Monday, September 1, 2014

HOWTO: For ISIS adj on IOS-XE, IOS-XR and NX-OS

In this post, I will show  a few examples on how to build IS-IS adj on the following hardware;
( ASR1K , ASR9K, NX3548 )

note: I was surprise to learn that my based nexus3548 has support for ISIS

1st the topology & some details.



VLAN 18 multi-access ethernet
ISIS level-1 only
net 49
area 1
no authentication 
system mtu 1514

1st  IOS-XE

This was quite simple & IOS is practically the same as IOS-XE
 
I  build a vrf named "ISIS" ( note case sensitivity in our vrf names ).






Next, we plumbed our vlan subintf over an existing port-channel group and defined our vrf forwarder








We now do the same for our looback address which is our sys-id btw







lastly we've build the  router isis configuration for the vrf named ISIS








2n IOS-XR

This pretty much the same steps, but doing it IOS-XR style. Some of the configuration cmds are different due to this is IOS-XR.

1st We define our  VRF













2nd our sub-intf and loopback address configurations












3rd the actual ISIS router configuration














Lastly NXOS

Here we did not define any vrf so all configuration was done in the default vrf. The configuration steps are simple and similar to IOS-XE or plain jane IOS

1st we used a Vlan SVI interface and defined our  loopback
















Next we build  the router isis configuration









======================================================================

Finally here's some helpful show commands;


IOS-XE





IOS-XR








NX-OS


====================================================================

Keypoints to take away

  • Just like with OSPF interface MTU mis-mtach will break ISIS adj
  • ISIS runs on top of layer2 protocol and does not require IP like RIP/EIGRP/OSPF/BGP
  • All cisco routers will build helos for L1 and L2 but only uses L2 hello between areas
  • unlike OSPF a ISIS router can ONLY be in one area
  • IS-IS is very similar to OSPF and used the same  Dijkstra's algorithm
  • IS-IS is a open routing protocol support by almost all routing vendors
  • The L2 backbone needs to be contiguous
  • Fortinet Fortigate sand Juniper Firewalls both support ISIS
  • The cisco ASA does not


Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
   ^      ^
=(  $  $ )=
       o 
      /  \

3 comments: