Cisco CCNP Service Provider 350-501 SPCOR Topic: ISIS Routing – Advance
December 21, 2022

1. Tuning ISIS Levels

So, in this section, we’ll continue with our previous configurations, where we’ve already configured one area, which is 49 10 4. This was already set up in one of our previous classes. So we are just going to continue the configuration, and in this section we are going to configure another area, which is the 49:00:25:6 area, and then we’ll see the exchange of routes between the two different areas, and after that we’ll do some optimizations like changing the level types, and then again we’ll verify how the routes are exchanged. So let us start with the configuration here. So I have a task here where we are going to configure router 256 in the area of 49, 56, and the last will be the router number, whereas the system ID will be all zeros. Okay? And we are going to advertise the connected and loop-back interfaces of each and every router, and on the router loop bags we are going to use a pass interface command. So I’m going to add this extra configuration here.

So pass interface command, I’ll come to this, and we’ll also enable IPV 6, as well as IPV 6 unique as routing, because if you don’t enable IPV 6 unicast routing in the first place, it won’t accept or advise your IPV 6 routes. Okay? So the first thing we are going to advise is IPV6 routing, then we are going to define the net ID, and then we are going to issue a command called passive interface loopback zero. Now, what this passive interface command is going to do is, by default, you know that whenever you are an interface, So if I go to my interface, any interface, it can be my connected interface or it can be my loopback interface. As a result, we issue the commands IP routerISS and IPV6 routers. As a result, any command you issue by default will cause this interface to begin sending hello messages. That’s a default behavior.

But what I can do is just configure a passive interface loop bag zero because the loop bag zero that we are using here, which is just working as a land interface, is not going to send any hello messages because we don’t have any specific router connected to it. So we are just disabling these messages on this interface. So if you disable the connected interface, it will affect your neighbouring relationships. So pass interface is nothing but we are advertising the interface but we are not sending any hello interface, hello messages on that interface. So it’s always recommended to enable passive interface commands on whichever interface is not connecting to your other specific routers. Take an example: you have a LAN interface that’s going to connect to my switches, but there’s no routing running. There’s no ISS running on the other end. So you can configure a patch interface on this interface. Also.

So that is something that is recommended to simply reduce the processing overhead. Okay, but it’s not required that you do it, but it’s a best practice. So the same thing I’m going to do here also And then after that, we are going to enable on the connected interfaces the commands for IP router ISS and IPV6 router ISS. Okay? So let us configure our routers 2, 5, and 6. Okay, so I’m getting into my command line for router two here. So here are my router’s two configurations. I’ll go to router 2, and as the first command, I’ll use IPV6 as the unique routing protocol. And then I’m going to enable ISS. And then I’m going to say “pass interface loopback zero.” Okay? And then I’m going to say interface loopback zero, IProuter ISS and IPV six router ISS commands, the sametwo commands I need to enable on my remaining interfaces, which is s one by zero connecting to router Phi.I’ll say IP router assess IPV6 routers, then S one by one.

Also, I’m going to do the same thing with IPV6 router ISS and IP router ISS. So we’ll configure the remaining routers in the same manner. So I just configured these commands. If you want, you can verify by running a partition command, which I use to verify my router ISS configurations. So I did not confirm the network ID here. So, let me just confirm the network ID you can see when I verify that no network ID configuration exists. So I missed that. Apart from that, everything I configured at 49, 26 is the Adid, which you are using, and then allzeros, which has two as my system ID. Okay, done. So now, if I verify my configurations with the show run partition router ISS command, you can see these are my configurations. Okay? And the next thing we’re going to do is I think I forgot to pass interface low-back zero. So we configured the router tool. So if you want, you can just copy and paste these commands. To simplify, you can copy and paste these commands, and you can use notepad to simply change the commands like and after that, we used the IP router ISS command and then the IPV Six commands in the interfaces one by zero. Similarly, the same commands were used on S one by one as well as on my low-back interface.

So all we have to do now is change it to one by one and interface low back zero. So these are my router two configurations. And if I want the same configurations in the router file as per our diagram, So on the router file, if you just compare the configurations with the diagram here, everything is the same except changing the system by adding “pass interface loop back zero.” And on the router file we have s oneby zero and f zero by zero interfaces. So these are the two interfaces that are connecting, and then finally the loopback interface. When you’re doing similar configurations, you can always use Notepad to simplify and make your configurations much faster. And one thing I forgot, I did notgive IPV Six unique as routing command. So it ensures that we also enable IPV 6.

