IS-IS
ISIS Security part 2 – Video
A while ago I wrote a post on ISIS security. Here is a video to accompany the post.
Consider the topology below.
There are five ways to configure ISIS authentication. The methods differ in which packets they authenticate. Some authentication methods will tear down ISIS adjacencies if there is an authentication mismatch, others will remove any [...]
Redistributing ISIS into OSPF
Someone asked me recently for an example of ISIS redistribution into OSPF. So here goes.
Consider the toplogy below.
We redistribute ISIS into OSPF and vice versa on R2. We should then be able to ping R1 loopback from R3 loopback and vice versa.
Watch the video below or alternativly click here to download and watch [...]
ISIS level-1, level-2 areas, ISIS redistribution and ISIS default route origination.
I’m going to cover following three things in this post.
Level-1, Level-1-2 and Level-2-only routers. How to configure and what is the att bit
Investigate the default behavior of the various levels with respect to routing updates. ie are level-2 prefixes by default advertised to level-1 routers.
Finally we will cover how to originate a default route within [...]
ISIS over Frame-Relay
Configuring ISIS over frame-relay requires an additional command due to the fact that ISIS packets do not use IP at layer 3 but rather use CLNS.
Consider the topology below.
Watch the video below or alternatively download it and watch it on your iPod .
The commands used in the configuration can be found below.
R1
!
frame-relay switching
!
interface Serial1/0
ip address [...]
ISIS wide metrics
Be default ISIS caps ISIS metrics greater than 63.
To address this limitation a new IS-IS TLV was defined to overcome the limited 6-bit metric of 63. This TLV known as TLV Type 135 increased the per-link metric range from to ie the new TLV has 24-bits for the ISIS metric.
This new range can [...]
ISIS Security
ISIS uses four types of packets they are, hello, LSPs, CSNPs and PSNPs. The different authentication methods insert passwords into different packets. Some of the security methods allow MD5 as well as clear text authentication. The 5 password configuration options for ISIS are as follows:-
1-area-password 2-domain-password 3-authentication key-chain [...]
Traffic Engineering – IGP extensions (IS-IS)
Some extensions were added to ISIS to provide resource information to the TE process.
IS-IS Extenstions added to support TE
TLVs have been defined to extend IS-IS functionality to include it amongst the protocols of choice for TE.
Informational RFC 3784 details the TLVs which have been added To IS-IS to support TE. RFC 3874 also introduces the [...]
MPLS infrastructure configuration.
Here is a short video showing how to configure an MPLS core infrastructure. The video covers basic serial and ethernet configurations, IP addressing, ISIS, MPLS and BGP VPNv4 configurations. The network topology can be seen in the diagram below.
ISIS – creating unique system IDs
*here are several techniques for creating unique system IDs:
1. Start numbering 1, 2, 3, 4, and so on.
2. Use Media Access Control (MAC) addresses.
3. Convert and use the loopback IP address as below.
*taken from Cisco web site
Simplified NSAP format
The actual NSAP format is quite complicated. Luckily there is a simplifed format which is used in most implementations.
Click here to view a power point show on the simplified NSAP format.
