CHAPTER 5

IS-IS

This chapter covers the following exam topics:

2.0 Networking
2.1 Implement IS-IS (IPv4 and IPv6)
■ 2.1.a Route advertisement
■ 2.1.b Area addressing
■ 2.1.c Single/Multitopology
■ 2.1.d Metrics
2.6 Troubleshoot routing protocols
■ 2.6.a Neighbor adjacency (BGP, OSPF, IS-IS)
■ 2.6.b Route advertisement (BGP, OSPF, IS-IS)

In the dynamic and expansive landscape of service provider environments, where scale,
efficiency, and reliability are paramount, the role of routing protocols is critical. Link-state
routing protocols (LSPs) emerge as a cornerstone in service providers’ infrastructures,
offering a sophisticated and adaptable mechanism for managing complex environments.
These protocols provide a robust underlay, optimize routing decisions, enhance network
responsiveness, and ensure smooth communication across vast and diverse service provider
networks.
Service providers face unique challenges, such as diverse customer requirements, varying
traffic patterns, and the need for rapid adaptation to changes in network topology. Link-state
routing Protocols address these challenges by providing a decentralized and information-rich
approach to routing. By disseminating detailed information about the state of network links,
routers in service provider environments can construct and maintain an accurate map of the
entire network. This comprehensive awareness empowers the network to dynamically adapt
to changes, rerouting traffic efficiently and minimizing downtime.
The protocols we focus on in this chapter and the next are Intermediate System to Intermedi-
ate System (IS-IS) and Open Shortest Path First (OSPF). Unlike traditional distance-vector
protocols, which focus on the distance or hops to reach a destination, IS-IS and OSPF priori-
tize the precise knowledge of the network’s layout. Their ability to adapt has been the key
factor in their enduring relevance. Five years can feel like an eternity in a digital landscape,
yet both protocols have survived for decades. They excel at maintaining an accurate and up-
to-date understanding of the network’s topology and enable routers to make informed
decisions about the most optimal paths for data transmission.
This chapter and the next examine the specific differences of IS-IS and OSPF. We have struc-
tured the chapters in a way that helps you rapidly acquire and retain practical knowledge of

Telegram: @cisco_in_persian_channel
 their underlying mechanics. Both of the protocols provide a good view into enhancing
network efficiency, fault tolerance, and adaptability. By understanding the nuances of
their implementation, you will appreciate the impact of Link-state routing protocols on
the robustness and efficiency of routing within the intricate tapestry of service provider
infrastructures.
One last thing: Extensive literature exists on IS-IS and OSPF, but our emphasis is on practical
implementation for the exam. I (Brad) am trying to show you how to configure and deploy
these protocols effectively within the limited pages available. Thus, I have prioritized the
essential operational components while omitting detailed theoretical aspects to simplify
content. Supplementing with additional resources outside this material can provide a compre-
hensive understanding. I encourage you to concentrate on the practical application; this will
ensure success in demonstrating proficiency during the exam.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this
entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in
doubt about your answers to these questions or your own assessment of your knowledge
of the topics, read the entire chapter. Table 5-1 lists the major headings in this chapter and
their corresponding “Do I Know This Already?” quiz questions. You can find the answers in
Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 5-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section Questions
Implement IS-IS (IPv4 and IPv6) 1-4
Troubleshooting IS-IS 5

CAUTION The goal of self-assessment is to gauge your mastery of the topics in this
chapter. If you do not know the answer to a question or are only partially sure of the answer,
you should mark that question as wrong for purposes of the self-assessment. Giving yourself
credit for an answer you correctly guess skews your self-assessment results and might
provide you with a false sense of security.

1. An IS-IS area is only used to regulate which of the following?

a. Formation of adjacencies
b. Scope of route advertisements
c. LSA flooding
d. LSP flooding
2. Which of the following statements accurately describes a characteristic of IS-IS?
(Select all that apply.)
a. A Level-1 router will never form adjacency with Level-2 only routers.
b. Level-2 adjacencies must have the same area IDs.
c. Level-1 routers will form adjacency with Level-2 only routers.
d. Level-2 adjacencies can have different area IDs.

Telegram: @cisco_in_persian_channel
110 CCNP SPCOR 350-501 Official Cert Guide

3. Which of the following are IPv6-related ISIS TVLs? (Select all that apply.)
a. 232
b. 233
c. 234
d. 237
4. Which protocol supports preemptive pseudonodes?
a. OSPF
b. IS-IS
c. BGP
d. BFD
5. What is the IS-IS LSP holdtime period in minutes?
a. 10
b. 20
c. 30
d. 60

Foundation Topics
Implement IS-IS (IPv4 and IPv6)
Intermediate System to Intermediate System (IS-IS) was originally developed for use in the
Open Systems Interconnection (OSI) networking framework in the 1980s. However, its
practicality and efficiency transcended its original OSI framework, leading to its adoption in
Internet Protocol (IP) networks. These four key technical elements capture the essence of the
IS-IS protocol:

■ SPF Algorithm: This algorithm computes optimal routes based on the information
collected about network link states.

■ CLNS Addressing: Because it was originally designed for the OSI networking model,
a Connectionless Network Service (CLNS) addressing scheme is employed.
However, in IP networks, it smoothly integrates with IPv4 and IPv6, showcasing the
protocol’s adaptability.

■ Link-State Database (LSDB): This database contains information about the state of
each network link and forms the basis for informed routing decisions.

■ Hierarchical Design: The design organizes routers into levels and areas. This hierarchi-
cal structure enhances scalability and facilitates efficient topology management.

Similar to OSPF, IS-IS is frequently used in both enterprise and service provider environments.
It converges rapidly, scales remarkably well, and is particularly flexible for fine-tuning. Addition-
ally, IS-IS is easily extensible through Type/Length/Value (TLV) extensions, simplifying the use
of newer features, such as support for the IPv6 address family or Segment Routing. It is helpful
to think of TLV extensions as train cars: The train does not care what load a car carries; it will
transport coal, IPv6, or Segment Routing with these extensions anyway. This makes it a powerful
attribute. Some argue that IS-IS is a straightforward protocol; a common sentiment is “If you are
familiar with OSPF, discard half of your knowledge, and you’re acquainted with IS-IS.”

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 111

Remember that IS-IS is a Layer 2 protocol and is encapsulated in CLNS (not Layer 3 IP, like
OSPF); each IS-IS router is uniquely identified with a Network Entity Title (NET) address.
Let’s examine the following NET address: 49.0001.0000.0000.0001.00.

1. The first 8 bits (49) represent the address family identifier (AFI). Currently, 49 repre-
sents a locally defined format (suitable for private addressing, the operator is free to
format to their liking). ISO used to assign AFI identifiers to different organizations
that gave out addresses, but this no longer happens, and when it comes to IS-IS, most
companies end up using 49. As an example, civilian departments within the U.S. gov-
ernment were designated with the code 47.0005, while the U.S. Department of Defense
was identified by the code 47.0006.
2. The next 16 bits (0001) represent the area. This field can vary in length. You can just
leave it “blank”—49.0000.0000.0001.00 (notice this differs from the highlighted exam-
ple before this list). A better practice is to pick a number for this field (as I have done
here) because you may want to add different areas in the future. This will become clear
as we discuss this matter later in the chapter. In this case, I arbitrarily chose 0001, but
I could have used 501 (the exam).
3. The next 48 bits identify the system ID. The formatting here may be confusing. It is 5
12 hex digits long with two dots in between (instead of three); notice that they are
bold in the sample address. It is always the same fixed length. You can format this
to what makes sense in your organization. Many examples in textbooks use a router
number (in this example, router 1) in the last octet to produce the 0000.0000.0001
system ID. Frequently, network operators bake in the router’s loopback address into
this identifier; for example, 10.100.100.1 can be written as 0101.0010.0001 (highlighted
for clarity), which I use in examples so that you become accustomed to looking at
different formats. At first, the two-dotted notation may seem confusing because
you usually see IP addresses with the three-dotted notation, but thinking of these as
hex—that is, the MAC address notation—will help. You can even use a router’s MAC
address in this field (49.0001.5254.000d.f536), but the IP address approach described
here makes most sense for troubleshooting issues. The bottom line is that you need a
single ISO address per router, and a router’s primary loopback interface is commonly
adapted to fit this formatting.
4. Finally, the SEL field, also called an NSAP Selector or NSEL (the more commonly
used abbreviation), is a 1-octet-long field. It identifies the service in or above the net-
work layer on the destination node that processes the datagram. For IP, you use 00. In
fact, if the device is a router, this field will always be 00.
Could you put it all together for an example of a NET address for a router using 192.168.1.1
for its loopback, which belongs to area 3? This exercise should not be hard. Tip: One of the
answers could be 49.0003.1921.6800.1001.00.

IS-IS Topology
Consider the starting IS-IS network topology shown in Figure 5-1. To be able to work with
IS-IS quickly (for the exam and otherwise), you should learn to visualize topologies like this
in your head, without having to look up interfaces and their addresses (this is the reason I am
deliberately not including them here on all interfaces). If you struggle to do this at first, you
can mark up Figure 5-1 with what helps you get through tasks, but ideally, you should learn

Telegram: @cisco_in_persian_channel
112 CCNP SPCOR 350-501 Official Cert Guide

to do this in your head because being able to do so will make you a more careful, better
engineer.

IS-IS IS-IS IS-IS

Area 0001 Area 0002 Area 0003

L1 L2 L2
L2
PE2 P4 PE6

L2
L1 L2 L1

L2 L2

PE3 PE5 PE7

L2 L2 L2
ISO NET Addressing = 49.000x.x
IPv4 Addressing for Interlinks = 10.100.x.x/24
IPv6 Addressing for Interlinks = 2001:10:100:xx::x/64
IPv4 Router Loopbacks = 10.100.100.x/32
IPv6 Router Loopbacks = 2001:x:x:x::x/128

Figure 5-1 Base IS-IS Topology

Figure 5-1 includes everything you need to know about this topology. There are six rout-
ers in three areas. All links are Level-2 (L2), except for the ones in area 0001 and area 0003,
which are Level-1 (L1). The networking domain is split into three areas, so you can easily
remember which router is in which area. Consider router P4 as an example. Its ISO NET
address will be 49.0002.0101.0010.0004.00 (you could zero out everything but the 4 at
the end of the system ID, but you should get accustomed to recognizing these baked-in
addresses). Its loopback address is 10.100.100.4/32. Its link to PE3 would have the IP address
of 10.100.34.4/24 in this topology. If you understand these concepts, you already know the
entire network in your head and can build and fix everything “from your head.” Sometimes,
you might have to look at the network diagram and draw things out, but by getting into the
practice of doing this in your head, you will quickly become faster than your peers.
In this chapter, I give you the IS-IS portion for the configuration for routers PE3 and P4, but
you must enable IS-IS on all other routers. Without having practiced this task on your own,
you will struggle to answer exam questions, particularly when lablets (small lab simulation
environments) are involved.

Basic IS-IS Configuration

IOS XE and IOS XR have minor differences when turning up IS-IS, as shown in Table 5-2.

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 113

Table 5-2 Configuring Basic IS-IS in IOS XE and IOS XR

Step # IOS XE IOS XR
1 Create IS-IS routing process
2 Choose the IS-IS NET
3 Activate IS-IS on the interfaces Select the IS-IS interfaces
4 Activate the address family

Let’s start with IOS in Example 5-1. I am deliberately drawing attention to the highlighted
areas. You should learn to read these on your own throughout the book. If something stands
out beyond the obvious, I will point it out further.
Example 5-1 Basic IS-IS Configuration in IOS XE

P4# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
P4(config)# router isis net
P4(config-router)# net 49.0001.0101.0010.0004.00
P4(config-router)# log-adjacency-changes
5
P4(config-router)# exit
P4(config)# interface gigabitEthernet 2
P4(config-if)# ip router isis
P4(config-if)# end
P4# show isis protocol

IS-IS Router: <Null Tag> (0x10000)

System Id: 0101.0010.0004.00 IS-Type: level-1-2
Manual area address(es):
49.0001
Routing for area address(es):
49.0001
Interfaces supported by IS-IS:
GigabitEthernet2 - IP
Redistribute:
static (on by default)
Distance for L2 CLNS routes: 110
RRR level: none
Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
Generate wide metrics: none
Accept wide metrics: none
P4# show clns
Global CLNS Information:
1 Interfaces Enabled for CLNS
Configuration Timer: 60, Default Holding Timer: 300, Packet Lifetime 64

Telegram: @cisco_in_persian_channel
114 CCNP SPCOR 350-501 Official Cert Guide

ERPDU's requested on locally generated packets

Running IS-IS in IP-only mode (CLNS forwarding not allowed)
NET: 49.0001.0101.0010.0004.00
P4# show clns protocol

IS-IS Router: <Null Tag> (0x10000)

System Id: 0101.0010.0004.00 IS-Type: level-1-2
Manual area address(es):
49.0001
Routing for area address(es):
49.0001
Interfaces supported by IS-IS:
GigabitEthernet2 - IP
Redistribute:
static (on by default)
Distance for L2 CLNS routes: 110
RRR level: none
Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
Generate wide metrics: none
Accept wide metrics: none
P4# show clns interface gigabitEthernet 2
GigabitEthernet2 is up, line protocol is up
Attached to: isis
Checksums enabled, MTU 1497, Encapsulation SAP
ERPDUs enabled, min. interval 10 msec.
CLNS fast switching enabled
CLNS SSE switching disabled
DEC compatibility mode OFF for this interface
Next ESH/ISH in 1 seconds
Routing Protocol: IS-IS
Circuit Type: level-1-2
Interface number 0x0, local circuit ID 0x1
Neighbor Extended Local Circuit ID: 0x0
Level-1 Metric: 10, Priority: 64, Circuit ID: P4.01
DR ID: 0000.0000.0000.00
Level-1 IPv6 Metric: 10
Number of active level-1 adjacencies: 0
Level-2 Metric: 10, Priority: 64, Circuit ID: P4.01
DR ID: 0000.0000.0000.00
Level-2 IPv6 Metric: 10
Number of active level-2 adjacencies: 0
Next IS-IS LAN Level-1 Hello in 3 seconds
Next IS-IS LAN Level-2 Hello in 3 seconds

