
Note
Examples
The following example configures Version 2 IP broadcast updates on RIP Ethernet interface 3/1:
Router(config) interface ethernet3/1Router(config-if) ip address 172.1.1.1 255.255.255.0Router(config-if) ip rip v2-broadcast...Router(config-if) router ripRouter(config-if) version 2Router(config-if) network 172.0.0.0Enter debug ip rip command to verify that RIP Version 2 IP broadcast updates are being sent to the IP broadcast address 255.255.255 instead of IP multicast address 244.0.0.9:
Router# debug ip rip14:41:59: RIP: sending v2 update to 255.255.255.255 via Ethernet3/1 (172.1.1.1)If the ip rip v2-broadcast command has not been entered, the output from the debug ip rip command verifies that the RIP Version 2 IP broadcast updates are being sent to the IP multicast address 244.0.0.9:
Router# debug ip rip15:45:16: RIP: sending v2 update to 244.0.0.9 via Ethernet3.1 (172.1.1.1)Related Commands
ip route
To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent | track number] [tag tag]
no ip route prefix mask
Syntax Description
Defaults
No static routes are established.
Command Modes
Global configuration
Command History
Usage Guidelines
The establishment of a static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, routes derived with Interior Gateway Routing Protocol (IGRP) have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface on a connected router will be advertised by way of Routing Information Protocol (RIP), IGRP, and Enhanced Interior Gateway Routing Protocol (EIGRP) regardless of whether redistribute static commands are specified for those routing protocols. This situation occurs because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. Also, the target of the static route should be included in the network (DHCP) command. If this condition is not met, no dynamic routing protocol will advertise the route unless a redistribute static command is specified for these protocols. With the following configuration:
rtr1 (serial 172.16.188.1/30)--------------> rtr2(Fast Ethernet 172.31.1.1/30) ------>router [rip | eigrp | igrp]network 172.16.188.0network 172.31.0.0•
ip route 172.16.188.252 255.255.255.252 FastEthernet0/0RIP and IGRP do not redistribute the route with the following ip route command because of the split horizon algorithm:
ip route 172.16.188.252 255.255.255.252 serial2/1•
ip route 172.16.188.252 255.255.255.252 FastEthernet0/0ip route 172.16.188.252 255.255.255.252 serial2/1With the Open Shortest Path First (OSPF) protocol, static routes that point to an interface are not advertised unless a redistribute static command is specified.
Adding a static route to an Ethernet or other broadcast interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be inserted into the routing table only when the interface is up. This configuration is not generally recommended. When the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface, and therefore it will send Address Resolution Protocol (ARP) requests to any destination addresses that route through the static route.
The practical implication of configuring the ip route 0.0.0.0 0.0.0.0 Ethernet 1/2 command is that the router will consider all of the destinations that the router does not know how to reach through some other route as directly connected to Ethernet interface 1/2. So the router will send an ARP request for each host for which it receives packets on this network segment. This configuration can cause high processor utilization and a large ARP cache (along with memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause your router to reload.
Specifying a numerical next hop that is on a directly connected interface will prevent the router from using proxy ARP. However, if the interface with the next hop goes down and the numerical next hop can be reached through a recursive route, you may specify both the next hop and interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2 10.1.2.3) with a static route to prevent routes from passing through an unintended interface.
The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up.
Examples
The following example chooses an administrative distance of 110. In this case, packets for network 10.0.0.0 will be routed to a router at 172.31.3.4 if dynamic information with an administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.31.3.4 110
Note
The following example routes packets for network 172.31.0.0 to a router at 172.31.6.6:
ip route 172.31.0.0 255.255.0.0 172.31.6.6The following example routes packets for network 192.168.1.0 directly to the next hop at 10.1.2.3. If the interface goes down, this route is removed from the routing table and will not be restored unless the interface comes back up.
ip route 192.168.1.0 255.255.0.0 Ethernet 0 10.1.2.3The following example installs the static route only if the state of track object 123 is up:
ip route 0.0.0.0 0.0.0.0 Ethernet 0/1 10.1.1.242 track 123Related Commands
ip route priority high
To assign a high priority to an Integrated Intermediate System-to-Intermediate System (IS-IS) IP prefix, use the ip route priority high command in router configuration mode. To remove the IP prefix priority, use the no form of this command.
ip route priority high tag tag-value
no ip route priority high tag tag-value
Syntax Description
tag tag-value
Assigns a high priority to IS-IS IP prefixes with a specific route tag in a range from 1 to 4294967295.