So I’ll add this command before this one, and we’ll be in configuration mode. Done. Okay, so similar ways on the router file Similarly, if I compare the same conflicts on Router 6, everything on our Router 6 is the same except for the system ID. Then, on router six, we have one by one interface, zero by zero interface, and interface loadback is also the same. So those are the router’s six configurations. So I’m going to paste these configurations directly. Okay? Done. So once we configure these things, I should be able to see the neighbors. That’s the first verification we should do. As a result, the router has been validated. Router Phi and Router Two are the two neighbours I can see. And if I verify the route exchange, I should be able to see the routes coming from RouterPhi as well as coming from Router Two. I should be able to ping those Router Phi lowback addresses, so zero back. In addition, I should be able to top the router two.

Two two. And similarly, if you verify IPV Six routes, I should be able to see the routes for IPV Six as well, and I should be able to ping the loopback interfaces of Router Two as well as Router Five. Done. So we’ll configure our other areas as well as this one in this manner. So these are all the configurations, and we verified all these things here. Not only that, what we are going to do is configure Router One and Router Two to provide reachability between the two areas. So now if I verify my routes here, I can see the routes coming from five and two, but I don’t see the routes coming from the other area because this link that is connecting Router One and Router Two is not running ISS. We did not enable ISS on that interface. So, once we enable ISS on that interface automatically, the routes from this area to another will be exchanged.

So, once we’ve completed the configuration, we may only need to connect to this interface; no need to configure net IDs. Net ID is already configured. We need to go to the zero-by-zero interface and enable IP router ISS and IPB Six router ISS commands. So let us do that in order to exchange routes between two different areas. So I’ll go to router 1, and I’ll be verifying. Briefly demonstrate the IP interface You can see the interface is up, which is connecting between one and two. And I’m going to test the connectivity just to make sure the link between routers One and Two is flawless. Because if the link is done, in that case, you don’t see the exchange of routes. So I’m going to use interface mode, which is connecting Router One and Router Two zero by zero. And I’m going to say the command is called IP router ISS and IPV six router ISS. Done. Similarly, I must execute the same command on router two. As a result, the interface between One and Two is F zero by zero IP Router ISS and IPV Six Router ISS commands.

So now, once we finish these configurations, I should be able to see routers one and two form the neighborship. Okay, that is the first thing we need to verify with our ISS neighbors. You can see Router Two is forming a neighbour relationship with Router One, but it is only L Two because Router One is in a different area and Router Two is in a different area. You can see that this area is 49, 1, 3, 4, and different. So both the routers are configured in different areas. That’s the reason. By default, it forms only L-2 Two neighborship.Even though it is connected, it is a broadcast network because in the broadcast network, we have separate L-1 and L-2 neighborhoods. But here you will have only one neighborhood, which is L-2, because both are in different areas. And now all the routers are running. L one. L two. Because if you remember, we learned that the default levelon every router is L One and L Two.which means the router will be able to exchange information and form a neighbour network with routers in a different area as well as those from the same area. So it’s going to work. Okay, so the default is “one” and “two,” and all of the routers here are “one” and “two,” and we’re using “one” and “two” as well. So the neighbourly relationship has been established.

The next thing we need to verify is the exchange of routes. Now, once we finish the configuration, I should be able to see the routes coming from Router Three. And Router Four must be seen on Router Five. Router Five routes are also available. Router Six must be seen on routers Three and Four. Okay, that is the next thing we need to verify. So let’s first verify the router itself. So if I give Show IP ISS, I should beable to see the routes coming from Three and Four.These two routes are on Router router Two here.So for Three and Four, you can see the route coming from Three and the route coming from Four. Okay, so there are two Two Routes.L Two routes are nothing more than coming from a different general area. So these are just like your OA routes. The routes come from a different area. Whereas you can see one route, both routes come from the same area. Now I can see the routes on the router too. As a result, I should be able to see the routers Phi and Six as well. So let’s go to Router Phi or Router Six. Display the IP route.ISS Now, I should be able to see the routes coming from Three and Four as two routes. And let us verify IPV Six routes as well. I should be able to see the routes coming from Router Three as well as from Router Four.