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 115

What should you pick up on in this example? It enables IS-IS on a single Ethernet interface,
verifies that the protocol is active for this interface, and uses narrow-metrics (not wide-
metrics). The show isis protocol and show clns protocol command outputs look the same,
the CLNS commands give you configuration and holding timers, and it uses a metric of 10.
You can see the interface MTU, no adjacencies are present, IPv6 metrics are shown, and it
sends out LAN Level-1 and Level-2 Hello messages every three seconds. The one command
we would like to point out is log-adjacency-changes. By default, Cisco routers do not log
IS-IS neighbor adjacencies forming or dissolving. It is good to get into the habit of using this
command. You can see this on IOS XR, as demonstrated in Example 5-2.
Example 5-2 Basic IS-IS Configuration in IOS XR

RP/0/RP0/CPU0:PE3# configure
RP/0/RP0/CPU0:PE3(config)# router isis ?
WORD Process ID
RP/0/RP0/CPU0:PE3(config)# router isis CCNP
RP/0/RP0/CPU0:PE3(config-isis)# net 49.0001.0101.0010.0003.00
RP/0/RP0/CPU0:PE3(config-isis)# log adjacency changes
RP/0/RP0/CPU0:PE3(config-isis)# interface gigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:PE3(config-isis-if)# address-family ?
5
ipv4 IPv4 address family
ipv6 IPv6 address family
RP/0/RP0/CPU0:PE3(config-isis-if)# address-family ipv4 ?
multicast multicast topology
unicast unicast topology
RP/0/RP0/CPU0:PE3(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE3(config-isis-if-af)# exit
RP/0/RP0/CPU0:PE3(config-isis-if)# address-family ipv6 unicast
RP/0/RP0/CPU0:PE3(config-isis-if-af)# commit
Thu Feb 15 13:26:43.365 UTC
RP/0/RP0/CPU0:PE3(config-isis-if-af)# end
RP/0/RP0/CPU0:PE3# show isis protocols
IS-IS Router: CCNP
System Id: 0101.0010.0003
Job Id: 1011
Process Id: 18820
Instance Id: 0
IS Levels: level-1-2
Manual area address(es):
49.0001
Routing for area address(es):
49.0001
LSP MTU: 1492
LSP Full: level-1: No, level-2: No
Non-stop forwarding: Disabled
Most recent startup mode: Cold Restart

Telegram: @cisco_in_persian_channel
116 CCNP SPCOR 350-501 Official Cert Guide

TE connection status: Down

XTC connection status: Down
Overload Bit: not configured
Maximum Metric: not configured
Topologies supported by IS-IS:
IPv4 Unicast
Rib connected
Level-1
Metric style (generate/accept): Narrow/Narrow
Metric: 10
Level-2
Metric style (generate/accept): Narrow/Narrow
Metric: 10
No protocols redistributed
Distance: 115
Advertise Passive Interface Prefixes Only: No
IPv6 Unicast
Rib connected
Level-1
Metric: 10
Level-2
Metric: 10
No protocols redistributed
Distance: 115
Advertise Passive Interface Prefixes Only: No
Interfaces supported by IS-IS:
GigabitEthernet0/0/0/2 is running actively (active in configuration)
RP/0/RP0/CPU0:PE3# show isis interface brief

IS-IS CCNP Interfaces

Interface All Adjs Adj Topos Adv Topos CLNS MTU Prio
OK L1 L2 Run/Cfg Run/Cfg L1 L2
----------------- --- --------- --------- --------- ---- ---- --------
Gi0/0/0/2 Yes 1 1 2/2 2/2 Up 1497 64 64
RP/0/RP0/CPU0:PE3# show isis neighbor

IS-IS CCNP neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
P4 Gi0/0/0/2 5254.0014.ec27 Up 9 L1L2 Capable

Total neighbor count: 1

RP/0/RP0/CPU0:PE3# show log
! Output omitted for brevity
RP/0/RP0/CPU0:Feb 15 13:26:46.608 UTC: isis[1011]: %ROUTING-ISIS-5-ADJCHANGE : ISIS
(CCNP): Adjacency to 49.0001.0101.0010.0004 (GigabitEthernet0/0/0/2) (L2) Up, New
adjacency

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 117

RP/0/RP0/CPU0:Feb 15 13:26:46.900 UTC: isis[1011]: %ROUTING-ISIS-5-ADJCHANGE : ISIS

(CCNP): Adjacency to 49.0001.0101.0010.0004 (GigabitEthernet0/0/0/2) (L1) Up, New
adjacency
RP/0/RP0/CPU0:PE3# show isis instance CCNP

IS-IS Router: CCNP

System Id: 0101.0010.0003
Job Id: 1011
Process Id: 18820
Instance Id: 0
IS Levels: level-1-2
Manual area address(es):
49.0001
Routing for area address(es):
49.0001
LSP MTU: 1492
LSP Full: level-1: No, level-2: No
Non-stop forwarding: Disabled
5
Most recent startup mode: Cold Restart
TE connection status: Down
XTC connection status: Down
Overload Bit: not configured
Maximum Metric: not configured
Topologies supported by IS-IS:
IPv4 Unicast
Rib connected
Level-1
Metric style (generate/accept): Narrow/Narrow
Metric: 10
Level-2
Metric style (generate/accept): Narrow/Narrow
Metric: 10
No protocols redistributed
Distance: 115
Advertise Passive Interface Prefixes Only: No
IPv6 Unicast
Rib connected
Level-1
Metric: 10
Level-2
Metric: 10
No protocols redistributed
Distance: 115
Advertise Passive Interface Prefixes Only: No

Telegram: @cisco_in_persian_channel
118 CCNP SPCOR 350-501 Official Cert Guide

Interfaces supported by IS-IS:

GigabitEthernet0/0/0/2 is running actively (active in configuration)
RP/0/RP0/CPU0:PE3# show clns ?
pcb Display protocol control block information(cisco-support)
statistics Show CLNS statistics (local)
trace CLNS ltrace data(cisco-support)
RP/0/RP0/CPU0:PE3# show clns statistics
CLNS Statistics:
Last counter clear: 6742 seconds ago
Total number of packets sent: 73
Total number of packets received: 219
Send packets dropped, total: 0
Send packets dropped, buffer overflow: 0
Send packets dropped, out of memory: 0
Send packets dropped, netio: 0
Send packets dropped, other: 0
Receive socket max queue size: 2
Receive packets dropped, total: 0
Receive packets dropped, other: 0
Receive packets dropped per pdu class:

Class Overflow/Max Rate Limit/Max

IIH 0/0 0/0
LSP 0/0 0/0
SNP 0/0 0/0
OTHER 0/0 0/0
Total 0 0
RP/0/RP0/CPU0:PE3# show isis interface GigabitEthernet 0/0/0/2

GigabitEthernet0/0/0/2 Enabled
Adjacency Formation: Enabled
Prefix Advertisement: Enabled
IPv4 BFD: Disabled
IPv6 BFD: Disabled
BFD Min Interval: 150
BFD Multiplier: 3
Bandwidth: 1000000

Circuit Type: level-1-2

Media Type: LAN
Circuit Number: 1
Last IIH Received: 13:31:12 (0.93 sec ago), 1497 octets
Last IIH Sent: 13:31:09 (4.34 sec ago), 1497 octets

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 119

Level-1
Adjacency Count: 1
LAN ID: P4.01
Priority (Local/DIS): 64/64
Next LAN IIH in: 2 s
LSP Pacing Interval: 33 ms
PSNP Entry Queue Size: 0
Hello Interval: 10 s
Hello Multiplier: 3
Level-2
Adjacency Count: 1
LAN ID: P4.01
Priority (Local/DIS): 64/64
Next LAN IIH in: 3 s
LSP Pacing Interval: 33 ms
PSNP Entry Queue Size: 0
Hello Interval: 10 s
Hello Multiplier: 3 5

CLNS I/O
Protocol State: Up
MTU: 1497
SNPA: 5254.000b.e465
Layer-2 Multicast:
All Level-1 ISs: Listening
All Level-2 ISs: Listening

IPv4 Unicast Topology: Enabled

Adjacency Formation: Running
Prefix Advertisement: Running
Policy (L1/L2): -/-
Metric (L1/L2): 10/10
Metric fallback:
Bandwidth (L1/L2): Inactive/Inactive
Anomaly (L1/L2): Inactive/Inactive
Weight (L1/L2): 0/0
MPLS Max Label Stack: 1/3/7/7 (PRI/BKP/SRTE/SRAT)
MPLS LDP Sync (L1/L2): Disabled/Disabled
FRR (L1/L2): L1 Not Enabled L2 Not Enabled
FRR Type: None None
IPv6 Unicast Topology: Enabled
Adjacency Formation: Running
Prefix Advertisement: Running
Policy (L1/L2): -/-

Telegram: @cisco_in_persian_channel
120 CCNP SPCOR 350-501 Official Cert Guide

Metric (L1/L2): 10/10

Metric fallback:
Bandwidth (L1/L2): Inactive/Inactive
Anomaly (L1/L2): Inactive/Inactive
Weight (L1/L2): 0/0
MPLS Max Label Stack: 1/3/7/7 (PRI/BKP/SRTE/SRAT)
MPLS LDP Sync (L1/L2): Disabled/Disabled
FRR (L1/L2): L1 Not Enabled L2 Not Enabled
FRR Type: None None

IPv4 Address Family: Enabled

Protocol State: Up
Forwarding Address(es): 10.100.34.3
Global Prefix(es): 10.100.34.0/24 (0)
IPv6 Address Family: Enabled
Protocol State: Up
Forwarding Address(es): fe80::5054:ff:fe0b:e465
Global Prefix(es): 2001:10:100:34::/64 (0)

LSP Transmission is: idle

LSP Transmit Timer in: 0 ms
LSP Burst Size: 6 LSPs in the next 0 ms

PME Link Delays and Loss: -

RP/0/RP0/CPU0:PE3# show isis neighbor detail

IS-IS CCNP neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
P4 Gi0/0/0/2 5254.0014.ec27 Up 9 L1L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.100.34.4*
Topologies: 'IPv4 Unicast'
Uptime: 00:03:26

Total neighbor count: 1

What were you able to glean from this example? (It’s not enough to just glance through; be
sure to read and consume the output.)
Example 5-2 does the same things in different ways: it has the MTU, Level-1/Level-2 are on
by default, it names the IS-IS process, it activates address families, it has different CLNS
commands, and adjacency is apparent in the log messages. There is nothing to memorize, but
you need to understand how this works.

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 121

Repetition is the mother of learning. The best advice I can give you at this point for the
exam is to configure Figure 5-1 to its full state. I am going to do this now. It is well worth
your time and practice, so take some time to do it now. In the end, you should have some-
thing that looks like the output in Example 5-3. It doesn’t have to match perfectly, but I am
looking for the IPv4 and IPv6 host routes on, let’s say, PE7.
Example 5-3 Desired Configurations Results

RP/0/RP0/CPU0:PE7# show route | include /32

L 10.100.57.7/32 is directly connected, 00:13:23, GigabitEthernet0/0/0/0
L 10.100.67.7/32 is directly connected, 00:13:23, GigabitEthernet0/0/0/1
i L2 10.100.100.2/32 [115/30] via 10.100.57.5, 00:07:54, GigabitEthernet0/0/0/0
i L2 10.100.100.3/32 [115/20] via 10.100.57.5, 00:10:38, GigabitEthernet0/0/0/0
i L2 10.100.100.4/32 [115/30] via 10.100.57.5, 00:13:11, GigabitEthernet0/0/0/0
i L2 10.100.100.5/32 [115/10] via 10.100.57.5, 00:13:18, GigabitEthernet0/0/0/0
i L2 10.100.100.6/32 [115/40] via 10.100.57.5, 00:13:11, GigabitEthernet0/0/0/0
L 10.100.100.7/32 is directly connected, 00:19:30, Loopback0
RP/0/RP0/CPU0:PE7# show route ipv6 | include /128
i L2 2001:2:2:2::2/128
5
i L2 2001:3:3:3::3/128
i L2 2001:4:4:4::4/128
i L2 2001:5:5:5::5/128
i L2 2001:6:6:6::6/128
L 2001:7:7:7::7/128 is directly connected,
L 2001:10:100:57::7/128 is directly connected,
L 2001:10:100:67::7/128 is directly connected,

How is it going? Do you have your routes from PE2, PE3, P4, P5, and PE6? If you do, great!
If you do not and are missing some IPv6 routes, welcome to the CCNP 305-501 exam! You
must make this function properly, and you are burning precious minutes. Do you move on
and lose the points (there are no lookbacks on this exam), or do you spend more time to get
this answer correct?
Here’s a hint: RFC 5120. You did not misconfigure IPv6 or miss some interfaces from being
included (you likely have been checking for this for at least several minutes now). RFC 5120
introduced a third IPv6 TLV—Multi Topology Reachable IPv6 Prefix (TLV 237)—to support
multiple independent topologies and SPF calculations. Wait… What are the first two? (A
pop-quiz from an omitted theoretical section.) If you answered TLV 232 (IPv6 addressing,
Hello PDU, etc.) and TLV 236 (IPv6 prefix reachability information—metrics, up/down bits,
etc.), you are doing well. Back to TLV 237 though… What does TLV 237 have to do with not
getting all the IPv6 routes on PE7? Everything. If you followed through with the exercise
instead of just continuing to read this chapter, you may have picked up that XR routers were
not getting XE routes and vice versa. Now you’re learning.