Defaults
No IP prefix priority is set.
Command Modes
Router configuration
Command History
Usage Guidelines
When you use the ip route priority high command to tag higher priority IS-IS IP prefixes for faster processing and installation in the global routing table, you can achieve faster convergence. For example, you can help Voice over IP (VoIP) gateway addresses get processed first to help VoIP traffic get updated faster than other types of packets.
Examples
The following example uses the ip route priority high command to assign a tag value of 100 to the IS-IS IP prefix:
Router> enableRouter# configure terminalRouter(config)# interface Ethernet 0Router(config-if)# ip router isisRouter(config-if)# isis tag 100!Router(config)# router isisRouter(config)# ip route priority high tag 100!Related Commands
ip route profile
To enable IP routing table statistics collection, use the ip route profile command in global configuration mode. To disable collection of routing table statistics, use the no form of the command.
ip route profile
no ip route profile
Syntax Description
This command has no arguments or keywords.
Defaults
The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip route profile command helps you to monitor routing table fluctuations that can occur as the result of route flapping, network failure, or network restoration.
This command identifies route flapping over brief time intervals. The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Two sets of statistics are collected. The per-interval statistics are collected over a sampling interval, while the routing table change statistics are the result of aggregating the per-interval statistics. The per-interval statistics are collected as a single set of counters, with one counter tracking one event. All counters are initialized at the beginning of each sampling interval; counters are incremented as corresponding events occur anywhere in the routing table.
At the end of a sampling interval, the per-interval statistics for that sampling interval are integrated with the routing table change statistics collected from the previous sampling intervals. The counters holding the per-interval statistics are reset and the process is repeated.
Routing table statistics are collected for the following events:
•
•
•
•
•
Use the show ip route profile command to display the routing table change statistics.
Examples
The following example enables the collection of routing table statistics:
ip route profileRelated Commands
ip route static adjust-time
To change the time interval for IP static route adjustments during convergence, use the ip route static adjust-time command in global configuration mode. To reinstate the default adjustment time of 60 seconds, use the no form of this command.
ip route static adjust-time seconds
no ip route static adjust-time seconds
Syntax Description
Defaults
seconds: 60
Command Modes
Global configuration
Command History
Usage Guidelines
By default, static route adjustments are made every 60 seconds. To adjust the timer to any interval from 1 to 60 seconds, enter the ip route static adjust-time command.
The benefit of reducing the timer from the 60-second default value is to increase the convergence when static routes are used. However, reducing the interval can be CPU intensive if the value is set very low and a large number of static routes are configured.
Examples
In the following example, the adjustment time for static routes has been changed from the default 60 seconds to 30 seconds:
Router(config)# ip route static adjust-time 30To remove the 30-second adjusted time interval and reinstate the default 60-second value, enter the no route ip static adjust-time command:
Router(config)# no ip route static adjust-time 30Related Commands
ip router isis
To configure an IS-IS routing process for IP on an interface and to attach an area designator to the routing process, use the ip router isis command in interface configuration mode. To disable IS-IS for IP, use the no form of the command.
ip router isis area-tag
no ip router isis area-tag
Syntax Description
Defaults
No routing processes are specified.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(5)T
Multiarea functionality was added, changing the way the tag argument (now area-tag) is used.
Usage Guidelines
Before the IS-IS routing process is useful, a network entity title (NET) must be assigned with the net command and some interfaces must have IS-IS enabled.
If you have IS-IS running and at least one International Organization for Standardization Interior Gateway Routing Protocol (ISO-IGRP) process, the IS-IS process and the ISO-IGRP process cannot both be configured without an area tag. The null tag can be used by only one process. If you run ISO-IGRP and IS-IS, a null tag can be used for IS-IS, but not for ISO-IGRP at the same time. However, each area in an IS-IS multiarea configuration should have a nonnull area tag to facilitate identification of the area.
You can configure only one process to perform Level 2 (interarea) routing. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform intra-area (Level 1) routing at the same time. You can configure up to 29 additional processes as Level 1-only processes. Use the is-type command to remove Level 2 routing from a router instance. You can then use the is-type command to enable Level 2 routing on some other IS-IS router instance.
An interface cannot be part of more than one area, except in the case where the associated routing process is performing both Level 1 and Level 2 routing. On media such as WAN media where subinterfaces are supported, different subinterfaces could be configured for different areas.
