Here is our IS-IS Lab Topology
Time to do some IS-IS labs. I am going to try and make these short and simple. I am sure as I get more into Junos I will write more complex IS-IS topologies and start to include LDP as well.
For this I just want to show what an IS-IS configuration would look like.
Up first replacing the config on R4
R4#configure replace flash:base.txt
Ok, that’s done – J1, J2, and J3 next.
First up, we need to roll-back to the rescue config. This is done from the edit mode by issuing the command rollback rescue.
jfry@J1> edit
Entering configuration mode
[edit]
jfry@J1# rollback rescue
load complete
[edit]
jfry@J1# commit and-quit
commit complete
Exiting configuration mode
jfry@J1>
Let’s take a look at the config we have loaded:
jfry@J1> show configuration | display set
set version 12.1R2.9
set system host-name J1
set system root-authentication encrypted-password “$1$KzNk.qW/$snaQkMp/4d3vZWjO5YONG/”
set system login user jfry full-name “Jeff Fry”
set system login user jfry uid 2002
set system login user jfry class super-user
set system login user jfry authentication encrypted-password “$1$GlR67aAm$uTukNzdwUDf7VDIBxi6sq/”
set interfaces ge-0/0/0 unit 0 family inet address 192.168.12.1/24
set interfaces fe-0/0/2 unit 0 family inet address 192.168.13.1/24
set interfaces fe-0/0/7 unit 0 family inet address 192.168.14.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
jfry@J1>
See, back to the base config that we first saved as a ‘rescue’ config.
Now to J2:
jfry@J2> edit
Entering configuration mode
[edit]
jfry@J2# rollback rescue
load complete
[edit]
jfry@J2# commit and-quit
commit complete
Exiting configuration mode
And J3:
jfry@J3> edit
Entering configuration mode
[edit]
jfry@J3# rollback rescue
commload complete
[edit]
jfry@J3# commit and-quit
commit complete
Exiting configuration mode
jfry@J3>
Ok, time to configure IS-IS on R4, J1, J2, and J3.
For this, we will use 49.0000.0000.0000.000X.00 where X=Router Number
Also for the sake of this lab we will disable Level 1 and only do Level 2.
R4 real quick:
R4(config)#router isis Fryguy
R4(config-router)# net 49.0000.0000.0000.0004.00
R4(config-router)#is-type level-2
R4(config-router)#int e0
R4(config-if)#ip router isis Fryguy
R4(config-if)#router isis Fryguy
R4(config-router)#passive-interface Loopback0
R4(config-router)#
J1 is up first!
jfry@J1> edit
Entering configuration mode
First this we do is enable isis on the interfaces, starting with ge-0/0/0. And when we configure this, we will need to disable Level 1 on them.
[edit]
jfry@J1# set protocols isis interface ge-0/0/0 level 1 disable
[edit]
jfry@J1# set protocols isis interface fe-0/0/2 level 1 disable
[edit]
jfry@J1# set protocols isis interface fe-0/0/7 level 1 disable
Yup, we enable it for the loopback address as well.
[edit]
jfry@J1# set protocols isis interface lo0 passive
Now we need to enable the ISO family for the interface. ISIS is an iso level protocol, it does not rely on IP or IPv6.
[edit]
jfry@J1# set interfaces ge-0/0/0 unit 0 family iso
[edit]
jfry@J1# set interfaces fe-0/0/2 unit 0 family iso
[edit]
jfry@J1# set interfaces fe-0/0/7 unit 0 family iso
And under the loopback interface we configure our ISO family address for this router.
[edit]
jfry@J1# set interfaces lo0 unit 0 family iso address 49.0000.0000.0000.0001.00
Let’s look at the config
[edit]
jfry@J1# show | compare
[edit interfaces ge-0/0/0 unit 0]
+ family iso;
[edit interfaces fe-0/0/2 unit 0]
+ family iso;
[edit interfaces fe-0/0/7 unit 0]
+ family iso;
[edit interfaces lo0 unit 0]
+ family iso {
+ address 49.0000.0000.0000.0001.00;
+ }
[edit]
+ protocols {
+ isis {
+ interface ge-0/0/0.0 {
+ level 1 disable;
+ }
+ interface fe-0/0/2.0 {
+ level 1 disable;
+ }
+ interface fe-0/0/7.0 {
+ level 1 disable;
+ }
+ interface lo0.0;
+ }
+ }
And then commit and-quit.
[edit]
jfry@J1# commit and-quit
commit complete
Exiting configuration mode
Ok, time to do J2 and J3, same way.