IS-IS Single Topology and Multitopology

Cisco routers support three IS-IS topology configuration modes:

■ Single Topology: In this mode, IPv4 and IPv6 are in the same logical topology table,
sharing a single SPF computation for best path selection. This mode is the default
IPv6 mode for IOS routers.

Telegram: @cisco_in_persian_channel
122 CCNP SPCOR 350-501 Official Cert Guide

■ Multitopology: This mode separates IPv4 and IPv6 into independent topology tables.
Different metrics can be assigned to an interface via address families to allow for
diverse paths and SPF calculations for each protocol. This is great when your network
does not have a 1:1 correlation for IPv4 and IPv6 addresses. It is the recommended
mode for this very reason. This is the default mode for IOS XR routers. Now you
should understand why the two operating systems were not getting each other’s IPv6
routes into their RIBs. In the sample topology, IOS routers are on the top, and XR
routers are on the bottom.

Can you think of how to solve the routing problem now? Try it before reading further.

■ Single-Topology Transition: This is a hybrid mode for legacy routers with IPv6 in a
single-topology mode that need to add IPv4 support without disrupting the exist-
ing IPv6 network. As you saw in the now-memorable trap that I set up for you in the
network, single-topology IOS routers cannot interpret multitopology TLVs sent by
IOS XR routers, and you certainly do not want to run into these issues during a migra-
tion. Instead, you can put the multitopology XR routers into a single-topology mode
(exactly how I collected all the routes in Example 5-3). Then both single and multito-
pology TLVs are exchanged, and a single SPF calculation is performed. Once the older
routers are removed, the network can be returned to the multitopology state.
Example 5-4 shows how to fix this issue with the full IS-IS configuration from PE7. We do
not keep any secrets from you. You will need to do this on PE3 and P5 as well.
Example 5-4 Fixing the Problem with a Single-Topology Conversion

RP/0/RP0/CPU0:PE7# show run router isis

Sat Feb 17 13:26:39.381 UTC
router isis CCNP
net 49.0003.0101.0010.0007.00
address-family ipv4 unicast
metric-style wide
!
address-family ipv6 unicast
metric-style wide
single-topology
!
interface Loopback0
passive
circuit-type level-2-only
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/0
circuit-type level-2-only

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 123

address-family ipv4 unicast

!
address-family ipv6 unicast
!
!
interface GigabitEthernet0/0/0/1
circuit-type level-1
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!

How do you turn on IS-IS IPv6 single topology on IOS routers? Recall from Table 5-2 that
there is one additional step: enable IPv6 on the interface. Example 5-5 demonstrates an
example from PE2.
5
Example 5-5 Enabling IS-IS IPv6 Single Topology on IOS

PE2# show running-config interface GigabitEthernet1

Building configuration...

Current configuration : 218 bytes

!
interface GigabitEthernet1
ip address 10.100.23.2 255.255.255.0
negotiation auto
ipv6 address 2001:10:100:23::2/64
ipv6 router isis
isis circuit-type level-1
end

PE2# show running-config | section router isis

ip router isis
ipv6 router isis
ip router isis
ipv6 router isis
router isis
net 49.0001.0101.0010.0002.00
metric-style wide
log-adjacency-changes

Now you know how a single-topology mode works on IOS and how multitopology and
single-topology modes work on IOS XR. What about multitopology on IOS? If you tried to
get the previous scenarios to work, you may have used or noticed the use of wide metrics,
which I cover soon. This is the final piece of the puzzle for this scenario. Example 5-6 shows
how to enable a multitopology mode for IOS.

Telegram: @cisco_in_persian_channel
124 CCNP SPCOR 350-501 Official Cert Guide

Example 5-6 Enabling IS-IS IPv6 Multitopology on IOS

PE2(config-router-af)# multi-topology
PE2(config-router-af)# end
PE2# show running-config | section isis
! Output omitted for brevity
router isis
net 49.0001.0101.0010.0002.00
metric-style wide
log-adjacency-changes
!
address-family ipv6
multi-topology
exit-address-family

Example 5-7 shows how to enable a single-topology transition mode for IOS routers.
Example 5-7 Enabling IS-IS Single-Topology Transition Mode on IOS

PE2# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE2(config)# router isis
PE2(config-router)# metric-style ?
narrow Use old style of TLVs with narrow metric
transition Send and accept both styles of TLVs during transition
wide Use new style of TLVs to carry wider metric
PE2(config-router)# address-family ipv6
PE2(config-router-af)# multi-topology transition
PE2(config-router-af)# end
PE2# show running-config | section isis
! Output omitted for brevity
router isis
net 49.0001.0101.0010.0002.00
metric-style transition
log-adjacency-changes
!
address-family ipv6
multi-topology transition
exit-address-family

Example 5-8 shows how to enable a single-topology transition mode for IOS XR routers.
Example 5-8 Enabling IS-IS Single-Topology Transition Mode on IOS XR

RP/0/RP0/CPU0:PE3# show running-config router isis

Sat Feb 17 17:51:39.296 UTC
router isis CCNP
net 49.0001.0101.0010.0003.00

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 125

log adjacency changes

!
address-family ipv6 unicast
metric-style transition
single-topology
!

I am deliberately using this approach to make you better remember how to make this tech-
nology work instead of providing you with structured screenshots of various outputs. You
need to learn how the protocol works by breaking it down and putting it back together;
there is no substitute to mastering these topics. On the exam, you will have to visualize what
happens in each task, and no memorization of output will suffice if you do not know the
mechanics of enabling a feature.
Can we verify this? Yes, in Example 5-9 notice how PE2 advertises two TLVs because it is
configured to use the single-topology transition mode. Prefix 2001:10:100:23::/64 appears
twice in the database (notice the MT-IPv6 reference at the bottom).
Example 5-9 Enabling IS-IS Single-Topology Transition Mode on IOS XR Continued 5

PE2# show isis database detail

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 * 0x00000025 0xACF5 580/* 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Topology: IPv4 (0x0)
IPv6 (0x2)
Hostname: PE2
Metric: 10 IS PE3.01
Metric: 10 IS-Extended PE3.01
IP Address: 10.100.100.2
Metric: 10 IP 10.100.23.0 255.255.255.0
Metric: 10 IP 10.100.100.2 255.255.255.255
Metric: 10 IP 10.100.23.0/24
Metric: 10 IP 10.100.100.2/32
IPv6 Address: 2001:2:2:2::2
Metric: 10 IPv6 2001:2:2:2::2/128
Metric: 10 IPv6 2001:10:100:23::/64
Metric: 10 IPv6 (MT-IPv6) 2001:2:2:2::2/128
Metric: 10 IPv6 (MT-IPv6) 2001:10:100:23::/64

When you are considering these different topology modes, I recommend that you under-
stand what their behavior is and think through exam questions or network problems.
Now, let’s examine an issue in Figure 5-2.

Telegram: @cisco_in_persian_channel
126 CCNP SPCOR 350-501 Official Cert Guide

IS-IS IS-IS
Area 0001 Area 0002

P4

IPv4/IPv6
4v
IP

IPv4/IPv6
PE3 P5

ISO NET Addressing = 49.000x.x

IPv4 Addressing for Interlinks = 10.100.x.x/24
IPv6 Addressing for Interlinks = 2001:10:100:xx::x/64
IPv4 Router Loopbacks = 10.100.100.x/32
IPv6 Router Loopbacks = 2001:x:x:x::x/128

Figure 5-2 Single-Topology Dual-Stack Network

I simplified the starting topology by leaving only three routers that all run IOS; this removes
any confusion regarding default IS-IS topology modes. (You should try to remove as many
complexities as you can when you are learning something new.) So far, you’ve practiced on
IOS and XR because you have to get used to the differences in platform configurations.
These run single topology, but the links connecting to P5 are dual stacked, running IPv4
and IPv6. The link between PE3 and P4 runs IPv4 only. What can possibly go wrong here?
Remember from our earlier discussion, the SPF calculation will be performed once for both
IPv4 and IPv6. Because IS-IS is enabled on both links, PE3 and P4 think that PE3-P4 link
will transport IPv6 traffic. To get a better understanding, look at what PE3 sees in
Example 5-10.
Example 5-10 IS-IS Single Topology for IPv6

PE3# show isis database detail

! Output omitted for brevity
P4.00-00 0x00000006 0x1B56 1029/1199 0/0/0
Area Address: 49.0002
NLPID: 0xCC 0x8E
Hostname: P4
Metric: 10 IS-Extended P4.01
Metric: 10 IS-Extended P4.02
IP Address: 10.100.100.4
Metric: 10 IP 10.100.34.0/24
Metric: 10 IP 10.100.45.0/24
Metric: 10 IP 10.100.100.4/32

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 127

IPv6 Address: 2001:4:4:4::4

Metric: 10 IPv6 2001:4:4:4::4/128
Metric: 10 IPv6 2001:10:100:45::/64
P4.01-00 0x00000004 0xA2E7 595/1199 0/0/0
Metric: 0 IS-Extended P4.00
Metric: 0 IS-Extended PE3.00
P4.02-00 0x00000003 0xC5C2 1197/1199 0/0/0
Metric: 0 IS-Extended P4.00
Metric: 0 IS-Extended P5.00

In its LSP database, PE3 sees P4 advertising the IPv6 loopback of 2001:4:4:4::4/128.
However, is this loopback reachable from PE3? You can test, as shown in Example 5-11.
Example 5-11 PE3 Has No Reachability to P4’s Loopback

PE3# ping ipv6 2001:4:4:4::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4:4:4::4, timeout is 2 seconds: 5

% No valid route for destination

Success rate is 0 percent (0/1)
PE3# show ipv6 route
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, a - Application, m - OMP
LC 2001:3:3:3::3/128 [0/0]
via Loopback0, receive
I2 2001:5:5:5::5/128 [115/20]
via FE80::5054:FF:FE0F:B9B0, GigabitEthernet3
C 2001:10:100:35::/64 [0/0]
via GigabitEthernet3, directly connected
L 2001:10:100:35::3/128 [0/0]
via GigabitEthernet3, receive
I2 2001:10:100:35::5/128 [115/20]
via FE80::5054:FF:FE0F:B9B0, GigabitEthernet3
I2 2001:10:100:45::/64 [115/20]
via FE80::5054:FF:FE0F:B9B0, GigabitEthernet3
L FF00::/8 [0/0]
via Null0, receive

Telegram: @cisco_in_persian_channel
128 CCNP SPCOR 350-501 Official Cert Guide

Here, you can see that PE3 cannot ping it, and the route to this prefix is also missing!
Because the single-topology mode was used, PE3 and P4 think that the link between them
is usable for IPv6, which is not even running on that interface. One way to fix this issue is to
enable IPv6 on this link to make it dual stack just as the links connecting to P5. Another way
is to enable multitopology on all routers, as shown on PE3 in Example 5-12.
Example 5-12 PE3 Obtains Reachability to P4’s Loopback

PE3(config)# router isis

PE3(config-router)# address-family ipv6
PE3(config-router-af)# multi-topology
PE3(config-router-af)# end
*Feb 17 20:16:10.802: %CLNS-5-ADJCHANGE: ISIS: Adjacency to P5 (GigabitEthernet3)
topology changed, TID (2) added, locally configured
PE3# ping ipv6 2001:4:4:4::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4:4:4::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
PE3# show ipv6 route 2001:4:4:4::4
Routing entry for 2001:4:4:4::4/128
Known via "isis", distance 115, metric 30, type level-2
Route count is 1/1, share count 0
Routing paths:
FE80::5054:FF:FE0F:B9B0, GigabitEthernet3
From FE80::5054:FF:FE0F:B9B0
Last updated 00:02:00 ago

P5# show ipv6 interface GigabitEthernet3

GigabitEthernet3 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::5054:FF:FE0F:B9B0
No Virtual link-local address(es):
Global unicast address(es):
2001:10:100:35::5, subnet is 2001:10:100:35::5/128

RP/0/RP0/CPU0:PE3# show isis neighbor detail

Sat Feb 17 20:20:15.515 UTC

IS-IS CCNP neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
PE2 Gi0/0/0/1 *PtoP* Up 26 L1 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.100.23.2*
IPv6 Address(es): fe80::5054:ff:fe07:1d66*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:02:12

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 129

P4 Gi0/0/0/2 *PtoP* Up 26 L2 Capable

Area Address(es): 49.0002
IPv4 Address(es): 10.100.34.4*
IPv6 Address(es): fe80::5054:ff:fe00:8de*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:02:13
P5 Gi0/0/0/3 *PtoP* Up 25 L2 Capable
Area Address(es): 49.0002
IPv4 Address(es): 10.100.35.5*
IPv6 Address(es): fe80::5054:ff:fe08:a94c*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:02:13

Total neighbor count: 3

Notice how PE3 uses GigabitEthernet3 (the link to P5) now. Also, notice that the show isis
neighbor detail command reveals the supported topologies—IPv4 and IPv6. 5
Now that I’ve thrown you in at the deep end with this advanced multitopology topic, let’s
examine some of the basics. You might initially perceive the incremental buildup of IS-IS
knowledge as a preferable approach. However, you’ll come to appreciate this method in the
long run. The approach of experimenting, encountering failure, and then striving to compre-
hend the reasons behind those failures ingrains knowledge more effectively. This approach
contrasts with simply amassing theoretical knowledge beforehand, which often leads to for-
getting key details during application.