Examples
The following example specifies IS-IS as an IP routing protocol for a process named Finance, and specifies that the Finance process will be routed on Ethernet interface 0 and serial interface 0:
router isis Financenet 49.0001.aaaa.aaaa.aaaa.00interface Ethernet 0ip router isis Financeinterface serial 0ip router isis FinanceThe following example shows an IS-IS configuration with two Level 1 areas and one Level 1-2 area:
ip routing...interface Tunnel529ip address 10.0.0.5 255.255.255.0ip router isis BBinterface Ethernet1ip address 10.1.1.5 255.255.255.0ip router isis A3253-011!interface Ethernet2ip address 10.2.2.5 255.255.255.0ip router isis A3253-02...! Defaults to "is-type level-1-2"router isis BBnet 49.2222.0000.0000.0005.00!router isis A3253-01net 49.0553.0001.0000.0000.0005.00is-type level-1!router isis A3253-02net 49.0553.0002.0000.0000.0005.00is-type level-1Related Commands
is-type
Configures the routing level for an IS-IS routing process.
net
Configures an IS-IS NET for a CLNS routing process.
router isis
Enables the IS-IS routing protocol.
ip split-horizon (RIP)
To enable the split horizon mechanism, use the ip split-horizon command in interface configuration mode. To disable the split horizon mechanism, use the no form of this command.
ip split-horizon
no ip split-horizon
Syntax Description
This command has no arguments or keywords.
Defaults
Default behavior varies with media type.
Command Modes
Interface configuration
Command History
Usage Guidelines
For all interfaces except those for which either Frame Relay or Switched Multimegabit Data Service (SMDS) encapsulation is enabled, the default condition for this command is ip split-horizon; in other words, the split horizon feature is active. If the interface configuration includes either the encapsulation frame-relay or encapsulation smds command, then the default is for split horizon to be disabled. Split horizon is not disabled by default for interfaces using any of the X.25 encapsulations.
Note
Note
Note
Examples
The following simple example disables split horizon on a serial link. The serial link is connected to an X.25 network.
interface serial 0encapsulation x25no ip split-horizonRelated Commands
neighbor (RIP)
Defines a neighboring router with which to exchange routing information.
ip split-horizon eigrp
To enable Enhanced Interior Gateway Routing Protocol (EIGRP) split horizon, use the ip split-horizon eigrp command in interface configuration mode. To disable split horizon, use the no form of this command.
ip split-horizon eigrp as-number
no ip split-horizon eigrp as-number
Syntax Description
Defaults
The behavior of this command is enabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
For networks that include links over X.25 packet-switched networks (PSNs), you can use the neighbor router configuration command to defeat the split horizon feature. As an alternative, you can explicitly specify the no ip split-horizon eigrp command in your configuration. However, if you do so, you must similarly disable split horizon for all routers and access servers in any relevant multicast groups on that network.
Note
Examples
The following example disables split horizon on a serial link connected to an X.25 network:
interface serial 0encapsulation x25no ip split-horizon eigrp 101Related Commands
ip split-horizon (RIP)
Enables the split horizon mechanism.
neighbor (EIGRP)
Defines a neighboring router with which to exchange routing information.
ip summary-address eigrp
To configure a summary aggregate address for a specified interface, use the ip summary-address eigrp command in interface configuration mode. To disable a configuration, use the no form of this command.
ip summary-address eigrp as-number ip-address wildcard-mask [admin-distance] [leak-map name]
no ip summary-address eigrp as-number ip-address wildcard-mask
Syntax Description
Defaults
•
•
•
•
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(7)T
The admin-distance argument was introduced.
12.3(14)T
The leak-map keyword was introduced.
Usage Guidelines
The ip summary-address eigrp command is used to configure interface-level address summarization. EIGRP summary routes are given an administrative distance value of 5. The administrative distance metric is used to advertise a summary without installing it in the routing table.
By default, EIGRP summarizes subnet routes to the network level. The no auto-summary command can be entered to configure subnet level summarization.
EIGRP Support For Leaking Routes
Configuring the leak-map keyword allows to advertise a component route that would otherwise be suppressed by the manual summary. Any component subset of the summary can be leaked. A route map and access list must be defined to source the leaked route.