So you can see that I’m able to see the routes between the two different areas. So I’ll try to verify end-to-end connectivity from this end to the other. So I’m testing with the ping command. I’m pinging routers five, three, and four. I should be able to ping in a similar way. If you want, you can try toping to any IPV Six addresses. In 2001, it was three-it source interface low-back zero. So you can see that the last time I was trying to ping, it was not pinging because I missed some commands on the Router 3. I missed this command on the Router 3. I believe I missed some routers, including the Router One. So just try to configure IPV Six syncast routing. Okay? So once I configure that command, you can see I’m able to reach the routes from Router Three. I can reach Router Five as well as Router Six. We can test the same thing from the other end. So once we configure this, we can see there is an exchange of routes between the two different areas here. So now, from the routing table, we can verify that whatever routes are coming from the other area will be seen as normally two routes, and whatever routes are coming from the same area will be seen as one One routes. So it’s very clear here the routing table.As a result, the routes originate in both the same and different areas. Okay, so all the routers are running levels one and two. As a result, all routers are set up in this manner by default. They are L1 and L two. We have not made any changes to our routers as of yet. 

2. Tuning ISIS Levels – Continued

So now the next task is what we are going to do, which is manipulate the levels here. Now, by default, all the routers are learning levels one and two, which means it is going to maintain a separate database for level one. In addition, if you’re connecting to broadcast networks, you’re probably keeping separate neighbours for level one and level two. So now what I want exactly here is to ensure that only a specific router should work at level 1. So it’s always recommended to configure either level one or level two. And whenever you require it, use levels one and two. Like in my scenario, all the routers are running at level one or level two, but that is not required. So we can optimise our ISS by configuring this router. Router 5 can only be set to level 1 because it is forming a neighbour ship with only routers in the same area. So L One will most likely work. As a result, L1 and L2 are not required in every router. So I’m going to do it in the same way that I can configure router six as L 1. Similarly, I’ll configure router three as L1 and router four as L1. Okay? And the remaining routers, such as this one, I can’t change to L2, because if I do, it will form a neighbourhood with router 2, but it will disrupt the neighbourhood with other routers. As a result, we must ensure that routers one and two are set to levels one and two.

 So that’s the reason we are not modifying anything here on router one or router two. We are only modifying the border routers: our router three, router four, router five, and router six. So what we are doing is we are going to configure these four routers as level 1 only. So we’re going to learn how to change the levels now. Okay? So that’s what we call optimization here. We don’t need to maintain level-two information here. So that’s the reason we are just removing and we are just using as only level one. So now, to change the levels, there is only one command we need to give. We need to get into the interface. Sorry, not in the interface; in the router mode inside the router ISS, we need to say ISS type is type level. So there’s only one command we need to apply. So let us go to our 34568 routers, starting with router 3 here. So I’m going to say “router ISS type.” You can always use cushion marks. You have a number of options. You can change to level one or you can change to level two, which is the default anyway. And even then, you can change levels only up to two only.

Depending upon the requirement, we can select any one level. As of now, my requirement is to configure router 3456 into level one. Done. So I’ll use the same commands for the show history command and try to copy and paste the same command on routers four, file, and six. So similar methods on the router Phi as well as the router 6. So now that we have changed the levels, it should not affect the reachability between the routers. If I try to check from the router six, which is on the left side here, from the router six, I should be able to access the routers on the other end, which are the router three and the router phone. So let us verify: if I try toping to three-dot loopback, that is router-3, which is the source of my loopback interface. We’re probably taking some time to reach convergence. So let’s give some time for convergence here. Okay, now you can see the entire configuration. The ISS has converged. Now you can see I’m able to topper to router 3 from router 6. Also, I should be able to ping the other router, which is router 4. So you can see that they are similar way. If you want, you can try from the other end. I’ll try to ping my loopback IPV-6 services 20013 with source interface loopback zero, and in a similar way, I’ll try to verify for router 4 as well. So even if you change the level types, as long as you are going to configure the exact correct levels, it’s not going to affect the reachability. But there is one critical point to note here: if I look at the routing table on router six or any of the routers where I configured level one, Now you can see there are no L-2 routes here.

So now this is one thing we need to understand about ISIS. So this behaviour is similar to that of OSPF Stub in OSPF. If you remember, OSPF Stub is going to replace all the external routes with a single default route in a similar way. There is something like this in ISS; let us see what that behaviour is here. So let us try to understand what happens here. As per our previous configurations, what we did was change the default levels of the end routers, router 5 and router 6, to level 1, and router 3 and router 4 to level 1 routers. And these two routers, which are myborder routers, are connecting there by default, running levels one and two. In the case of ISS, the default behaviour is always “accept” whenever the route originates at level 2. In simple terms, the route is coming from level two, which is from a different area, okay? when it reaches the border router. In our example, the borderrouter is at levels one and two. As a result, when the route reaches the border router of the other area, it is coming from a different area. This is another area where my area starts.

So it’s going to receive the router. So the router is receiving two routes from a different area, and it is sending the same routes within the area, which means that this router is going to send the routes to other routers, which are my level one routers. Now these router are my level one routers. They are just configured as level one. Now, routes going from level two to levelone, it will not send the specific routes. There are no specific routes sent. So instead of sending the specific routes, it is simply going to send a default route to level one routers. So by default, level two routers send only the default route to level one. Because these internal routers do not need to keep track of the information of the other area routers, the border router will. So a similar thing is happening in our scenario. In our scenario, the route is also provided by router 3. Router four is sent to router one first. So router one is going to receive the route, and then router two is going to receive the same routes again. Okay? Because router one and router two form a level 2 neighborship, router two receives these routes at level 2. So they are in different areas.

So now, by default, when the route is coming from level 2, when it is sending to internal routers, which are my routers 5 and 6, it is not going to send the specific route. Instead, it is simply sending only the default route. So, if we try to replicate the same behaviour here, let us see how it goes. If I go to my router number two and verify my routing table there, the router number two has more specific routes. Here you can see the auto-2 is taking more specific routes because it is a border router. There are three and four routes available. Okay? But when it is sending it to internal routers, which are my router file and router six, if I go to my router Phi or router six, and if I verify here, I don’t see the routes coming from one. I don’t see the route coming from three and four. Instead, I only see the default route. Because when the router sends the routes to internal routers, it is going to send only the default route. So this is similar to your “OSPF stops” concept. But the difference is that when OSPF stops, what happens is that, by default, when you confirm your external routes, they reach the border router, and the border router will only send the default route to the internal routers. The border router, on the other hand, will keep more specific information here. So in the case of OSPF terminology, we call this border router “One.” L2 routers, L1 routers, and external routers are all examples of internal routers. External routes are nothing more than routes coming from a different area here. So in the case of OSPO, we need to confirm manually stuff. But in the case of ISS, this behaviour is the default. So by default, it is going to send only the default routes here. As a result, it is sending to level one. It is going to send only the default routes.

So it is not the type of optimization in ISS that will ensure that your internal routers do not need to maintain such a large routing table in order to have a simple default route for any routes that come from outside the area, and the border router will maintain more individual specific routes. So if you want, you can even allow specific routes to go through with that. That is what we call “route linking,” which we’ll be discussing in the next session. But this is the default behavior, which we need to understand. So these are the sameconfigurations which I just discussed. Six is found by the router; there is no route from three and four. Instead, router two is going to send a default route from router six to router one. So router one is going to send the default to all internal routers instead of a more specific router. You can see this type of output for IP version four as well as for IP version six. Also, you’ll see some defaults coming. Okay, now there is a new task. What we’re doing now is changing the level type interface specific. If you recall from our previous task, we set up the different levels by configuring routers one and two as levels one and two, respectively. So routers one and two are globally operating at levels one and two, respectively, whereas all border routers, such as 3456, are configured at level one. Now if I want, I can even configure my router to use different levels on different interfaces.

So, if the levels we used here are global, they will apply to all of our neighbors. In this case, I can instruct router one to use runlevel two when approaching this interface, indicating that it is connecting on a zero-by-zero interface. On this interface it has to run level two. But on the remaining interfaces, I want my router to run at level one only. This is one type of optimization in which you can reduce the number of levels running. So you can define that on this interface it should run at level 2, and on the remaining interfaces it should run at level 1. So that can be done by using a command called “is circuit type level two” or “is circuit type level one” under the interface. So under the interface, we can even change the default levels, and I can change it to level two only under the interface. As you can see, even though I changed the level, the neighborship remained. And I’m going to say that the remaining interfaces are all of the “circuit level 1” variety. So what I’m doing is changing the interfaces to run at level one on the interfaces connecting to three and four, and I want my router to run at level two when it is connecting to router one and router two.