IS-IS Adjacencies
In IS-IS networks, routing is organized into a two-level hierarchy of areas to provide scal-
ability: Level-1 and Level-2. A contiguous collection of Level-2 routers forms the backbone.
Non-backbone areas consist of Level-1 routers, and routers that handle both intra- and inter-
area routing are classified as Level-1 and Level-2 routers. When no hierarchy is needed, all
routers are treated as Level-2 routers (similar to a single Area 0 in OSPF). In fact, as routers
have become more powerful, it has become very common to use a single IS-IS area for your
entire domain.
Areas control adjacencies, levels create topologies (we discuss this more in the “Route
Advertisement” section). You will appreciate this deceivingly simple wording because it is
easy to get confused on the exam when questions about areas and levels between IS-IS and
OSPF start blending in your mind and you start doubting your memory. Exam questions are
deliberately built to confuse hesitating candidates. For now, remember that IS-IS areas affect
only the formation of adjacencies between two routers; that is it.

■ Areas control adjacency formation.

■ A Level-1 router only forms an adjacency with another router in the same area.

■ A Level-2 router forms an adjacency with a router in any area.

■ Level-2 adjacencies must be contiguous and form the backbone area.

Telegram: @cisco_in_persian_channel
130 CCNP SPCOR 350-501 Official Cert Guide

Memorize the preceding list and you will be able to quickly identify the right answer. Ques-
tions to solidify your knowledge include the following:

■ Two routers are in the same area. Can they form Level-1 (L1) and Level-2 (L2) adjacen-
cies at the same time? Yes, this is how Cisco routers work by default.

■ Two routers are in different areas. Can they form an L2 adjacency? Yes.

■ Two routers are in different areas. Can they form an L1 adjacency? No.

■ If you want two routers to form a Level-1 adjacency, what should you do? Put them in
the same area.

Refer to Figure 5-1 to solidify this knowledge. Then look at PE3’s adjacencies in Example
5-13 because it has formed adjacencies in different areas.
Example 5-13 PE3’s IS-IS Adjacencies

RP/0/RP0/CPU0:PE3# show isis adjacency

IS-IS CCNP Level-1 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
PE2 Gi0/0/0/1 5254.0012.8170 Up 7 00:03:16 Yes None None

Total adjacency count: 1

IS-IS CCNP Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
P4 Gi0/0/0/2 5254.000d.f536 Up 23 00:02:34 Yes None None
P5 Gi0/0/0/3 5254.0019.5442 Up 7 00:01:57 Yes None None

Total adjacency count: 2

RP/0/RP0/CPU0:PE3# show isis hostname

IS-IS CCNP hostnames
Level System ID Dynamic Hostname
1 0101.0010.0002 PE2
2 0101.0010.0004 P4
2 0101.0010.0006 PE6
1,2 * 0101.0010.0003 PE3
2 0101.0010.0005 P5
2 0101.0010.0007 PE7

Example 5-13 shows that PE3 has three adjacencies with one being an L1 adjacency. It is
interesting that the System ID attribute references the router’s hostname rather than the
6-byte system ID. This happens because the LSP exchange contains TLV 137, which provides
a name-to-system-ID mapping during the LSP exchange. Additionally, notice the use of the
show isis hostname command to quickly reveal router hostnames and adjacency levels.

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 131

I recommend you get in the lab and try changing levels and areas to have a solid
understanding of this matter.
Example 5-14 shows how L1 areas must match for adjacencies to establish. PE2 is in area 1,
but as soon as you put it in a different area, the adjacency no longer works.
Example 5-14 Changing PE2 Level Area Adjacency

PE2# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE2(config)# router isis
PE2(config-router)# no net 49.0001.0101.0010.0002.00
PE2(config-router)#
15:51:54.025: %CLNS-5-ADJCLEAR: ISIS: All adjacencies cleared
PE2(config-router)# net 49.0002.0101.0010.0002.00
PE2(config-router)# end
PE2# debug isis adj-packets
IS-IS Adjacency related packets debugging is on for router process null
PE2#
15:52:21.241: ISIS-Adj: Rec L1 IIH from 5254.0006.5133 (GigabitEthernet1) 5
15:52:21.241: ISIS-Adj: cir type L1, cir id 0101.0010.0003.01, length 1497, ht(30)
15:52:21.241: ISIS-Adj: Area mismatch, level 1 IIH on GigabitEthernet1
15:52:26.975: ISIS-Adj: Sending L1 LAN IIH on GigabitEthernet1, length 1497
15:52:29.345: ISIS-Adj: Rec L1 IIH from 5254.0006.5133 (GigabitEthernet1)
15:52:29.345: ISIS-Adj: cir type L1, cir id 0101.0010.0003.01, length 1497, ht(30)
15:52:29.345: ISIS-Adj: Area mismatch, level 1 IIH on GigabitEthernet1

IS-IS Network Types

IS-IS has three possible adjacency states:

■ Down: This is the initial state where no IS-IS Hellos (IIHs) have been received from the
neighbor.

■ Initializing: IIHs have been received from the neighbor, but there’s uncertainty about
whether the neighbor is properly receiving this router’s IIHs.

■ Up: IIHs have been received from the neighbor, confirming that the neighbor is
properly receiving this router’s IIHs.

IS-IS natively supports only broadcast (multiaccess, which is the default) and point-to-point
network types. On broadcast networks, routers create adjacencies, synchronize their data-
bases, and keep them synchronized. IS-IS elects one Designated Intermediate System (DIS)
for each broadcast network. IS-IS has no concept of a backup DIS, and in fact, it does not
need one. A DIS is elected based on these criteria:

1. The router with the highest interface priority.

2. In case of a tie, the router with the highest Subnetwork Point of Attachment (SNPA;
data-link MAC address, an interface that attaches to a subnet) takes precedence.
3. In case the SNPAs cannot be compared, the router with the highest system ID will be
declared the winner.

Telegram: @cisco_in_persian_channel
132 CCNP SPCOR 350-501 Official Cert Guide

A DIS has two important functions:

■ Helps routers on a broadcast segment to synchronize their network view.

■ Assumes the role of a standalone object—the pseudonode (a virtual router) to

represent the broadcast segment in the link-state database.

A pseudonode and DIS are present at each IS-IS level (L1 and L2); a broadcast network
segment can have two pseudonodes and two DISs. The topology shown in Figure 5-1 does
not have more than two routers on a network segment, but it does not matter, since by
default Cisco routers create the broadcast networks on Ethernet segments.
Now, look at Example 5-15 to examine the network segment between routers PE3 (IOS XR)
and P4 (IOS).
Example 5-15 Viewing DIS Information in IOS and IOS XR

RP/0/RP0/CPU0:PE3# show isis interface gigabitEthernet 0/0/0/2 | include "LAN|Priority"

Media Type: LAN
LAN ID: PE3.03
Priority (Local/DIS): 64/64
Next LAN IIH in: 302 ms

P4# show clns interface gigabitEthernet 2 | include DR|Priority

Level-2 Metric: 10, Priority: 64, Circuit ID: PE3.03
DR ID: PE3.03

When you look at the two interfaces, which are facing each other, you can see that PE3 has
won the DIS role. In IOS XR, it is under LAN ID on PE3 and under DR ID for the IOS-based
P4, confirming that PE3 was elected. A priority value greater than the default value (64) will
make the interface more preferable. In the topology, I left the priority values alone, so you
should verify why PE3 was elected. To do so, compare the SPNAs (MAC addresses) on both
routers in Example 5-16.
Example 5-16 Changing IS-IS Interface Priority on P4

RP/0/RP0/CPU0:PE3# show interface GigabitEthernet 0/0/0/2 | include bia

Hardware is GigabitEthernet, address is 5254.0015.9b19 (bia 5254.0015.9b19)

P4# show interface GigabitEthernet 0/0/0/2 | include bia

Hardware is CSR vNIC, address is 5254.000d.f536 (bia 5254.000d.f536)

It is easy to see that PE3 has a higher MAC address than P4 (15>0d). Since IS-IS DIS is pre-
emptive (if a new router appears on the LAN with a higher interface priority, the new router
becomes the DIS), the newcomer will purge the old pseudonode LSP and flood a new set of
LSPs. Example 5-17 shows exactly that.
Example 5-17 Configuring DIS Preemption and Verification

P4# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
P4(config)# interface GigabitEthernet2
P4(config-if)# isis priority 100

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 133

P4(config-if)# do show clns interface GigabitEthernet 2 | include DR|Priority

Level-2 Metric: 10, Priority: 100, Circuit ID: P4.02
DR ID: P4.02

RP/0/RP0/CPU0:PE3# show isis interface GigabitEthernet 0/0/0/2 | include "LAN|Priority"

Media Type: LAN
LAN ID: P4.02
Priority (Local/DIS): 64/100
Next LAN IIH in: 874 ms

If you set IS-IS priority to the value of 0, it will significantly lower the probability of the
router to become a DIS. What do IS-IS LSPs look like under the current network type of
broadcast? As you can see in Example 5-18, there are quite a few of them.
Example 5-18 IS-IS LSPs Under Network Type Broadcast

RP/0/RP0/CPU0:PE3# show isis database

IS-IS CCNP (Level-1) Link State Database 5

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 0x00000025 0xa5c5 618 /1199 0/0/0
PE2.01-00 0x0000001e 0x5497 808 /1199 0/0/0
PE3.00-00 * 0x0000002b 0xb10a 943 /* 1/0/0

Total Level-1 LSP count: 3 Local Level-1 LSP count: 1

IS-IS CCNP (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 * 0x0000002e 0x5f03 673 /* 0/0/0
P4.00-00 0x00000029 0xf816 721 /1199 0/0/0
P4.01-00 0x0000001e 0x96d7 1001 /1199 0/0/0
P4.02-00 0x00000003 0x9dec 679 /1199 0/0/0
P4.03-00 0x0000001e 0x9cce 617 /1199 0/0/0
P5.00-00 0x0000002b 0x79f0 399 /1200 0/0/0
P5.01-00 0x0000001e 0x6ffe 1091 /1200 0/0/0
P5.03-00 0x0000001e 0xb1b6 917 /1200 0/0/0
PE6.00-00 0x00000027 0x3bb5 903 /1198 0/0/0
PE7.00-00 0x00000029 0xb33e 432 /1200 0/0/0

Total Level-2 LSP count: 10 Local Level-2 LSP count: 1

You are going to love point-to-point interfaces where IS-IS expects a single neighbor, estab-
lishes an adjacency through a three-way handshake process, and subsequently synchronizes
link-state databases. Unless you expect more than one neighbor on Ethernet segments,
convert them to point-to-point network type because IS-IS routers will not benefit from
the presence of a pseudonode. DIS elections waste resources, CSNPs (complete sequence
number PDUs) are flooded into a segment, and the pseudonode LSP enters the LSP database

Telegram: @cisco_in_persian_channel
134 CCNP SPCOR 350-501 Official Cert Guide

for the routers in that level. I suggest you turn your broadcast interfaces into point-to-point
interfaces, as in Example 5-19, where PE3 and P4 are shown. Please do this on all interfaces
in the diagram.
Example 5-19 IS-IS Network Goes Point-to-Point

RP/0/RP0/CPU0:PE3# configure terminal

RP/0/RP0/CPU0:PE3(config)# router isis CCNP
RP/0/RP0/CPU0:PE3(config-isis)# interface gigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE3(config-isis-if)# point-to-point

P4(config-if)# interface GigabitEthernet 2

P4(config-if)# isis network point-to-point
P4(config-if)#

I had to wait 20 minutes for the LSP holdtime of 1200 seconds to expire, and now there are
only 7 LSPs instead of the 13 LSPs shown earlier in Example 5-18. The pseudonode objects
are no longer advertised, as seen in Example 5-20.
Example 5-20 IS-IS Database Under Point-to-Point Network Type

RP/0/RP0/CPU0:PE3# show isis database

IS-IS CCNP (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 0x0000002a 0x9acb 1138 /1199 0/0/0
PE3.00-00 * 0x00000032 0x298c 1123 /* 1/0/0

Total Level-1 LSP count: 2 Local Level-1 LSP count: 1

IS-IS CCNP (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 * 0x00000036 0x411c 659 /* 0/0/0
P4.00-00 0x00000031 0x5fab 566 /1200 0/0/0
P5.00-00 0x00000033 0xa9bd 733 /1200 0/0/0
PE6.00-00 0x0000002c 0xe509 1190 /1198 0/0/0
PE7.00-00 0x0000002e 0xfef0 629 /1200 0/0/0

Total Level-2 LSP count: 5 Local Level-2 LSP count: 1

What breaks IS-IS router adjacencies? If you slowed down and observed IS-IS adjacencies
during cutting over to the point-to-point network types, you may have noticed network
types break the adjacencies. However, try putting PE2 back to the broadcast network type.
Example 5-21 shows a change in network type.

