Route filtering

IS-IS The protocol and OSPF You can also filter routes , Filter in and out directions respectively .

Relevant command

Into the direction

[R1-isis-1]filter-policy 2000 import 

Exit direction

[R1-isis-1]filter-policy 2000 export 

Route summary

IS-IS The protocol and OSPF Route summary can also be carried out .

Relevant command

Summary

[R1-isis-1]summary 1.1.1.0 255.255.255.248 level-1

Adding a level after it indicates the area to be published

authentication

IS-IS Authentication is an authentication method based on the requirements of network security , By means of IS-IS The authentication field is added in the message to authenticate the message . When the local router receives the message sent by the remote router IS-IS message , If the authentication passwords do not match , Then discard the received message , To achieve the goal of self-protection .

Relevant command

Interface authentication ： Configure... In the interface view , Yes Level-1 and Level-2 Of Hello Message authentication .

[R1-GigabitEthernet0/0/0]isis authentication-mode simple cipher 123

Regional certification ： stay IS-IS Configure in the process view , Yes Level-1 Of CSNP、PSNP and LSP Message authentication .

[R1-isis-1]area-authentication-mode md5 cipher 123

Routing domain authentication ： stay IS-IS Configure in the process view , Yes Level-2 Of CSNP、PSNP and LSP Message authentication .

[R1-isis-1]domain-authentication-mode md5 plain 123

influence ISIS The factors of establishing neighborhood relationship

level Grade

If the local interface Level The level of Level-1, Then the peer interface Level The level must be Level-1 or Level-1-2.

If the local interface Level The level of Level-2, Then the peer interface Level The level must be Level-2 or Level-1-2.

If the local interface Level The level of Level-1-2, Then the peer interface Level The level can be Level-1、Level-2 or Level-1-2.

therefore Level-1 And Level-2 Can't build a neighborhood .

Regional address

If both ends of the link are established Level-1 neighbor , It is necessary to ensure that the devices at both ends of the link are in the same area .

One IS-IS Processes can be configured at most 3 Area addresses , As long as there is one area at both ends with the same address , You can create Level-1 neighbor .

establish IS-IS Level-2 Neighbor time , There is no need to judge whether the regional address matches .

authentication

If the authentication methods at both ends of the interface do not match , Unable to establish neighbors .

The regional authentication and routing domain authentication methods do not match , You can build neighbors , But the route cannot be generated .

Cost type

See

2022-06-27 Advanced network engineering （ Twelve ）IS-IS- Cost type 、 Cost calculation 、LSP Processing mechanism 、 Route revocation 、 Route penetration _ Goose blog -CSDN Blog Width measurement -wide expenses = Reference bandwidth / Interface bandwidth *10, Reference bandwidth range 1-16777214, The default value of reference bandwidth is 1000. The default type , Overhead range 1-63, The default value 10. Compatible with width measure and narrow measure LSP, This machine only sends messages with width （ Include width in the message TLV） Compatible with width measure and narrow measure LSP, This machine only sends narrow metric messages （ Include narrow metrics in the message TLV） Compatible with width measure and narrow measure LSP, This machine only sends messages with two measurements （ There are two measures in the message TLV）1 wide（ No other route ） and narrow（ No other route ）2 wide-compatible（ There is another route ） and narrowhttps://blog.csdn.net/x629242/article/details/125479872?spm=1001.2014.3001.5501#t6

System ID

If both ends of the link use the same system id, You can't build neighborhoods .

If the same area is not directly connected, there are the same system id, It will cause routing oscillation .

Network type

If the two ends of the link are different network types （ Point to point networks and broadcast networks ）, You can't build neighborhoods .

IP Network segment

In a point-to-point network , If IP Segment inconsistency , Ignoring IP Under the premise of inspection , You can build neighborhoods , Not vice versa .

Not in broadcast networks .

Relevant command

Ignore IP Check

[R1-GigabitEthernet0/0/0]isis peer-ip-ignore

The way to establish neighbors in a point-to-point network

If different ways of establishing neighbors are used at both ends of the link , And add only Parameters such as 2-way and 3-way only, You can't build neighbors .

MTU

If both ends of the link MTU atypism , You can't build neighbors .

Relevant command

modify MTU

[R1-GigabitEthernet0/0/0]mtu ?
  <46-1600>  MTU value

close padding

[R1-GigabitEthernet0/0/0]isis small-hello

Modify the sent LSP size

[R1-isis-1]lsp-length originate ?
  INTEGER<512-16384>  Max LSP size in bytes

Other commands and features

modify hello Send time

[R1-GigabitEthernet0/0/0]isis timer hello 20 level-1

modify csnp Send time

[R1-GigabitEthernet0/0/0]isis timer csnp 20 level-1

Silent port （ Features and ospf The same as , Do not send or receive messages , But the route of the network segment can be published ）

[R1-GigabitEthernet0/0/0]isis silent

To configure spf Time , When LSDB change , Will calculate . The three values are the maximum time , Unit second , The default value 5; Initial time , Unit millisecond , The default value 50; Incremental time , Unit millisecond , The default value 200.

[R1-isis-1]timer spf 15 10 100

To configure LSP Refresh cycle , The default value 900 second .

[R1-isis-1]timer lsp-refresh 600

To configure LSP Maximum effective time of , The default value 1200 second .

[R1-isis-1]timer lsp-max-age 800

To configure LSP Retransmission time , The default value 5 second .

[R1-isis-1]timer lsp-generation 10

LSP Spread fast , When the router receives a new LSP when , Publish it to in progress SPF Calculation .

[R1-isis-1]flash-flood

Send the default route

[R1-isis-1]default-route-advertise always