So let me just quickly configure these things. I’ll go to router 1. On router 1, I’m going to connect the interface, which I’m connecting between router 1 and router 2. I’m going to go with ISS type. You must remember these commands. So it’s not really required to do it; it’s not mandatory, but if you want to do it, you can. But especially when you’re troubleshooting your networks, you may come across this type of scenario where there is a mismatch of levels under the interface as well. So I’m going to set level two only on the interfaces connecting to my routers two and three, which are serial interfaces (ISS circuit type), and level one on the remaining interfaces one by one. Now, I’m going to do the same thing on router number two, because router number two has the same interfaces as router number one. So I’m going to copy paste these configurations. Now, once you do this, you should see that the neighbour ship should be up because if there’s a mismatch of levels or if you misconfigure these levels, you will not see the neighbour ship. You can now see the neighborship between these routers in the same way that if I check on router one, I can see that the neighborship is not going to be affected by these configurations. But we are optimising our routers to run only at specific levels as per the requirement. So that is something you can really do to optimise your networks. Okay? Finally, I’ll do a small task here: configure ISS as point-to-point; we can even change the network type; and this is something else we should keep in mind because mismatching network types can affect your neighborship.

That is your broadcast multiaccess network. It’s an Ethernet network. I want to change this network type to point-to-point. If you want, we can change it. and the command is very simple. We must first define the ISS network point-to-point command before proceeding to the interfaces. And that’s a simple command here; let me just quickly do the same thing here, between three and four. So I just want to know these options here because when you are doing troubleshooting, especially for ISS, you may come across this type of scenario where there is a mismatch of network types or levels. You should know each and every command relating to that. Okay, there’s a reason we are doing some basic configurations here just for testing. Interface F, zero by zero, which is connecting three and four, is what I’m going to call the ISS network. So the ISS network And there is just a point-to-point option here. It’s already been broadcast. So I’m going to run the same command on router three now, and if I verify the neighbor’s shape three, between three and four, it’s down because the other end is a broadcast network. So I’m going to do the same thing on the router four. I’m going to say ISS network point to point over Interface F, zero by zero. So now, once I configure the same networktypes on both the sites, now I can see the neighbour ship comes up here. So this is a small task when you can do it. Because sometimes, especially if you are troubleshooting in the production networks or in the CCI lab exams, you may be configured with this type of configuration and you may be asked to troubleshoot the networks.

3. Designated Intermediate System – DIS

Non preemptive elections mean that if the A router goes down automatically, it will make B router a Dr. So suppose A is back. Now that A is back, B will become the Dr, B will be the Dr, and C will be the PDR. So A can only become the Dr when these two existing Dr and BDR go down. We call this non-preemptive elections. Non-preemptions means that if any specific router who is a Dr goes down, he has to wait until the remaining two routers go down here. Which means unless and until the remaining two routers go down Circuit. ID. Is this so that it represents that this particular router is a Dr.

Now, based on what factors? Just now we discussed that based on the priority value. As we discussed the priority value, we did not modify anything. So the default priority value is 64. So if I verify my Mac addresses, show interface f zero by zero. You can see the Mac address of router three is c zero seven. This is the Mac address of router three. Okay, so I’ll try to I’ll try to keep the Mac address here. This is the Mac address of router three. And similar way I’ll try to check the Mac address of router four. Router four show interface f zero by zero. So this is the Mac address of router four. You can see show interface command. We can verify the Mac address. This is your Mac address. So if we just try to compare the Mac address of these devices here, the Mac address of router three is coseven, which is higher when compared with co six.

So router three is having the highest SNP address. In OSI terminology we call it as SNP address. In simple, we can say it’s a Mac address, actually. Okay, so Rotator is having the highestMac address because both the devices having the default priority value of 64.Now the tribeker is your SNPaddress, that is your Mac address. So highest will win.So if you want, you can even change the priority value. Like what we’ll do is in this scenario, no was per our scenario, router three and router four are connecting via our F zero by zero interfaces and both the devices having the same priority value. And by default this is your des. The reason is it is having the highest SNP address. It’s a normal router here. Now, in case if I want to make a router four asdis, so I want to configure router four as a dis. So what I can do is I can go to this interface just like we use priority commandIposp, priority command in OSP of similar way, we can even change the priority value on the interface. So I can simply say is priority and I can define the priority and you canuse cushion marks to find the possible range. The possible range is between zero to 127.So if I give the priority value of100 here automatically now, what happens is the priority value on the router 364.Now when you compare with router four, the priority value is 100, so it will make automatically router four as Tis. So let us verify the same thing here. Let me do the same task here as I verified just now. When I give you show ISS neighbors, you can see router three is my Diaz router here.