The following is default behavior if an incomplete configuration is entered:
•
•
Examples
The following example, starting in Global configuration mode, configures an administrative distance of 95 on interface Ethernet 0/0 for the 192.168.0.0/16 summary address:
Router(config)# router eigrp 1Router(config-router)# exitRouter(config)# interface Ethernet 0/0Router(config-if)# ip summary-address eigrp 1 192.168.0.0 0.0.255.255 95The following example, starting in Global configuration mode, configures the 10.1.1.0/24 subnet to be leaked through the 10.0.0.0 summary address:
Router(config)# router eigrp 1Router(config-router)# exitRouter(config)# access-list 1 permit 10.1.1.0 0.0.0.255Router(config)# !Router(config)# route-map LEAK-10-1-1 permit 10Router(config-route-map)# match ip address 1Router(config-route-map)# exitRouter(config)# interface Serial 0/0Router(config-if)# ip summary-address eigrp 1 10.0.0.0 0.0.0.255 leak-map LEAK-10-1-1Router(config-if)# endRelated Commands
auto-summary (EIGRP)
Configures automatic summarization of subnet routes to network-level routes (default behavior).
ip summary-address rip
To configure a summary aggregate address under an interface for the Routing Information Protocol (RIP), use the ip summary-address rip command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.
ip summary-address rip ip-address ip-network-mask
no ip summary-address rip ip-address ip-network-mask
Syntax Description
ip-address
IP address to be summarized.
ip-network-mask
IP network mask that drives route summarization for the specified IP address.
Defaults
RIP automatically summarizes to classful network boundaries.
Command Modes
Interface configuration
Command History
Usage Guidelines
The ip summary-address rip command is used to summarize an address or subnet under a specific interface. RIP automatically summarizes to classful network boundaries. Only one summary address can be configured for each classful subnet.
Examples
In the following example the major network is 10.0.0.0. The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0, so that 10.2.0.0 is advertised out Ethernet interface 1 and 10.0.0.0 is not advertised.
Note
interface Ethernet1ip address 10.1.1.1 255.255.255.0ip summary-address rip 10.2.0.0 255.255.0exitrouter ripnetwork 10.0.0.0endRelated Commands
auto-summary (RIP)
Restores the default behavior of automatic summarization of subnet routes into network-level routes.
ip split-horizon (RIP)
Enables the split horizon mechanism.
ip verify unicast vrf
To enable Unicast Reverse Path Forwarding (Unicast RPF) verification for the specified VRF, use the ip verify unicast vrf command in Interface configuration mode. To disable the Unicast RPF check for a VRF, use the no form of this command.
ip verify unicast vrf vrf-name deny | permit
no ip verify unicast vrf vrf-name deny | permit
Syntax Description
Defaults
No default behavior or values
Command Modes
Interface configuration mode
Command History
Usage Guidelines
Unicast Reverse Path Forwarding (Unicast RPF) is configured to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if traffic is forward or dropped.
Examples
The following example configures Unicast RPF verification for VRF GREEN and RED. VRF GREEN TRAFFIC is forwarded. VRF RED traffic is dropped.
Router(config)# interface Ethernet 0Router(config-if)# ip verify unicast vrf GREEN permitRouter(config-if)# ip verify unicast vrf RED denyRouter(config-if)# endRelated Commands
isis advertise-prefix
To allow the advertising of IP prefixes of connected networks in LSP advertisements per IS-IS interface, use the isis advertise-prefix command in interface configuration mode. To prevent IP prefixes of connected networks from being advertised, use the no form of this command.
isis advertise-prefix
no isis advertise-prefix
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled; IP prefixes are advertised.
Command Modes
Interface configuration
Command History
Usage Guidelines
The no isis advertise-prefix command is an IS-IS mechanism to exclude IP prefixes of connected networks from LSP advertisements, thereby reducing IS-IS convergence time.
Configuring the no form of this command per IS-IS interface is a small-scale solution to reduce IS-IS convergence time because fewer prefixes will be advertised in the router nonpseudonode LSP.
An alternative to this command is the advertise-passive-only command. The latter is a scalable solution because it is configured per IS-IS instance.
Examples
The following example uses the no isis advertise-prefix command on Ethernet interface 0. Only the IP address of loopback interface 0 is advertised.
!interface loopback 0ip address 192.168.10.1 255.255.255.255no ip directed-broadcast!interface Ethernet 0ip address 192.168.20.1 255.255.255.0no ip directed-broadcastip router isisno isis advertise-prefix!!.!.!.!router isispassive-interface loopback 0net 47.0004.004d.0001.0001.0c11.1111.00log-adjacency-changes!Related Commands
advertise-passive-only
Configures the IS-IS instance to advertise only prefixes that belong to passive interfaces.
isis authentication key-chain
To enable authentication for an IS-IS interface, use the isis authentication key-chain command in interface configuration mode. To disable such authentication, use the no form of this command.
isis authentication key-chain name-of-chain [level-1 | level-2]
no isis authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
Defaults
No key chain authentication is configured for a specific IS-IS interface, although it might be configured at the IS-IS instance level.