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 135

Example 5-21 IS-IS Adjacency Not Coming Up

PE2# debug isis adj-packets

IS-IS Adjacency related packets debugging is on for router process null
PE2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
PE2(config-if)# no isis network point-to-point
13:14:46.053: ISIS-Adj: Rec serial IIH from 5254.0018.5212 (GigabitEthernet1)
13:14:46.053: ISIS-Adj: cir type L1, cir id 00, length 1497
13:14:46.053: ISIS-Adj: rcvd state UP, old state UP, new state UP, nbr usable TRUE
13:14:46.053: ISIS-Adj: RCV:3way Adj. Local Ckt ID:0x8 Nghbr Ckt ID:0x1 Length:15
13:14:46.053: ISIS-Adj: Nghbr Ckt ID changed: FALSE
13:14:46.054: ISIS-Adj: received Neighbor System-ID (must be our) 0101.0010.0002
13:14:46.054: ISIS-Adj: received Neighbor ext.circuit ID (must be our) 0x1
13:14:46.054: ISIS-Adj: newstate:0, state_changed:0, going_up:0, going_down:0
13:14:46.054: ISIS-Adj: Action = ACCEPT
13:14:46.054: ISIS-Adj: ACTION_ACCEPT:
13:14:46.246: ISIS-Adj: L1 adj count 0
13:14:46.247: ISIS-Adj: Gi1: Current SYNC state: Normal(1)
5
13:14:46.247: ISIS-Adj: Event: No SYNC required(1)
13:14:46.247: ISIS-Adj: Gi1: New SYNC state: Normal(1)
13:14:46.247: ISIS-Adj: Gi1: Current SYNC state: Normal(1)
13:14:46.247: ISIS-Adj: Event: No SYNC required(1)
13:14:46.247: ISIS-Adj: Gi1: New SYNC state: Normal(1)
13:14:46.249: ISIS-Adj: Sending L1 LAN IIH on GigabitEthernet1, length 1497
13:14:49.247: ISIS-Adj: Run level-1 DR election for GigabitEthernet1
13:14:49.247: ISIS-Adj: No L1 adjacencies found for GigabitEthernet1
13:14:49.247: ISIS-Adj: Run level-2 DR election for GigabitEthernet1
13:14:49.247: ISIS-Adj: No L2 adjacencies found for GigabitEthernet1
13:14:55.429: ISIS-Adj: Sending L1 LAN IIH on GigabitEthernet1, length 1497
13:14:55.793: ISIS-Adj: Rec serial IIH from 5254.0018.5212 (GigabitEthernet1)
13:14:55.793: ISIS-Adj: cir type L1, cir id 00, length 1497
13:14:55.793: ISIS-Adj: Point-to-point IIH received on multi-point interface:
ignored IIH
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE2(config-if)# undebug all
PE2(config-if)#

As you can see in Example 5-21, the adjacency is immediately removed when network types
do not match. MTU mismatches can give you trouble as well. Observe Example 5-22.

Telegram: @cisco_in_persian_channel
136 CCNP SPCOR 350-501 Official Cert Guide

Example 5-22 IS-IS Interface MTU Mismatch

PE2(config-if)# do debug isis adj-packets

IS-IS Adjacency related packets debugging is on for router process null
PE2(config-if)# mtu 1512
14:31:28.251: ISIS-Adj: Rec serial IIH from 5254.0018.5212 (GigabitEthernet1)
14:31:28.251: ISIS-Adj: cir type L1, cir id 00, length 1497
14:31:28.251: ISIS-Adj: rcvd state UP, old state UP, new state UP, nbr usable TRUE
14:31:28.251: ISIS-Adj: RCV:3way Adj. Local Ckt ID:0x8 Nghbr Ckt ID:0x1 Length:15
14:31:28.251: ISIS-Adj: Nghbr Ckt ID changed: FALSE
14:31:28.251: ISIS-Adj: received Neighbor System-ID (must be our) 0101.0010.0002
14:31:28.252: ISIS-Adj: received Neighbor ext.circuit ID (must be our) 0x1
14:31:28.252: ISIS-Adj: newstate:0, state_changed:0, going_up:0, going_down:0
14:31:28.252: ISIS-Adj: Action = ACCEPT
14:31:28.252: ISIS-Adj: ACTmtu 1512
PE2(config-if)#
14:31:32.708: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1,
changed state to down
14:31:32.718: ISIS-Adj: L1 adj count 0
14:31:42.013: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
14:31:43.014: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1,
changed state to up
14:31:43.014: ISIS-Adj: Gi1: Current SYNC state: Normal(1)
14:31:43.015: ISIS-Adj: Event: No SYNC required(1)
14:31:43.015: ISIS-Adj: Gi1: New SYNC state: Normal(1)
14:31:43.015: ISIS-Adj: Gi1: Current SYNC state: Normal(1)
14:31:43.015: ISIS-Adj: Event: No SYNC required(1)
14:31:43.015: ISIS-Adj: Gi1: New SYNC state: Normal(1)
14:31:43.023: ISIS-Adj: SND:3way Adj. Local Ckt ID:0x1 Nghbr Ckt ID:0x0 Length:5
14:31:43.023: ISIS-Adj: Sending serial IIH on GigabitEthernet1, 3way state:DOWN,
length 1508
14:31:44.604: ISIS-Adj: Rec serial IIH from 5254.0018.5212 (GigabitEthernet1)
14:31:44.604: ISIS-Adj: cir type L1, cir id 00, length 1497
14:31:44.605: ISIS-Adj: RCV:3way Adj. Local Ckt ID:0x8 Nghbr Ckt ID:0x1 Length:15
14:31:44.605: ISIS-Adj: Nghbr Ckt ID changed: TRUE
14:31:44.605: ISIS-Adj: received Neighbor System-ID (must be our) 0101.0010.0002
14:31:44.605: ISIS-Adj: received Neighbor ext.circuit ID (must be our) 0x1
14:31:44.605: ISIS-Adj: newstate:2, state_changed:0, going_up:0, going_down:0
14:31:44.605: ISIS-Adj: Action = GOING UP, new type = L1
14:31:44.605: ISIS-Adj: New serial adjacency
14:31:44.605: ISIS-Adj: rcvd state UP, old state DOWN, new state DOWN, nbr usable TRUE
14:31:55.614: ISIS-Adj: Sending serial IIH on GigabitEthernet1, 3way state:INIT,
length 1508
14:32:03.633: ISIS-Adj: Rec serial IIH from 5254.0018.5212 (GigabitEthernet1)
14:32:03.633: ISIS-Adj: cir type L1, cir id 00, length 1497
14:32:03.633: ISIS-Adj: rcvd state DOWN, old state INIT, new state INIT,
nbr usable TRUE
14:32:03.633: ISIS-Adj: RCV:3way Adj. Local Ckt ID:0x8 Nghbr Ckt ID:0x1 Length:15
14:32:03.633: ISIS-Adj: Nghbr Ckt ID changed: FALSE

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 137

14:32:03.634: ISIS-Adj: received Neighbor System-ID (must be our) 0101.0010.0002

14:32:03.634: ISIS-Adj: received Neighbor ext.circuit ID (must be our) 0x1
14:32:03.634: ISIS-Adj: newstate:1, state_changed:0, going_up:0, going_down:0ii
14:32:03.634: ISIS-Adj: Action = ACCEPT
14:32:03.634: ISIS-Adj: ACTION_ACCEPTsis
14:32:05.582: ISIS-Adj: SND:3way Adj. Local Ckt ID:0x1 Nghbr Ckt ID:0x8 Length:15
14:32:05.582: ISIS-Adj: Sending serial IIH on GigabitEthernet1, 3way state:INIT,
length 1508
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 DOWN 29 00
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 DOWN 25 00
PE2(config-if)# do show isis neighbor

5
System Id Type Interface IP Address State Holdtime Circuit Id
PE3 L1 Gi1 10.100.23.3 DOWN 22 00
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 DOWN 29 00
14:32:21.896: ISIS-Adj: Action = ACCEPT
14:32:21.896: ISIS-Adj: ACTION_ACCEPT:
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 DOWN 28 00

Setting one side’s MTU to 1512 certainly kills the adjacency due to the difference in values,
and you can observe how adjacency is kept in the DOWN state with the holdtime timer dec-
rementing and then an IIH hello packet putting it back to the 30-second countdown.
Pop-quiz time: Do you know why I chose this specific MTU value? If the answer is no, you
must study up on this topic. The short answer is every MPLS label takes 4 bytes, so adding
the additional 12 bytes accounts for three additional labels in the label stack.

IS-IS Metrics
Cisco’s IS-IS implementation sets a default metric of 10 for all interfaces, regardless of
their bandwidth. Notice that I aim to steer clear of comparing IS-IS with OSPF features in
contrast to many educational materials. The approach here avoids confusion during exam
scenarios. Instead, I prefer separating the specifics of each protocol. This approach facilitates
clearer understanding and quicker identification of knowledge gaps. It’s preferable to
maintain clarity rather than risk confusion during exams, especially with nuanced questions.
However, everyone has their preferred study method, so choose what works best for you.

Telegram: @cisco_in_persian_channel
138 CCNP SPCOR 350-501 Official Cert Guide

In IS-IS, administrators need to manually configure interface metrics if different values are
required. The original IS-IS specification and RFC 1195 specify a 6-bit width for individual
interface metrics (1–63) and a 10-bit width for complete path metrics (1–1023). While suffi-
cient at the time of definition, modern requirements demand a broader metric range. Also, do
not forget that vendors can implement RFCs differently. Think of the topology in Figure 5-1
(try to visualize this in your head). PE6 and PE7 are neighbors via L1, but their loopbacks are
in L2; the path from PE7 to PE6’s loopback 10.100.100.6 will have four links because it must
travel through the contiguous L2 backbone. This should add up to the metric value of 40. I
have quickly converted the wide metrics to the default narrow metrics on all routers (one com-
mand on IOS under the routing process, two commands on XR under each address family).
You can see what happens in Example 5-23.
Example 5-23 IS-IS Narrow Metrics Behavior

RP/0/RP0/CPU0:PE7# show isis protocol | include Metric style

Metric style (generate/accept): Narrow/Narrow
Metric style (generate/accept): Narrow/Narrow
Metric style (generate/accept): Narrow/Narrow
Metric style (generate/accept): Narrow/Narrow
RP/0/RP0/CPU0:PE7# show ip route | include 100.6/32

i L2 10.100.100.6/32 [115/40] via 10.100.57.5, 00:01:33, GigabitEthernet0/0/0/0

RP/0/RP0/CPU0:PE7# traceroute 10.100.100.6

Type escape sequence to abort.

Tracing the route to 10.100.100.6

1 10.100.57.5 6 msec 4 msec 5 msec

2 10.100.45.4 6 msec 5 msec 5 msec
3 10.100.46.6 7 msec * 6 msec

Three links to get to PE6 plus the loopback add up to the metric value of 40, regardless of band-
width. It doesn’t matter if the links are 1 Mb or 400 Gb; they have the same path metric of 10.
You can see how setting all interfaces to the same metric can lead to suboptimal routing and
why designs may call for changing interface metrics. The IS-IS metric becomes similar to the hop
count metric that is used by the distance-vector protocols. Then, there is the issue of correlating
1 Mb to 400 Gb. Now, you can attempt to change the PE6 loopback0 metric to 100 (you know
that 63 is the maximum allowed under the narrow construct), as shown in Example 5-24.
Example 5-24 IS-IS Narrow Metrics Changing Values

PE6# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE6(config)# interface loopback0
PE6(config-if)# isis metric 100
Warning: for metrics greater than 63, 'metric-style wide' should be configured on
level-1-2, or it will be capped at 63.

RP/0/RP0/CPU0:PE7# show ip route | include 100.6/32

i L2 10.100.100.6/32 [115/93] via 10.100.57.5, 00:01:44, GigabitEthernet0/0/0/0

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 139

With a quick change on PE6, you can see that PE7 sees 93 (10 + 10 + 10 + 63). While the
interface metric is limited to 63 and does not allow you to set 100, PE7 sees a path metric
that exceeds 63 because the cost is added from the local LSP database. Now, try adding a
metric on another router. Example 5-25 adds a metric of 20 (instead of 10) on P5.
Example 5-25 IS-IS Narrow Metrics Changing Values on P5

RP/0/RP0/CPU0:P5# configure
RP/0/RP0/CPU0:P5(config)# router isis CCNP
RP/0/RP0/CPU0:P5(config-isis)# interface gigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:P5(config-isis-if)# address-family ipv4
RP/0/RP0/CPU0:P5(config-isis-if-af)# metric 20
RP/0/RP0/CPU0:P5(config-isis-if-af)# commit
RP/0/RP0/CPU0:P5(config-isis-if-af)#

RP/0/RP0/CPU0:PE7# show ip route | include 100.6/32

i L2 10.100.100.6/32 [115/103] via 10.100.57.5, 00:00:04, GigabitEthernet0/0/0/0

You can quickly see how this approach can become unmanageable on larger networks. This
is why RFC 3784 (now RFC 5305) introduced wide metrics to address this issue, allowing 5
for a 24-bit interface metric range and a 32-bit range for entire path metrics. It is highly rec-
ommended to utilize wide metrics, especially for Segment Routing support and why they
are enabled at the beginning of this chapter. Remember that it is essential for all routers in an
area to use the same metric type. Try getting on PE5 now and rolling back your configura-
tions to wide metrics. You will achieve IS-IS adjacency, but you will not build the complete
SPF tree. The reason is that you are sending different TLVs that are independent of each
other. Example 5-26 clearly illustrates this from how PE6 views the topology.
Example 5-26 IS-IS Incomplete SPF Tree Due to Mixed Narrow and Wide Metrics

PE6# show isis topology

IS-IS TID 0 paths to level-1 routers

System Id Metric Next-Hop Interface SNPA
PE6 --
PE7 10 PE7 Gi1 5254.0009.c33c

IS-IS TID 0 paths to level-2 routers

System Id Metric Next-Hop Interface SNPA
PE3 20 P4 Gi3 5254.0014.efed
P4 10 P4 Gi3 5254.0014.efed
P5 **
PE6 --
PE7 **

PE6 can compute narrow metrics but has trouble with P5 and PE7, since P5 advertises wide
metrics. Both routers’ SPF trees are incomplete because the routers cannot reconcile 6-bit
and 24-bit values—which is not possible. RFC 3787 specified the migration process from
narrow to wide metrics without affecting the topology. Consult Example 5-27, where a tran-
sitional mode metric is applied to advertise both narrow and wide TLVs at the same time.