So I want to make router four as DS. So I’m going to my interface which is connecting between router three and router four and I’m going to define the priority value. And the priority value range is between zero to 127 in case of ISS. So I’m going to define something higher than the default 64.So when I give 100 now, so when Igive show is neighbors, you can see I don’t really need to clear the process because as I discuss the elections are preemptive automatically. When any specific router comes with a higher priority, they will automatically make it as a Dr.As you can see it has changed to this option here. Previously it was router three and similar way. If I check here also router four is my Dr here diaz. Okay, so not really required to do this, butdias, you know, in case of broadcast network, all the exchange of the routes happen through dies. So the concept of diaz is similar to the concept of your designated routerconcept, which we discuss in our OSPF. Okay, so both are similar, but the only differences are in case of OSPF, the elections are non preemptive. In case of ISS, the elections are preemptive, and incase of OSPF, we have Dr as well as we have a backup designated router, whereas in case of ISS, we just have only designated intermediate systems. And this is non preemptive. And this is Prem Two. Okay, so even we can changesimple commands like ISS Priority Command. The default priority value of the Tis.

4. ISIS Metric

So in this video, we’re going to discuss path manipulations. In ISS, path manipulation is just changing the cost on interfaces, how to change it, and then we’ll verify it, changing the cost on the interfaces so that we can redirect the traffic from an alternate route. And also, we’ll see some authentication commands. Authentication commands are similar to rip HRP configurations. Okay, so we’ll be discussing two things. So let’s first start with the path manipulation here. So now I’ve got a small task here. So we are going to continue with the same configurations and the same lab as in our previous sessions here. So, where we already have preconfigured areas in both areas, we also have route exchange and level type changes, as we did in our previous video. So it’s just a continuation lab because we just need two routers or multiple routers so that we have multiple paths here. So if I try to see the question here, the task here is that we need to configure router three. Router three, by default, uses the path via router one to reach the other area routes using the default route. Like just now, we discussed that these routers have the default route here. So router three is using this route by default to reach the other area routes. Similar way, router four is using this route because the default cost of the interface is ten.

If you remember the cost, the default cost of every interface is ten. Whatever the speed of the link, it’s not going to see As a result, each interface has a cost of ten by default. So if I take the cost of ten now, by default, when router six goes to another area, it uses this route because, from this route, the cost is ten plus 1020. In fact, in order to reach other areas, you must first reach router 3. So it is using this route. So router six is using that path to reach router three; it is going through router six, then router two, and then router one to get to router three because that is the default cost it is using because it is less expensive in that path compared to other paths. So in a similar way, if I try to see from router five, router five is using this route; the same route is like this. In a similar way, Router 6 uses this route. So it’s not going to use this route because this root is having more higher cost than this route.

So, if I verify my routing table and also try to trace by going to Router 5, if I try to trace and trace to reach Router 3, I can see that, by default, it goes to Router 2 first, which is my border router, and then goes to Router 1, which is the next router. And then it reaches router three. When I trace router four from router five, it takes the same route two one and then goes directly to router four. It’s not going to be an alternate route because of the cost. The route with the lowest cost is the preferred route. And if I verify the cost here, you can see that the default cost is ten because of the default route I’m getting from here. As a result, it will only cost ten dollars here. Okay? So, if I remove the default route, if you want to remove it again, you must ensure that all routers are running level one or level two. So if I do that, then I can really see the cost as well. Now I’m not going to do that. So what I want to do here is to do some path manipulation so that router three prefers the route via router three, four one, to get to the other area, which means that router four, by default, uses this route to get there.

This is a default route that it uses, and I want to manipulate the cost such that it has to prefer this route, which means to go outside the area, it has to go via router 3, and then it has to go to router 1, and then go outside the area. So, to make that possible, I can raise the price of route 3-4-1. So to make this possible, what I can do is change the metric. As I discuss, the default metric of every interface will be ten by default ten. Now if you want, you can even verify with this command, “show CLNS interface command,” by going to any one of my routers. So if you go to that interface, you can see that the default metric is ten, and you can also see the priority value over there and the default priority value on some interfaces; I think it’s 64 here. So now what we are doing is changing the cost interface. One by zero is the sum of one and three. So I’m going to say ISS metric. Okay, now you can use these numbers to define the default metric, or whatever metric you want. So I’m going to define it as 50. So in a similar way, I’m going to do the same thing on the router 3 as well. So before I change the metric, I want to show you the metric on that interface. So shearness interfaces are listed one by one; use this command to determine the actual metric. The default metric is ten here. So once I change it, I’m going to interface and say ISS metric, and I’m going to change it to 50. So on router one and router three, I am changing the metric to 50 on both sides. You can see I just changed the metric here. Okay, so the metric has been changed now, so once I change the metric, the route should also change if I verify my routing table. Now you can see the route is going where, out of four, the default route is preferring router four.