Command Modes
Interface configuration
Command History
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Only one authentication key chain is applied to an IS-IS interface at one time. That is, if you configure a second isis authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an entire instance of IS-IS instead of at the interface level by using the authentication key-chain command.
Examples
The following example configures Ethernet interface 0 to accept and send any key belonging to the key chain named trees:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication mode md5 level-1isis authentication key-chain trees level-1Related Commands
authentication key-chain
Enables authentication for IS-IS at the instance level.
key chain
Enables authentication for routing protocols.
isis authentication mode
To specify the type of authentication used for an IS-IS interface, use the isis authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
isis authentication mode {md5 | text} [level-1 | level-2]
no isis authentication mode
Syntax Description
Defaults
No authentication is provided for IS-IS packets on an interface level, although authentication could be provided at the IS-IS instance level by several means.
Command Modes
Interface configuration
Command History
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the isis authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no isis authentication mode command first.
You can specify the type of authentication and the level to which it applies for the entire IS-IS instance, rather than per interface, by using the authentication mode command.
Examples
The following example configures IS-IS Level 2 packets to use MD5 authentication on Ethernet interface 0:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication mode md5 level-2isis authentication key-chain cisco level-2Related Commands
isis authentication send-only
To specify that authentication is performed only on packets being sent (not received) on a specified IS-IS interface, use the isis authentication send-only command in interface configuration mode. To restore the default value, use the no form of this command.
isis authentication send-only [level-1 | level-2]
no isis authentication send-only
Syntax Description
Defaults
If MD5 authentication is configured at the interface level, it applies to IS-IS packets being sent and received over all interfaces.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no isis authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
Examples
The following example configures IS-IS Level-1 packets to use MD5 authentication on packets being sent (not received) on Ethernet interface 0:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication send-only level-1isis authentication mode md5 level-1isis authentication key-chain cisco level-1Related Commands
isis circuit-type
To configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command.
isis circuit-type [level-1 | level-1-2 | level-2-only]
no isis circuit-type
Syntax Description
Defaults
A Level 1 and Level 2 adjacency is established.
Command Modes
Interface configuration
Command History
Usage Guidelines
Normally, this command need not be configured. The proper way is to configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.
A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.
A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.
Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.
Examples
In the following example, other routers on Ethernet interface 0 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.
interface ethernet 0ip router isisinterface ethernet 1isis circuit-type level-2-onlyisis csnp-interval
To configure the IS-IS complete sequence number PDUs (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis csnp-interval seconds [level-1 | level-2]
no isis csnp-interval [level-1 | level-2]
Syntax Description
Defaults
10 seconds
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
It is very unlikely you will need to change the default value of this command.
This command applies only for the designated router (DR) for a specified interface. Only DRs send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2. Configuring the CSNP interval does not apply to serial point-to-point interfaces. It does apply to WAN connections if the WAN is viewed as a multiaccess meshed network.
For multiaccess WAN interfaces such as ATM, Frame Relay, and X.25, we highly recommend that you configure the nonbroadcast multiaccess (NBMA) cloud as multiple point-to-point subinterfaces. Doing so will make routing much more robust if one or more permanent virtual circuits (PVCs) fails.
The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.
Examples
The following example configures Ethernet interface 0 for sending CSNPs every 30 seconds:
interface ethernet 0isis csnp-interval 30 level-1isis display delimiter
To make output from multiarea displays easier to read by specifying the delimiter to use to separate displays of information, use the isis display delimiter command in global configuration mode. To disable this output format, use the no form of the command.
isis display delimiter [return count | character count]
no isis display delimiter [return count | character count]
Syntax Description
Defaults
The isis display delimiter command is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to customize display output when the IS-IS multiarea feature is used. The isis display delimiter command displays the output from different areas as a string or additional white space.
Examples
The following command causes different areas in multiarea displays (such as show command output) to be delimited by a string of dashes (-):
isis display delimiter - 14With three IS-IS neighbors configured, this command displays the following output from the show clns neighbors command:
Router# show clns neighbors--------------Area L2BB:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0009 Tu529 172.21.39.9 Up 25 L1L2 IS-IS--------------Area A3253-01:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0053 Et1 0060.3e58.ccdb Up 22 L1 IS-IS0000.0000.0003 Et1 0000.0c03.6944 Up 20 L1 IS-IS--------------Area A3253-02:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0002 Et2 0000.0c03.6bc5 Up 27 L1 IS-IS0000.0000.0053 Et2 0060.3e58.ccde Up 24 L1 IS-ISRelated Commands
isis hello padding
To reenable IS-IS hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command.
isis hello padding
no isis hello padding
Syntax Description
This command has no arguments or keywords.