Telegram: @cisco_in_persian_channel
140 CCNP SPCOR 350-501 Official Cert Guide

Once the network topology runs in the transitional state, the operator can gradually convert
to wide metrics.
Example 5-27 IS-IS Metrics Transitional State

RP/0/RP0/CPU0:PE3(config-if)# router isis CCNP

RP/0/RP0/CPU0:PE3(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE3(config-isis-af)# metric-style ?
narrow Use old style of TLVs with narrow metric
transition Send and accept both styles of TLVs during transition
wide Use new style of TLVs to carry wider metric
RP/0/RP0/CPU0:PE3(config-isis-af)# metric-style transition ?
level Set metric-style for one level only
<cr>
RP/0/RP0/CPU0:PE3(config-isis-af)# metric-style transition level ?
<1-2> Level
RP/0/RP0/CPU0:PE3(config-isis-af)# metric-style transition level 1 ?
<cr>
RP/0/RP0/CPU0:PE3(config-isis-af)#

Also, observe that you can specify a different metric for different levels where you set the
default metric of 100 for L1 interfaces and 1000 for L2 interfaces in Example 5-28. As you
can see, metric 63 is still used for L1 connections even though you specify the default level
of 100.
Example 5-28 IS-IS Metrics Varying Level Metrics

RP/0/RP0/CPU0:PE3(config-isis-af)# do show run router isis

router isis CCNP
net 49.0001.0101.0010.0003.00
log adjacency changes
address-family ipv4 unicast
metric-style narrow level 1
metric-style wide level 2
metric 100 level 1
metric 1000 level 2
RP/0/RP0/CPU0:PE3(config-isis-af)# do show isis topology
Wed Feb 28 18:01:02.041 UTC

IS-IS CCNP paths to IPv4 Unicast (Level-1) routers

System Id Metric Next-Hop Interface SNPA
PE2 63 PE2 Gi0/0/0/1 *PtoP*
PE3 --

IS-IS CCNP paths to IPv4 Unicast (Level-2) routers

System Id Metric Next-Hop Interface SNPA

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 141

PE3 --
P4 1000 P4 Gi0/0/0/2 *PtoP*
P5 1000 P5 Gi0/0/0/3 *PtoP*
PE6 1010 P4 Gi0/0/0/2 *PtoP*
PE7 1010 P5 Gi0/0/0/3 *PtoP*

Route Advertisement
As mentioned earlier, areas control adjacencies, levels create topologies. In IS-IS, levels
control LSP flooding. Consider the following logic:

1. A Level-1 router looks at the destination address and compares the area address to its
own area.
2. If the Level-1 area is equal, then flood within its Level-1 area (which is what normally
happens).
3. If the Level-1 area is not equal, pass to the nearest Level-1-2 router.
4. At the Level-1-2 router, compare the area address to its own area. If the Level-1 area is
equal, use the Level-1 database. If not equal, use the Level-2 database.
5
5. Level-2 LSPs are flooded across a contiguous set of Level-2 areas.
How can this be summarized in a single sentence so that you can remember it on the exam?
Use Level-1 if equal; if not equal, pass to Level-l-2; there, try Level-1 first, then use Level-2.
That’s the best I have come up with thus far. Maybe you can come up with a better one.
Now, again consider Figure 5-1, where PE2 has only the Level-1 area routes. I got rid of all
narrow metrics in the topology to make things cleaner. PE2 has two interfaces in the L1 area,
one of these peering with PE3. Now, see what routes PE2 sees in Example 5-29.
Example 5-29 PE2 Routes

PE2# show ip route

! Output omitted for brevity
Gateway of last resort is 10.100.23.3 to network 0.0.0.0

i*L1 0.0.0.0/0 [115/10] via 10.100.23.3, 00:35:51, GigabitEthernet1

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.100.23.0/24 is directly connected, GigabitEthernet1
L 10.100.23.2/32 is directly connected, GigabitEthernet1
C 10.100.100.2/32 is directly connected, Loopback0

PE2 sees only L1 routes, and there are none coming from other routers at this time. L1
routers are aware only of the local area topology. The only route it receives is an L1 default
route, which was never configured. It’s interesting that Cisco routers do this on their own
by default. This is not the behavior of non-Cisco routers, where you have to generate these
manually. Now, see what routes PE3 sees in Example 5-30.

Telegram: @cisco_in_persian_channel
142 CCNP SPCOR 350-501 Official Cert Guide

Example 5-30 PE3 Routes

RP/0/RP0/CPU0:PE3# show route isis

i L2 10.100.45.0/24 [115/20] via 10.100.34.4, 01:22:13, GigabitEthernet0/0/0/2

[115/20] via 10.100.35.5, 01:22:13, GigabitEthernet0/0/0/3
i L2 10.100.46.0/24 [115/20] via 10.100.34.4, 01:22:13, GigabitEthernet0/0/0/2
i L2 10.100.57.0/24 [115/20] via 10.100.35.5, 01:22:13, GigabitEthernet0/0/0/3
i L2 10.100.67.0/24 [115/30] via 10.100.34.4, 01:22:13, GigabitEthernet0/0/0/2
[115/30] via 10.100.35.5, 01:22:13, GigabitEthernet0/0/0/3
i L1 10.100.100.2/32 [115/20] via 10.100.23.2, 01:16:27, GigabitEthernet0/0/0/1
i L2 10.100.100.4/32 [115/20] via 10.100.34.4, 01:22:13, GigabitEthernet0/0/0/2
i L2 10.100.100.5/32 [115/10] via 10.100.35.5, 01:22:13, GigabitEthernet0/0/0/3
i L2 10.100.100.6/32 [115/30] via 10.100.34.4, 01:22:13, GigabitEthernet0/0/0/2
i L2 10.100.100.7/32 [115/20] via 10.100.35.5, 01:22:13, GigabitEthernet0/0/0/3

PE3, an L1-L2 router, on the other hand, sees the entire topology. It sees all L2 routes,
which you can tell by the loopbacks of all five routers in the topology. It sees the L1 route
10.100.100.2 coming from PE2. It even sees the L1-level route from area 0003 (PE6 to PE7
link), but it comes in as an L2 route. Finally, let’s look at an L2-only router; PE4 is a good
example in Example 5-31.
Example 5-31 PE4 Routes

P4# show ip route

! Output omitted for brevity
Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks

i L2 10.100.23.0/24 [115/20] via 10.100.34.3, 00:42:04, GigabitEthernet2
C 10.100.34.0/24 is directly connected, GigabitEthernet2
L 10.100.34.4/32 is directly connected, GigabitEthernet2
i L2 10.100.35.0/24 [115/20] via 10.100.45.5, 00:42:04, GigabitEthernet1
[115/20] via 10.100.34.3, 00:42:04, GigabitEthernet2
C 10.100.45.0/24 is directly connected, GigabitEthernet1
L 10.100.45.4/32 is directly connected, GigabitEthernet1
C 10.100.46.0/24 is directly connected, GigabitEthernet3
L 10.100.46.4/32 is directly connected, GigabitEthernet3
i L2 10.100.57.0/24 [115/20] via 10.100.45.5, 10:51:27, GigabitEthernet1
i L2 10.100.67.0/24 [115/20] via 10.100.46.6, 10:50:46, GigabitEthernet3
i L2 10.100.100.2/32 [115/30] via 10.100.34.3, 00:36:19, GigabitEthernet2
i L2 10.100.100.3/32 [115/10] via 10.100.34.3, 10:51:59, GigabitEthernet2
C 10.100.100.4/32 is directly connected, Loopback0
i L2 10.100.100.5/32 [115/10] via 10.100.45.5, 10:51:27, GigabitEthernet1
i L2 10.100.100.6/32 [115/20] via 10.100.46.6, 10:50:46, GigabitEthernet3
i L2 10.100.100.7/32 [115/20] via 10.100.45.5, 10:50:20, GigabitEthernet1

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 143

Only L2 routes are seen. What is the conclusion? To put it into one exam-type statement:
L1 routes are advertised into the L2 backbone, and L2 routes are not advertised into L1 areas
by default, except for the default route.
Now, reread that last statement. What does it mean from a design perspective? Configure
the L1 areas to have a default route pointing to the L1-L2 router, or alternatively, place all
routers within a single large L2 area. The previous statement is my opinion (although an
educated one based on experience). Wait, what is the point of having multiple L2 areas then?
And why does Figure 5-1, the reference topology, have multiple L2 areas?
I constructed the diagram to illustrate how IS-IS behaves, not to make a design recommenda-
tion. Now that you know that PE1, which belongs to area 1, will still get area 2 and area 3
routes, why not run a single L2 area? That is what most ISPs try to do nowadays; simplicity
is the key driving force. Unless you are running out of scale. Or if you run networks under
different administrative governance. Or you are merging networks. Or you can dream up
other corner case scenarios. And for those, there are discussions, differences of opinions,
and “better” ways of doing things. If you are running out of scale, use BGP. Or use Cisco
Unified MPLS, which bridges multiple IS-IS domains into a single LSP. Or use IS-IS prefix
suppression to only advertise loopback interfaces. Or, depending on your topology, start
summarizing routes, using IS-IS mesh-groups. (Look up mesh-groups when you have time.) 5
… I have a headache coming on just thinking about this. We are here to see how the protocol
works, and if I had my say, a single IS-IS Level-2 area for the network core is where I would
start. But I am not you and I do not know your network and business. But I’m convinced
I can charge a princely sum for my consultations, just like those trendy artisanal coffees…
except I promise my advice won’t leave a bitter taste in your mouth!
Back to something far more interesting. Where does PE2’s default route in Example 5-28
come from? Yes, it comes from PE3, but how did PE3 know to advertise it? Remember, you
did not configure the default route anywhere. Even more so, what is the IS-IS mechanism
that advertised the default route to PE2? Meet the attach bit from RFC 3787, section 7.
When a router is L1-L2, it will use the attach bit to advertise to the router in the same area
how to exit the area to reach other destinations. Example 5-32 shows exactly that.
Example 5-32 IS-IS Attach Bit

RP/0/RP0/CPU0:PE3# show isis database detail PE3.00-00

IS-IS CCNP (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 * 0x00000009 0x71e8 856 /* 1/0/0
Area Address: 49.0001
NLPID: 0xcc
NLPID: 0x8e
IP Address: 10.100.100.3
IPv6 Address: 2001:3:3:3::3
Hostname: PE3
Metric: 10 IP-Extended 10.100.23.0/24
Metric: 10 IPv6 2001:10:100:23::/64
Metric: 10 IS-Extended PE2.00

Telegram: @cisco_in_persian_channel
144 CCNP SPCOR 350-501 Official Cert Guide

IS-IS CCNP (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 * 0x0000000b 0xe0e8 820 /* 0/0/0
Area Address: 49.0001
NLPID: 0xcc
NLPID: 0x8e
IP Address: 10.100.100.3
IPv6 Address: 2001:3:3:3::3
Hostname: PE3
Metric: 10 IP-Extended 10.100.23.0/24
Metric: 10 IP-Extended 10.100.34.0/24
Metric: 10 IP-Extended 10.100.35.0/24
Metric: 0 IP-Extended 10.100.100.3/32
Metric: 20 IP-Extended 10.100.100.2/32
Metric: 0 IPv6 2001:3:3:3::3/128
Metric: 10 IPv6 2001:10:100:23::/64
Metric: 10 IPv6 2001:10:100:34::/64
Metric: 10 IPv6 2001:10:100:35::/64
Metric: 20 IPv6 2001:2:2:2::2/128
Metric: 10 IS-Extended P4.00
Metric: 10 IS-Extended P5.00
RP/0/RP0/CPU0:PE3# show ip route
! Output omitted for brevity
Gateway of last resort is not set

C 10.100.23.0/24 is directly connected, 00:33:30, GigabitEthernet0/0/0/1

L 10.100.23.3/32 is directly connected, 00:33:30, GigabitEthernet0/0/0/1
C 10.100.34.0/24 is directly connected, 00:33:30, GigabitEthernet0/0/0/2
L 10.100.34.3/32 is directly connected, 00:33:30, GigabitEthernet0/0/0/2
C 10.100.35.0/24 is directly connected, 00:33:30, GigabitEthernet0/0/0/3
L 10.100.35.3/32 is directly connected, 00:33:30, GigabitEthernet0/0/0/3
i L2 10.100.45.0/24 [115/20] via 10.100.35.5, 00:33:26, GigabitEthernet0/0/0/3
[115/20] via 10.100.34.4, 00:33:26, GigabitEthernet0/0/0/2
i L2 10.100.46.0/24 [115/20] via 10.100.34.4, 00:33:29, GigabitEthernet0/0/0/2
i L2 10.100.57.0/24 [115/20] via 10.100.35.5, 00:33:26, GigabitEthernet0/0/0/3
i L2 10.100.67.0/24 [115/30] via 10.100.35.5, 00:33:26, GigabitEthernet0/0/0/3
[115/30] via 10.100.34.4, 00:33:26, GigabitEthernet0/0/0/2
i L1 10.100.100.2/32 [115/20] via 10.100.23.2, 00:33:30, GigabitEthernet0/0/0/1
L 10.100.100.3/32 is directly connected, 00:34:08, Loopback0
i L2 10.100.100.4/32 [115/20] via 10.100.34.4, 00:33:29, GigabitEthernet0/0/0/2
i L2 10.100.100.5/32 [115/10] via 10.100.35.5, 00:33:26, GigabitEthernet0/0/0/3
i L2 10.100.100.6/32 [115/30] via 10.100.34.4, 00:33:29, GigabitEthernet0/0/0/2
i L2 10.100.100.7/32 [115/20] via 10.100.35.5, 00:33:26, GigabitEthernet0/0/0/3

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 145

In PE3’s LSP database Level-1 section, the ATT bit is flipped to the value of 1; this is what
makes PE3 advertise this default route to this Level-1 area. What could be interesting is to
look at PE6 and PE7, since they both belong to the same Level-1 area. How would their data-
bases look for area 0003, I wonder? Example 5-33 shows this.
Example 5-33 IS-IS Attach Bit on Multiple Routers