J2:
jfry@J2> edit
Entering configuration mode
[edit]
jfry@J2# set protocols isis interface ge-0/0/0 level 1 disable
[edit]
jfry@J2# set protocols isis interface ge-0/0/1 level 1 disable
[edit]
jfry@J2# set protocols isis interface lo0 passive
[edit]
jfry@J2# set interfaces ge-0/0/0 unit 0 family iso
[edit]
jfry@J2# set interfaces ge-0/0/1 unit 0 family iso
[edit]
jfry@J2# set interfaces lo0 unit 0 family iso address 49.0000.0000.0000.0002.00
[edit]
jfry@J2# commit and-quit
commit complete
Exiting configuration mode
jfry@J2>
And now J3:
jfry@J3> edit
Entering configuration mode
[edit]
jfry@J3# set protocols isis interface fe-0/0/2 level 1 disable
[edit]
jfry@J3# set protocols isis interface fe-0/0/3 level 1 disable
[edit]
jfry@J3# set protocols isis interface lo0 passive
[edit]
jfry@J3# set interfaces fe-0/0/2 unit 0 family iso
[edit]
jfry@J3# set interfaces fe-0/0/3 unit 0 family iso
[edit]
jfry@J3# set interfaces lo0 unit 0 family iso address 49.0000.0000.0000.0003.00
[edit]
jfry@J3# commit and-quit
commit complete
Exiting configuration mode
Ok, now to check the inet.0 routing table on J1:
jfry@J1> show route table inet.0
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:47:08
> via lo0.0
2.2.2.2/32 *[IS-IS/18] 00:29:34, metric 10
> to 192.168.12.2 via ge-0/0/0.0
3.3.3.3/32 *[IS-IS/18] 00:28:12, metric 10
> to 192.168.13.3 via fe-0/0/2.0
4.4.4.4/32 *[IS-IS/18] 00:00:47, metric 10
> to 192.168.14.4 via fe-0/0/7.0
192.168.12.0/24 *[Direct/0] 00:46:05
> via ge-0/0/0.0
192.168.12.1/32 *[Local/0] 00:46:31
Local via ge-0/0/0.0
192.168.13.0/24 *[Direct/0] 00:46:27
> via fe-0/0/2.0
192.168.13.1/32 *[Local/0] 00:46:31
Local via fe-0/0/2.0
192.168.14.0/24 *[Direct/0] 00:12:32
> via fe-0/0/7.0
192.168.14.1/32 *[Local/0] 00:46:31
Local via fe-0/0/7.0
192.168.23.0/24 *[IS-IS/18] 00:29:34, metric 20
> to 192.168.12.2 via ge-0/0/0.0
There we go, we have routes to J2 and J3 loopback interfaces. As you can see, it says they are being advertised by IS-IS.
Now let’s configure some Level 2 authentication using MD5 with a key of Juniper
First we will do the Cisco router, R4:
R4(config)#key chain ISIS
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string Juniper
R4(config-keychain-key)#router isis Fryguy
R4(config-router)#authentication mode md5
R4(config-router)#authentication key-chain ISIS
Now for the Juniper routers, J1 first:
[edit]
jfry@J1# set protocols isis level 2 authentication-key Juniper
[edit]
jfry@J1# set protocols isis level 2 authentication-type md5
[edit]
jfry@J1# show | compare
[edit protocols isis]
+ level 2 {
+ authentication-key “$9$cJTrKWNdsJGiLxGik.zFcyl”; ## SECRET-DATA
+ authentication-type md5;
+ }
[edit]
jfry@J1# commit and-quit
commit complete
Exiting configuration mode
jfry@J1>
Now we will take that config and merge it into J2 and J3:
protocols {
isis {
level 2 {
authentication-key “$9$cJTrKWNdsJGiLxGik.zFcyl”; ## SECRET-DATA
authentication-type md5;
}
}
}
J2:
jfry@J2# load merge terminal
[Type ^D at a new line to end input]
protocols {
isis {
level 2 {
authentication-key “$9$cJTrKWNdsJGiLxGik.zFcyl”; ## SECRET-DATA
authentication-type md5;
}
}
}
load complete
[edit]
jfry@J2# commit and-quit
commit complete
Exiting configuration mode
And now J3:
jfry@J3# load merge terminal
[Type ^D at a new line to end input]
protocols {
isis {
level 2 {
authentication-key “$9$cJTrKWNdsJGiLxGik.zFcyl”; ## SECRET-DATA
authentication-type md5;
}
}
}
load complete
[edit]
jfry@J3# commit and-quit
There, we have area authentication now and we can check by using show isis authentication. Let’s look at J1:
jfry@J1> show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/2.0 2 MD5 MD5 MD5
fe-0/0/7.0 2 MD5 MD5 MD5
ge-0/0/0.0 2 MD5 MD5 MD5
That is about all that I will cover for IS-IS in this lab. Maybe when I get into the MPLS portion I will do more on IS-IS.
[AMAZONPRODUCT=1449316638]