Defaults
IS-IS hello padding is enabled.
Command Modes
Interface configuration
Command History
12.0(5)T
This command was introduced.
12.0(5)S
This command was integrated into Cisco IOS Release 12.0(5)S.
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.
Examples
To turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# interface e0/0Router(config-if)# no isis hello paddingRouter(config-if)# endWhen the show clns neighbor command is entered for Ethernet interface 0/0, the output confirms that hello padding has been turned off for both Level 1 and Level 2 circuit types:
Router_A# show clns interface e0/0Ethernet0/0 is up, line protocol is upChecksums enabled, MTU 1497, Encapsulation SAPERPDUs enabled, min. interval 10 msec.CLNS fast switching enabledCLNS SSE switching disabledDEC compatibility mode OFF for this interfaceNext ESH/ISH in 47 secondsRouting Protocol: IS-ISCircuit Type: level-1-2Interface number 0x0, local circuit ID 0x1Level-1 Metric: 10, Priority: 64, Circuit ID: Router_B.01Level-1 IPv6 Metric: 10Number of active level-1 adjacencies: 1Level-2 Metric: 10, Priority: 64, Circuit ID: Router_B.01Level-2 IPv6 Metric: 10Number of active level-2 adjacencies: 1Next IS-IS LAN Level-1 Hello in 2 seconds! No hello paddingNext IS-IS LAN Level-2 Hello in 2 seconds! No hello paddingWhen the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497:
Router# debug isis adj packets e0/0IS-IS Adjacency related packets debugging is onRouter#*Oct 11 18:04:17.455: ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0, length 55*Oct 11 18:04:19.075: ISIS-Adj: Rec L2 IIH from aabb.cc00.6600 (Ethernet0/0), cir type L1L2, cir id 0000.0000.000B.01, length 1497Related Commands
isis hello-interval
To specify the length of time between hello packets that the Cisco IOS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-interval {seconds | minimal} [level-1 | level-2]
no isis hello-interval [level-1 | level-2]
Syntax Description
Defaults
10 seconds
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
The hello interval multiplied by the hello multiplier equals the hold time. If the minimal keyword is specified, the hold time is 1 second and the system computes the hello interval based on the hello multiplier.
The hello interval can be configured independently for Level 1 and Level 2, except on serial point-to-point interfaces. (Because only a single type of hello packet is sent on serial links, it is independent of Level 1 or Level 2.) The level-1 and level-2 keywords are used on X.25, SMDS, and Frame Relay multiaccess networks or LAN interfaces.
A faster hello interval gives faster convergence, but increases bandwidth and CPU usage. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU. Especially when used in combination with a higher hello multiplier, this configuration may increase overall network stability.
It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces.
Examples
The following example configures serial interface 0 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than configuring a longer interval, but topological changes will be detected earlier.
interface serial 0isis hello-interval 5 level-1Related Commands
isis hello-multiplier
Specifies the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down.
isis hello-multiplier
To specify the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-multiplier multiplier [level-1 | level-2]
no isis hello-multiplier [level-1 | level-2]
Syntax Description
Defaults
multiplier: 3
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
The "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated.
Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.
On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.
Examples
In the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.
interface serial 1ip router isisisis hello-interval 6 level-1isis hello-multiplier 10 level-1Related Commands
isis hello-interval
Specifies the length of time between hello packets that the Cisco IOS software sends.
isis lsp-interval
To configure the time delay between successive IS-IS link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis lsp-interval milliseconds
no isis lsp-interval
Syntax Description
Defaults
The default time delay is 33 milliseconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and by implication the reception rate of other systems) to be reduced.
Examples
The following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on serial interface 0:
interface serial 0isis lsp-interval 100Related Commands
isis retransmit-interval
Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links.
isis mesh-group
To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command.
isis mesh-group [number | blocked]
no isis mesh-group [number | blocked]
Syntax Description
number
(Optional) A number identifying the mesh group of which this interface is a member.
blocked
(Optional) Specifies that no LSP flooding will take place on this subinterface.
Defaults
The interface performs normal flooding.
Command Modes
Interface configuration
Command History
Usage Guidelines
LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.
LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the blocked keyword is configured on a subinterface, then a newly received LSP is not flooded out over that interface.
To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.