PE6# show isis database detail

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE6.00-00 * 0x0000000B 0x8CE1 1102/* 1/0/0
Area Address: 49.0003
NLPID: 0xCC 0x8E
Hostname: PE6
Metric: 10 IS-Extended PE7.00
IP Address: 10.100.67.6
Metric: 10 IP 10.100.67.0/24
IPv6 Address: 2001:10:100:67::6
5
Metric: 10 IPv6 2001:10:100:67::/64
PE7.00-00 0x0000000C 0x8C38 599/1200 1/0/0
Area Address: 49.0003
NLPID: 0xCC 0x8E
IP Address: 10.100.100.7
IPv6 Address: 2001:7:7:7::7
Hostname: PE7
Metric: 10 IP 10.100.67.0/24
Metric: 10 IPv6 2001:10:100:67::/64
Metric: 10 IS-Extended PE6.00

Isn’t that something? Both PE6 and PE7 advertise their own exits from area 0003. But back
to PE3. In the lower output of Example 5-32, you should also observe that there is no default
route on PE3; it just knows about all the IS-IS networks advertised in the topology. You can
change this, however. You can hop on P4 and advertise the default route into the topology, as
shown in Example 5-34.
Example 5-34 IS-IS Default Route Origination

P4# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
P4(config)# router isis
P4(config-router)# default-information ?
originate Distribute a default route

P4(config-router)# default-information originate ?

route-map Route-map reference
<cr> <cr>

Telegram: @cisco_in_persian_channel
146 CCNP SPCOR 350-501 Official Cert Guide

P4(config-router)# default-information originate

P4(config-router)#

RP/0/RP0/CPU0:PE3# show ip route

! Output omitted for brevity
Gateway of last resort is 10.100.34.4 to network 0.0.0.0

i*L2 0.0.0.0/0 [115/10] via 10.100.34.4, 00:00:07, GigabitEthernet0/0/0/2

C 10.100.23.0/24 is directly connected, 00:52:00, GigabitEthernet0/0/0/1
L 10.100.23.3/32 is directly connected, 00:52:00, GigabitEthernet0/0/0/1
C 10.100.34.0/24 is directly connected, 00:52:00, GigabitEthernet0/0/0/2
L 10.100.34.3/32 is directly connected, 00:52:00, GigabitEthernet0/0/0/2
C 10.100.35.0/24 is directly connected, 00:52:00, GigabitEthernet0/0/0/3
L 10.100.35.3/32 is directly connected, 00:52:00, GigabitEthernet0/0/0/3
i L2 10.100.45.0/24 [115/20] via 10.100.35.5, 00:51:56, GigabitEthernet0/0/0/3
[115/20] via 10.100.34.4, 00:51:56, GigabitEthernet0/0/0/2
i L2 10.100.46.0/24 [115/20] via 10.100.34.4, 00:51:59, GigabitEthernet0/0/0/2
i L2 10.100.57.0/24 [115/20] via 10.100.35.5, 00:51:56, GigabitEthernet0/0/0/3
i L2 10.100.67.0/24 [115/30] via 10.100.35.5, 00:51:56, GigabitEthernet0/0/0/3
[115/30] via 10.100.34.4, 00:51:56, GigabitEthernet0/0/0/2
i L1 10.100.100.2/32 [115/20] via 10.100.23.2, 00:51:59, GigabitEthernet0/0/0/1
L 10.100.100.3/32 is directly connected, 00:52:38, Loopback0
i L2 10.100.100.4/32 [115/20] via 10.100.34.4, 00:51:59, GigabitEthernet0/0/0/2
i L2 10.100.100.5/32 [115/10] via 10.100.35.5, 00:51:56, GigabitEthernet0/0/0/3
i L2 10.100.100.6/32 [115/30] via 10.100.34.4, 00:51:59, GigabitEthernet0/0/0/2
i L2 10.100.100.7/32 [115/20] via 10.100.35.5, 00:51:56, GigabitEthernet0/0/0/3

Note the option to use a route map, but you just want the vanilla default route. It immedi-
ately shows up on PE3 as well. Again, P4 has no default route in its RIB. It doesn’t matter,
because it still advertises that route.

Overload Bit
The Overload bit is a good one to be aware of. Originally, it signified memory exhaustion on
a router—a rare condition on modern routers. Operators cleverly use this technique to route
the traffic around the router on which they plan to do maintenance. Example 5-36 shows this
feature in action. I will take P5 out of service for “maintenance.” But before we do, here is a
good brainstorming activity to prepare you for the exam and professional work.
Look at Figure 5-1 again. When you take P5 out of service, what consequences will this have
on the topology? Do not read the answer but think about this discussion on areas and lev-
els. Will full reachability work between areas 1 and 3? Specifically, will PE3 be able to ping
PE7’s loopback 10.100.100.7?
The answer should be no, since PE7’s loopback0 is in Level-2, which will be cut off from the
contiguous connectivity to the backbone as soon as P5 is no longer a part of the path. By
taking P5 out of service, you will break the rule of keeping the backbone fully connected

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 147

and lose reachability. It is good to think ahead, and that is what I am trying to coach you on.
Our suggestion is to convert the PE6-PE7 link to Level-2. Do this on your own. This task
shouldn’t be hard. If you do not do it, you will not be able to reach PE7 unless you come up
with this or a different solution. Let’s pick up in Example 5-35 before making the change.
Example 5-35 Overload Bit Usage Part 1

RP/0/RP0/CPU0:PE3# show ip route | include 10.100.100.7/32

i L2 10.100.100.7/32 [115/20] via 10.100.35.5, 00:00:36, GigabitEthernet0/0/0/3
RP/0/RP0/CPU0:PE3# trace 10.100.100.7

Type escape sequence to abort.

Tracing the route to 10.100.100.7

1 10.100.35.5 5 msec 3 msec 3 msec

2 10.100.57.7 6 msec * 6 msec

Notice that PE3’s route and trace to PE7 lie through P5. Now for some unscheduled
maintenance window time…
5
Example 5-36 Overload Bit Usage Part 2

RP/0/RP0/CPU0:P5# configure
RP/0/RP0/CPU0:P5(config)# router isis CCNP
RP/0/RP0/CPU0:P5(config-isis)# se?
segment-routing set-overload-bit
RP/0/RP0/CPU0:P5(config-isis)# set-overload-bit ?
advertise If overload-bit set advertise the following types of IP prefixes
level Set overload-bit for one level only
on-startup Set overload-bit temporarily after reboot
<cr>
RP/0/RP0/CPU0:P5(config-isis)# set-overload-bit
RP/0/RP0/CPU0:P5(config-isis)# commit
RP/0/RP0/CPU0:P5(config-isis)# do show isis database P5.00-00

IS-IS CCNP (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P5.00-00 * 0x00000011 0x46b8 1186 /* 0/0/1

IS-IS CCNP (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P5.00-00 * 0x00000016 0xe798 1186 /* 0/0/1

After seeing the option to advertise the overload bit for different prefixes, levels, or on
start-up, you can choose the road most traveled and see the OL bit flipped to 1 in the LSP
database. In Example 5-37, you can confirm that PE3 now takes a different path.

Telegram: @cisco_in_persian_channel
148 CCNP SPCOR 350-501 Official Cert Guide

Example 5-37 Overload Bit Usage Part 3

RP/0/RP0/CPU0:PE3# show ip route | include 10.100.100.7/32

i L2 10.100.100.7/32 [115/30] via 10.100.34.4, 00:06:11, GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:PE3# trace 10.100.100.7

Type escape sequence to abort.

Tracing the route to 10.100.100.7

1 10.100.34.4 3 msec 2 msec 3 msec

2 10.100.46.6 37 msec 3 msec 3 msec
3 10.100.67.7 9 msec * 9 msec

Now you have all the time in the world to upgrade P5 to the image TAC wants you to load.
What other things do I have in mind for you? Let’s do a couple more before we move on to
troubleshooting IS-IS.

Authentication
IS-IS supports plaintext and MD5 authentication on hello packets and LSPs. PE2 and PE3
peering desperately needs these, your manager tells you. For exam purposes, it’s good to know
that TLV 10 stores IS-IS authentication, which is present in IIH and PDUs. Example 5-38 shows
one way to configure authentication.
Example 5-38 IIH Plaintext Authentication IOS

PE2# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE2(config)# key chain IIH
PE2(config-keychain)# key 1
PE2(config-keychain-key)# key-string IKNOWISIS
PE2(config-keychain-key)# interface GigabitEthernet 1
PE2(config-if)# isis authentication mode ?
md5 Keyed message digest
text Clear text password

PE2(config-if)# isis authentication mode text

PE2(config-if)# isis authentication key-chain IIH
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 UP 20 00

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 UP 11 00
PE2(config-if)# do show isis neighbor

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 149

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 UP 2 00
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 UP 005 ms 00
PE2(config-if)# do show isis neighbor

System Id Type Interface IP Address State Holdtime Circuit Id

PE2(config-if)#

In this example, you enable the IOS side and can watch the peering dissolve in front of
your eyes as the countdown timer expires. Now, you can fix the other side, as shown in
Example 5-39.
Example 5-39 IIH Plaintext Authentication IOS XR

RP/0/RP0/CPU0:PE3# configure 5
RP/0/RP0/CPU0:PE3(config)# router isis CCNP
RP/0/RP0/CPU0:PE3(config-isis)# interface gigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE3(config-isis-if)# hello-password ?
WORD The unencrypted (clear text) hello password
accept Use password for incoming authentication only
clear Specifies an unencrypted password will follow
encrypted Specifies an encrypted password will follow
hmac-md5 Use HMAC-MD5 authentication
keychain Specifies a Key Chain name will follow
text Use cleartext password authentication
RP/0/RP0/CPU0:PE3(config-isis-if)# hello-password text IKNOWISIS
RP/0/RP0/CPU0:PE3(config-isis-if)# do show isis neighbor

IS-IS CCNP neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
PE2 Gi0/0/0/1 *PtoP* Init 22 L1 Capable
P4 Gi0/0/0/2 *PtoP* Up 26 L2 Capable
P5 Gi0/0/0/3 *PtoP* Up 23 L2 Capable

Total neighbor count: 3

RP/0/RP0/CPU0:PE3(config-isis-if)# commit
RP/0/RP0/CPU0:PE3(config-isis-if)# do show isis neighbor

IS-IS CCNP neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
PE2 Gi0/0/0/1 *PtoP* Up 29 L1 Capable
P4 Gi0/0/0/2 *PtoP* Up 29 L2 Capable
P5 Gi0/0/0/3 *PtoP* Up 28 L2 Capable

Telegram: @cisco_in_persian_channel
150 CCNP SPCOR 350-501 Official Cert Guide

Total neighbor count: 3

PE2# show isis neighbors detail

System Id Type Interface IP Address State Holdtime Circuit Id

PE3 L1 Gi1 10.100.23.3 UP 23 00
Area Address(es): 49.0001
SNPA: 5254.000e.c224
IPv6 Address(es): FE80::5054:FF:FE0E:C224
IPv6 Global Address: 2001:10:100:23::3
State Changed: 00:15:56
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: GigabitEthernet1
Neighbor Circuit Id: 7
L1 Last Hello Authentication Type: Text

There are several authentication options. If you choose plaintext, right before hitting
commit, you see PE2 is in Init state. As you hit commit, it comes right back up.
What would be good homework at this point? Try getting this to work with key chains on
the XR side, because they do not support plaintext authentication.
The second task is to secure LSPs. You can take care of the IOS side first, as in Example 5-40.
Example 5-40 LSP MD5 Authentication

PE2# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PE2(config)# router isis
PE2(config-router)# authentication mode md5
PE2(config-router)# authentication key ?
WORD Name of key-chain

PE2(config-router)# authentication key LSP ?

enable-poi enable purge originator identification tlv
level-1 ISIS authentication for level-1
level-2 ISIS authentication for level-2
<cr> <cr>

PE2(config-router)# authentication key LSP

PE2(config-router)# exit
PE2(config)# key chain LSP
PE2(config-keychain)# key 1
PE2(config-keychain-key)# key-string AUTH-LSP
PE2(config-keychain-key)#

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 151

RP/0/RP0/CPU0:PE3# configure
RP/0/RP0/CPU0:PE3(config)# router isis CCNP
RP/0/RP0/CPU0:PE3(config-isis)# lsp-password ?
WORD The unencrypted (clear text) LSP/SNP password
accept Use password for incoming authentication only
clear Specifies an unencrypted password will follow
encrypted Specifies an encrypted password will follow
hmac-md5 Use HMAC-MD5 authentication
keychain Specifies a Key Chain name will follow
text Use cleartext password authentication
RP/0/RP0/CPU0:PE3(config-isis)# lsp-password keychain LSP ?
enable-poi Enable purge originator identification
level Set lsp-password for one level only
send-only Authenticate outgoing LSPs/SNPs only
snp Specify SNP packets authentication mode
<cr>
RP/0/RP0/CPU0:PE3(config-isis)# lsp-password keychain LSP
RP/0/RP0/CPU0:PE3(config-isis)# exit 5
RP/0/RP0/CPU0:PE3(config)# key chain LSP
RP/0/RP0/CPU0:PE3(config-LSP)# key 1
P/0/RP0/CPU0:PE3(config-LSP-1)# cryptographic-algorithm md5
RP/0/RP0/CPU0:PE3(config-LSP-1)# key-string AUTH-LSP
RP/0/RP0/CPU0:PE3(config-LSP-1)# commit
RP/0/RP0/CPU0:PE3(config-LSP-1)#

PE2# show isis database detail

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 * 0x00000026 0x2FC8 802/* 0/0/0
Auth: Algorithm MD5, Length: 17
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: PE2
Metric: 10 IS-Extended PE3.00
IP Address: 10.100.100.2
Metric: 10 IP 10.100.100.2/32
Metric: 10 IP 10.100.23.0/24
IPv6 Address: 2001:2:2:2::2
Metric: 10 IPv6 2001:2:2:2::2/128
Metric: 10 IPv6 2001:10:100:23::/64
PE3.00-00 0x00000024 0x6FB7 0 (802)/1200 1/0/0
Auth: Algorithm MD5, Length: 17

Telegram: @cisco_in_persian_channel
152 CCNP SPCOR 350-501 Official Cert Guide

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 * 0x0000001E 0x272B 802/* 0/0/0
Auth: Algorithm MD5, Length: 17
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: PE2
Metric: 10 IP 10.100.100.2/32
Metric: 10 IP 10.100.23.0/24
Metric: 10 IPv6 2001:2:2:2::2/128
Metric: 10 IPv6 2001:10:100:23::/64

The task is now complete and verified. Note that I deliberately avoid the use of show
running-config unless it is absolutely necessary. To excel in this exam and become a pro-
ficient engineer (as Cisco expects), hands-on learning is paramount—a belief I strongly
uphold. Mere book knowledge falls short; I’ve encountered individuals adept at memoriza-
tion yet unable to execute fundamental networking tasks. My aim is to pass invaluable skills
on to you, those you’ll appreciate profoundly if you embrace this method.

