ISIS Operation and Design

This subsection discusses IS-IS areas, designated routers, authentication, and the NET. IS-IS defines areas differently from OSPF; area boundaries are links and not routers. IS-IS has no BDRs. Because IS-IS is an OSI protocol, it uses a NET to identify each router.

To configure the IS-IS routing protocol, you must configure a NET on every router. Although configuring NET is not a CCDA test requirement, this information is included for "extra credit."

Although you can configure IS-IS to route IP, the communication between routers uses OSI PDUs. The NET is the OSI address used for each router to communicate with OSI PDUs. A NET address ranges from 8 to 20 bytes. It consists of a domain, area ID, system ID, and selector (SEL), as shown in Figure 11-8.

Figure 11-8 NET

Area ID

System ID


6 bytes


IS-IS routers use the area ID. The system ID must be the same length for all routers in an area. For Cisco routers, it must be 6 bytes in length. Usually, a router MAC address identifies each unique router. The SEL is configured as 00. You configure the NET with the net subcommand under the router isis command. In the following example, the domain authority and format identifier (AFI) is 49, the area is 0001, the system ID is 00aa.0101.0001, and the SEL is 00:

router isis net 49.0001.00aa.0101.0001.00


As with OSPF, IS-IS selects DRs on multiaccess networks. It does not choose a backup DR as does OSPF. By default, the priority value is 64. You can change the priority value to a value from 0 to 127. If you set the priority to 0, the router is not eligible to become a DR for that network. IS-IS uses the highest system ID to select the DR if there is a tie with the priorities. On point-to-point networks, the priority is 0 because no DR is elected. In IS-IS, all routers in a multiaccess network establish adjacencies with all others in the subnetwork, and IS-IS neighbors become adjacent upon the discovery of one another. Both these characteristics are different from OSPF behavior.

374 Chapter 11: OSPF and IS-IS IS-IS Areas

IS-IS uses a two-level hierarchy similar to the OSPF area hierarchy developed later. Routers are configured to route Level 1 (L1), Level 2 (L2), or both Level 1 and Level 2 (L1/L2). Level 1 routers are like OSPF internal routers in a Cisco totally stubby area. An L2 router is similar to an OSPF backbone router. A router that has both Level 1 and Level 2 routes is similar to an OSPF ABR. IS-IS does not define a backbone area, but you can consider the backbone a continuous path of adjacencies among Level 2 ISs.

The L1/L2 routers maintain a separate link-state database for the L1 routes and L2 routes. Also, the L1/L2 routers do not advertise L2 routes to the L1 area. L1 routers do not have information about destinations outside the area and use L1 routes to their L1/L2 router to reach outside destinations.

As shown in Figure 11-9, IS-IS areas are bounded not by the L1/L2 routers but by the links between L1/L2 routers and L2 backbone routers.

Figure 11-9 IS-IS Areas and Router Types

Figure 11-9 IS-IS Areas and Router Types

IS-IS Authentication

IS-IS supports three types of clear-text authentication: link authentication, area authentication, and domain authentication. All these types support only clear-text password authentication. Recently, an RFC draft added support for an IS-IS MD5.

Routers in a common subnetwork (Ethernet, private line) use link authentication. The clear-text password must be common only between the routers in the link. Level 1 and Level 2 routes use separate passwords.

With area authentication, all routers in the area must use the same authentication mode and must have the same password.

Only L2 and L1/L2 routers use domain authentication. All L2 and L1/L2 routers must be configured for the same authentication mode and must use the same password.

0 0

Post a comment