Examples
In the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows:
•
•
•
interface atm 1/0.1 ip router isis isis mesh-group 10interface atm 1/0.2ip router isis isis mesh-group 10interface atm 1/1.1 ip router isis isis mesh-group 11interface atm 1/1.2 ip router isis isis mesh-group 11interface atm 1/2.1 ip router isisisis mesh-group blockedinterface atm 1/2.2 ip router isisRelated Commands
isis metric
To configure the metric for an interface, use the isis metric command in interface configuration mode. To restore the default metric value, use the no form of this command.
isis metric default-metric [level-1 | level-2]
no isis metric [level-1 | level-2]
Syntax Description
Defaults
If no keyword is specified, the default is level-1-2.
Command Modes
Interface configuration
Command History
Usage Guidelines
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop count metrics.
Examples
The following example configures serial interface 0 for a default link-state metric cost of 15 for Level 1:
interface serial 0isis metric 15 level-1isis network point-to-point
To configure a network of only two networking devices that use broadcast media and the integrated IS-IS routing protocol to function as a point-to-point link instead of a broadcast link, use the isis network point-to-point command in interface configuration mode. To disable the point-to-point usage, use the no form of this command.
isis network point-to-point
no isis network point-to-point
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command only on broadcast media in a network of only two networking devices. The command will cause the system to issue packets point-to-point rather than as broadcasts. Configure the command on both networking devices in the network.
Examples
The following example configures a Fast Ethernet interface to act as a point-to-point interface:
interface fastethernet 1/0isis network point-to-pointisis password
To configure the authentication password for an interface, use the isis password command in interface configuration mode. To disable authentication for IS-IS, use the no form of this command.
isis password password [level-1 | level-2]
no isis password [level-1 | level-2]
Syntax Description
Defaults
This command is disabled by default.
If no keyword is specified, the default is level-1-2.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command enables you to prevent unauthorized routers from forming adjacencies with this router, and thus protects the network from intruders.
The password is exchanged as plain text and thus provides only limited security.
Different passwords can be assigned for different routing levels using the level-1 and level-2 keywords.
Specifying the level-1 or level-2 keyword disables the password only for Level 1 or Level 2 routing, respectively.
Examples
The following example configures a password for Ethernet interface 0 at Level 1:
interface ethernet 0isis password frank level-1isis priority
To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.
isis priority number-value [level-1 | level-2]
no isis priority [level-1 | level-2]
Syntax Description
Defaults
Priority of 64
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.
The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.
In IS-IS, there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.
Examples
The following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS.
interface ethernet 0isis priority 80 level-1isis protocol shutdown
To disable the Intermediate System-to-Intermediate System (IS-IS) protocol so that it cannot form adjacencies on a specified interface and place the IP address of the interface into the link-state packet (LSP) that is generated by the router, use the isis protocol shutdown command in interface configuration mode. To reenable the IS-IS protocol, use the no form of this command.
isis protocol shutdown
no isis protocol shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Interface configuration
Command History
12.3(4)T
This command was introduced.
12.2(25)S
This command was integrated into Cisco IOS Release12.2(25)S.
Usage Guidelines
The isis protocol shutdown command allows you to disable the IS-IS protocol for a specified interface without removing the configuration parameters. The IS-IS protocol will not form any adjacencies for the interface for which the isis protocol shutdown command has been configured, and the IP address of the interface will be put into the LSP that is generated by the router.
If you do not want IS-IS to form any adjacency on any interface and clear the IS-IS LSP database, you can enter the protocol shutdown command.
Examples
The following example disables the IS-IS protocol on Ethernet interface3/1:
Router(config)# interface Ethernet 3/1Router(config-if)# isis protocol shutdownRelated Commands
protocol shutdown
Disables the IS-IS protocol so that it cannot form any adjacency on any interface and clears the IS-IS LSP database.
isis retransmit-interval
To configure the amount of time between retransmission of each IS-IS link-state packet (LSP) on a point-to-point link, use the isis retransmit-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-interval seconds
no isis retransmit-interval seconds
Syntax Description
Defaults
5 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
The setting of the seconds argument should be conservative, or needless retransmission will result.
This command has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability.
Retransmissions occur only when LSPs are dropped. So setting the seconds argument to a higher value has little effect on reconvergence. The more neighbors routers have, and the more paths over which LSPs can be flooded, the higher this value can be made.
The value should be higher for serial lines.