Back to IS-IS Areas

Would you like to do some “James Bond” networking before moving on to troubleshooting
IS-IS? Look at Figure 5-3, where I propose making a couple of changes to the topology.

IS-IS
Area 0002
IS-IS L1 IS-IS
Area 0001 Area 0003

L1 L2 L1
L2
PE2 P4 PE6

L2
L1 L2 L1

L2 L2

PE3 P5 PE7
L2 L2 L1

Figure 5-3 IS-IS Topology Change

To stage what I am about to show you next, you need to convert area 0003 to L1 links and
add an additional L1 link between PE2 and PE6. If you are using CML or other virtualized
platforms, this task should not take you long. I am going to power down the current lab to
get interfaces added and will see you in a few minutes. You can also roll back the last change
on P5 for the overload bit if you would like. Here is where you pick up in Example 5-41.

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 153

Example 5-41 PE2-PE6 Connectivity Verified

PE6(config-if)# do ping 10.100.26.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.26.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/15/57 ms

Question: Can PE2 and PE6 exchange L1 routes? If you recall what we covered previously in
this chapter, the answer should be no. What is your explanation as to the reasons why? Here
are two. First, areas are not equal; therefore, the direct L1 adjacency is not possible. Second,
since L2 routes are not leaked to L1 areas by default, both PE2 and PE6 will be missing
routes from each other’s areas. You can take a snapshot of what you see with Example 5-42.
Example 5-42 PE6 Topology View

PE6(config-if)# do show isis database

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL 5
PE6.00-00 * 0x00000005 0x45D7 1032/* 1/0/0
PE7.00-00 0x00000003 0xD768 1027/1199 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 0x00000013 0x0C6C 1032/1117 0/0/0
P4.00-00 0x0000000E 0xC616 1031/1200 0/0/0
P5.00-00 0x00000011 0xED9B 1032/645 0/0/0
PE6.00-00 * 0x00000015 0x8C88 1036/* 0/0/0
PE7.00-00 0x00000017 0xA92C 1032/1193 0/0/0
PE6(config-if)# do show ip route | include L1|L2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
i*L2 0.0.0.0/0 [115/10] via 10.100.46.4, 00:03:03, GigabitEthernet3
i L2 10.100.23.0/24 [115/30] via 10.100.46.4, 00:03:01, GigabitEthernet3
i L2 10.100.26.0/24 [115/40] via 10.100.46.4, 00:03:01, GigabitEthernet3
i L2 10.100.34.0/24 [115/20] via 10.100.46.4, 00:03:03, GigabitEthernet3
i L2 10.100.35.0/24 [115/30] via 10.100.46.4, 00:03:01, GigabitEthernet3
i L2 10.100.45.0/24 [115/20] via 10.100.46.4, 00:03:03, GigabitEthernet3
i L2 10.100.57.0/24 [115/30] via 10.100.46.4, 00:03:02, GigabitEthernet3
i L2 10.100.100.2/32 [115/40] via 10.100.46.4, 00:03:01, GigabitEthernet3
i L2 10.100.100.3/32 [115/20] via 10.100.46.4, 00:03:01, GigabitEthernet3
i L2 10.100.100.4/32 [115/20] via 10.100.46.4, 00:03:03, GigabitEthernet3
i L2 10.100.100.5/32 [115/20] via 10.100.46.4, 00:03:02, GigabitEthernet3
i L1 10.100.100.7/32 [115/10] via 10.100.67.7, 00:03:07, GigabitEthernet1

On PE6, notice the absence of PE2’s peering (not in the LSP database) and the single L1
route from PE7. A critical question: How would you solve this “problem”? Think before
reading further.

Telegram: @cisco_in_persian_channel
154 CCNP SPCOR 350-501 Official Cert Guide

If you understand the mechanics of IS-IS and what you need to know for the exam, a possi-
ble and quick solution should be to make their areas equal. I propose you convert area 0003
on PE6 and PE7 to area 0001. Example 5-43 shows PE6; PE7 needs this as well.
Example 5-43 Changing Area 0003 to Area 0001

PE6(config)# router isis

PE6(config-router)# no net 49.0003.0101.0010.0006.00
PE6(config-router)# net 49.0001.0101.0010.0006.00
PE6(config-router)#

Are you ready to see what happened? Take a look at Example 5-44.
Example 5-44 Changing Area 0003 to Area 0001 results

PE6(config-if)# do show isis database

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE2.00-00 0x00000012 0xFE7B 1192/1200 0/0/0
PE3.00-00 0x0000000F 0x7068 1193/527 1/0/0
PE6.00-00 * 0x0000000A 0xB524 1194/* 1/0/0
PE7.00-00 0x00000007 0xCF6C 1193/1200 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
PE3.00-00 0x00000014 0xC62E 1193/1199 0/0/0
P4.00-00 0x0000000E 0xC616 602/1200 0/0/0
P5.00-00 0x00000012 0xEB9C 927/1198 0/0/0
PE6.00-00 * 0x00000018 0x440A 1194/* 0/0/0
PE7.00-00 0x00000019 0xEEB1 1193/1199 0/0/0
PE6(config-if)# do sh ip route | i L1|L2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
i*L2 0.0.0.0/0 [115/10] via 10.100.46.4, 00:10:23, GigabitEthernet3
i L1 10.100.23.0/24 [115/20] via 10.100.26.2, 00:00:33, GigabitEthernet2
i L2 10.100.34.0/24 [115/20] via 10.100.46.4, 00:10:23, GigabitEthernet3
i L2 10.100.35.0/24 [115/30] via 10.100.46.4, 00:10:21, GigabitEthernet3
i L2 10.100.45.0/24 [115/20] via 10.100.46.4, 00:10:23, GigabitEthernet3
i L2 10.100.57.0/24 [115/30] via 10.100.46.4, 00:10:22, GigabitEthernet3
i L1 10.100.100.2/32 [115/20] via 10.100.26.2, 00:00:33, GigabitEthernet2
i L1 10.100.100.3/32 [115/20] via 10.100.26.2, 00:00:32, GigabitEthernet2
i L2 10.100.100.4/32 [115/20] via 10.100.46.4, 00:10:23, GigabitEthernet3
i L2 10.100.100.5/32 [115/20] via 10.100.46.4, 00:10:22, GigabitEthernet3
i L1 10.100.100.7/32 [115/10] via 10.100.67.7, 00:10:27, GigabitEthernet1
PE6(config-if)# do trace 10.100.100.3
Type escape sequence to abort.
Tracing the route to 10.100.100.3
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.26.2 2 msec 1 msec 0 msec
2 10.100.23.3 20 msec 5 msec *

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 155

Voila! Notice that the peering is built, and L1 area 0001 contains routes from both PE3
and PE7. The adjacency completes, and the L1 routes dominate the pathing in the area as
described at the beginning of IS-IS logical flow. The IS-IS jigsaw puzzle is finally complete.
At this point, you should have a thorough understanding of how the protocol functions.
When doing this “007” networking, it is easy to mess up the IS-IS database. Should this hap-
pen, clear the IS-IS processes and database, and the network will put itself back together.

Troubleshooting IS-IS
If you paced yourself and carefully examined the content in this chapter, you have climbed
far on the IS-IS mountain and already have the most important aspect necessary for trouble-
shooting this protocol: you understand the mechanics of how it works. What you may be
missing now are the commands to reveal where the problems lie. Table 5-3 summarizes the
more important ones that you have seen throughout these discoveries.

Table 5-3 More Relevant IS-IS Troubleshooting Commands

Command Clues It Provides
show isis neighbor Shows level type, interfaces, state, holdtime
show isis neighbor detail Displays SPNA, IPv4/IPv6 addresses, area address 5
show isis protocol Displays interfaces, protocols and metrics, System ID
show isis database detail Displays a detailed view of SPF tree and LSP database
show isis topology Displays IS-IS paths to Intermediate Systems
show isis lsp-log Displays LSP transitions
show ip route isis Displays incoming IS-IS routes
show clns interface Displays interface status and configuration, MTU
clear isis * Clears all IS-IS data structures
clear isis lspfull Clears LSP state
debug isis adj-packets Debugs IS-IS adjacency information
debug isis authentication Debugs IS-IS authentication events

Well, that is IS-IS for you. Stay confident in your understanding of this protocol and don’t
get bogged down in minutiae, because it’s your grasp of the core principles that will prove
most valuable during the exam. IS-IS is a robust protocol for running your network underlay.
I suggest you go through the review section that follows and take a good break to let the
knowledge settle for a few days before diluting it with OSPF, which we will tackle next.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have a few
choices for exam preparation: the exercises here, Chapter 23, “Final Preparation,” and the
exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topic icon in the
margin of the page. Table 5-4 lists a reference of these key topics and the page numbers on
which each is found.

Telegram: @cisco_in_persian_channel
156 CCNP SPCOR 350-501 Official Cert Guide

Table 5-4 Key Topics for Chapter 5

Key Topic Element Description Page Number
Paragraph CLNS Addressing for IS-IS 111
Table 5-2 Configuring Basic IS-IS in IOS XE and IOS XR 113
Paragraph Areas and Levels 129
Paragraph Reasons for Broken Adjacencies 134
Section Route Advertisement 141
Table 5-3 More Relevant IS-IS Troubleshooting Commands 155

Define Key Terms

Define the following key terms from this chapter and check the answers in the glossary:

Connectionless Network Service (CLNS), CSNP, DIS, IIH, Link-State Database (LSDB),
link-state routing protocol (LSP), NET address, NSAP, NSEL, SPF Algorithm, SPNA, TLV

Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this
chapter. You might not need to memorize the complete syntax of every command, but you
should be able to remember the basic keywords that are needed.
To test your memory of the commands, cover the right side of Table 5-5 with a piece of
paper, read the description on the left side, and then see how much of the command you can
remember.
The 350-501 exam focuses on practical, hands-on skills that are used by networking profes-
sionals. Therefore, you should be able to identify the commands needed to configure and
test. Note that not all commands are fully covered in the chapter, but their presence in the
following table should lead you to investigate them further to understand this technology.

Table 5-5 CLI Commands to Know

Task Command Syntax
Specify the type of authentication mode {md5 | text} [level-1 | level-2]
authentication used in
Intermediate System to
Intermediate System (IS-IS)
packets for the IS-IS instance
Enable authentication IS-IS authentication key-chain name-of-chain [level-1 | level-2]
Globally change the metric metric default-value [level-1 | level-2]
value for all IS-IS interfaces
Configure an IS-IS routing ip router isis area-tag
process for IP on an interface
and to attach an area designator
to the routing process

Telegram: @cisco_in_persian_channel
 Chapter 5: IS-IS 157

Task Command Syntax

Configure a router running metric-style wide [transition] [level-1 | level-2 | level-1-2]
IS-IS so that it generates and
accepts only new-style type,
length, value objects (TLVs)
Display information about IS-IS show isis neighbors [detail]
neighbors
Display information regarding show isis node [ link | prefix ] [ node-name ]
IS-IS nodes
Display paths for a specific show isis rib [ip-address | ip-address-mask]
route or for all routes under
a major network that are
stored in the IP local Routing
Information Base (RIB)
Display how often and why the show isis [area-tag] [ipv6 | *] spf-log [topology
router has run a full Shortest {ipv6 | topology-name | *}]
Path First (SPF) calculation
Display a list of all connected show isis [process-tag] [ipv6 | *] topology [hostname] 5
routers in all areas [level-1 | level-2 | l1 | l2]

Review Questions
As a part of the review, we encourage you to provide a single-sentence answer (keep your
answers as short as possible) to the following questions. If you struggle to complete this
answer in a single sentence, this may indicate a lack of clarity or reveal gaps in your under-
standing. We have constructed these questions to help you consolidate this chapter’s
information and extract the essence of the covered content.
The answers to these questions appear in Appendix A. For more practice with exam format
questions, use the Pearson Test Prep Software Online.

1. Can you explain the single key advantage of the IS-IS protocol over OSPF in a service
provider network?
2. What is the difference between IS-IS areas and levels?

Bibliography
R. Callon. RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments,
IETF, https://tools.ietf.org/html/rfc1195, December 1990.
T. Li and H. Smit. RFC 3784, Intermediate System to Intermediate System (IS-IS)
Extensions for Traffic Engineering (TE), IETF, https://tools.ietf.org/html/rfc3784,
June 2004.
T. Li and H. Smit. RFC 5305, IS-IS Extensions for Traffic Engineering, IETF, https://
tools.ietf.org/html/5305, October 2008.
J. Parker. RFC 3787, Recommendations for Interoperable IP Networks using Intermedi-
ate System to Intermediate System (IS-IS), IETF, https://tools.ietf.org/html/rfc3787,
May 2004.

Telegram: @cisco_in_persian_channel