Examples
The following example configures serial interface 0 for retransmission of IS-IS LSP, every 60 seconds for a large serial line:
interface serial 0isis retransmit-interval 60Related Commands
isis retransmit-throttle-interval
To configure the amount of time between retransmissions on each IS-IS link-state packet (LSP) on a point-to-point interface, use the isis retransmit-throttle-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-throttle-interval milliseconds
no isis retransmit-throttle-interval
Syntax Description
Defaults
The delay is determined by the isis lsp-interval command.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This command controls the rate at which LSPs can be re-sent on the interface.
The isis retransmit-throttle-interval command is distinct from the rate at which LSPs are sent on the interface (controlled by the isis lsp-interval command) and the period between retransmissions of a single LSP (controlled by the isis retransmit-interval command). These commands may all be used in combination to control the offered load of routing traffic from one router to its neighbors.
Examples
The following example configures serial interface 0 to limit the rate of LSP retransmissions to one every 300 milliseconds:
interface serial 0isis retransmit-throttle-interval 300Related Commands
isis tag
To set a tag on the IP address configured for an interface when this IP prefix is put into an IS-IS LSP, use the isis tag command in interface configuration mode. To stop tagging the IP address, use the no form of this command.
isis tag tag-number
no isis tag tag-number
Syntax Description
Defaults
No route tag is associated for IP addresses configured for the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
Tagging a route does nothing for you until you use the tag, for example, to redistribute routes or summarize routes.
Configuring the isis tag command triggers the router to generate new LSPs because the tag is a new piece of information in the packet.
Examples
In this example, two interfaces are tagged with different tag values. By default, these two IP addresses would have been put into the IS-IS Level 1 and Level 2 database. However, by using the redistribute command with a route map to match tag 110, only IP address 20.1.1.1 255.255.255.0 is put into the Level 2 database.
interface ethernet 1/0ip address 10.1.1.1 255.255.255.0ip router isisisis tag 120interface ethernet 1/1ip address 20.1.1.1 255.255.255.0ip router isisisis tag 110router isisnet 49.0001.0001.0001.0001.00redistribute isis ip level-1 into level-2 route-map match-tagroute-map match-tag permit 10match tag 110ispf
To enable incremental Shortest Path First (SPF), use the ispf command in router configuration mode. To disable incremental SPF, use the no form of this command.
ispf {level-1 | level-2 | level-1-2} [seconds]
no ispf
Syntax Description
Defaults
Incremental SPF is disabled.
seconds: 120Command Modes
Router configuration
Command History
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) use Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type 1 or Type 2 link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recompute only the affected part of the tree. Recomputing only a portion of the tree rather than the entire tree results in faster OSPF convergence and saves CPU resources. Note that if the change to a Type 1 or Type 2 LSA occurs in the calculating router itself, then the full SPT is performed.
Incremental SPF computes only the steps needed to apply the changes in the network topology diagram. That process requires that the system keep more information about the topology in order to apply the incremental changes. Also, more processing must be done on each node for which the system receives a new link-state packet (LSP). However, incremental SPF typically reduces demand on CPU.
Incremental SPF is scheduled in the same way as the full SPF. Routers enabled with incremental SPF and routers not enabled with incremental SPF can function in the same internetwork.
Incremental SPF works only for IPv4.
Even if incremental SPF is configured, there are some cases where full SPF is executed; for example, periodic SPF, a calculation change for the routing calculation (such as a change in metric, is-type, and so on), the configuration of the clear ip route or clear isis commands, or adjacency changes.
Examples
The following example enables OSPF incremental SPF:
Router(config)# router ospf 1Router(config-router)# ispfThe following examples enables IS-IS incremental SPF for Level 1 and Level 2 packets:
Router(config)# router isisRouter(config-router)# ispf level-1-2is-type
To configure the routing level for an instance of the IS-IS routing process, use the is-type command in router configuration mode. To reset the default value, use the no form of this command.
is-type [level-1 | level-1-2 | level-2-only]
no is-type [level-1 | level-1-2 | level-2-only]
Syntax Description
Defaults
In conventional IS-IS configurations, the router acts as both a Level 1 (intra-area) and a Level 2 (interarea) router.
In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a Level 1-2 (intra-area and interarea) router. The remaining instances of the IS-IS process configured by default are Level 1 routers.
Command Modes
Router configuration
Command History
10.3
This command was introduced.
12.0(5)T
This command was modified to include multiarea IS-IS routing.
Usage Guidelines
We highly recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router.
If only one area is in the network, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are by default Level 1 areas.
If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device.
Examples
The following example specifies an area router:
router isisis-type level-2-onlyRelated Commands