 And if I trace any route outside the area, it goes to router 4, then to router 1, then to router 2, and finally to router 5. Because the default would cost $20, as per our calculation, $20 is more preferred than $50, which we just calculated. So this way, we can really manipulate the matrix. And if I try to do the same thing with IPV6 routes, let me verify the same thing from router 3, and I’ll try to verify my IPV6 routing table. Even the IPV6 routes also change if I try to trace the route outside the area, which is router fire router six. As you can see, the IPV6 metric is also changing. Now by default, because we did not change the metricin IPV Six by default, it uses the same SPFalgorithm for IPV Four and IPV Six, which means bydefault, when you make any changes in iOS routers, when you make any changes to any specific configurations in IPVFour, it will automatically affect the IPV Six. Because we have a common SPF algorithm that runs for both, So we call it a single topology. Regarding single topology and multitopology, we’ll go over the differences in detail in our next session, as well as the advantages and disadvantages of each. So I’m not getting into that particular part here as of now. So you can see, we just did that. So, in a similar manner, you can try some other tasks, such as using router 5, which by default reduces this route and which we can manipulate so that it prefers the alternate route. So you can try this combination when you have multiple connections and possibly try to manipulate the metrics by using the ISS metric command.

5. ISIS Authentication

So in this section, we are going to discuss authentication. How to configure authentication ISS supports two types of authentication: clear text and MDF authentication. So what we are going to do is we’ll see how to confer authentication between the two is neighbors.

So here I got some basic tasks Here we are going to configure authentication between three and four. We’ll use MD five with a clear text here and on between five and six. So you can take any two routers. So I’m just following along with the same topology that we used in our previous videos. So everything is already configured. The only thing I want to add here is that I want to ensure that routers three and four must be enabled with authentication using clear text, and routers five and six should use MD5 authentication between them. So, even though authentication is configured, they should be able to form a successful neighbour ship and exchange routes without being affected. Let us see how to configure authentication. The commands are very similar to your standard EHRP or rip authentication modes, and EHRP R IP also has similar commands. Okay, so now to configure authentication, the first thing we need to do is create a keychain just like we do in R IP, and then we have to define the key number and then the key string. So this configuration is similar to your EHRP R IP. In a HRP rip as well.

Also, we had to do the same thing: create a keychain, key number, and key string. And this key number and key string must be the same in both routers in order to have successful authentication. And after that, we need to implement it on the interface. So here we are connecting F zero by zero interface. So we need to go to the interface, and the first command we need to enable is ISS authentication mode. Okay? So if you’re using a clear text authenticationwe probably use mode as text option. As a result, if you want to use MD for authentication, we use mode as the MDFA option. So, as stated in the question, we will send a clear text to userouter three and router four. So we are using this text option here, and after that, we need to define the level. So routers three and four form the level one neighborhood. So I’m going to define them as level one and see if they are running level two. For example, if I’m going to classify the neighbourhood as one to two, I’ll define it as level two. So we need to tell level one or level two depending on the type of neighbourly relationship they are forming. Okay? And then next we need to enable this keychain on the interface, which we are doing with this command, “ISSauthentication keychain,” and then the name of the keychain. So the keychain’s name will be “CCIE,” and the password will be “Cisco 1, 2, 3.” So the configuration is similar to your rip or EHRP, with slight changes under the interface commands. Let us implement the same thing in our routers and verify them so that the authentication must be successful and they should be able to exchange routes. So I’m on router three now, and already router three and router four are forming a neighborship here. Routers three and four are already preconfered with level one, and they’re already forming a neighborship.

After successful authentication, they should also form the neighborship, and it should not affect the exchange of the route. So the first step is to create a keychain with any name, key number, and key string. I’m going to use a Cisco one for the realm of passwords. So it’s similar to your standard rip EHRP keychain. So after that, we need to enable this keychain under the interface that is connecting between routers three and four through the zero-by-zero interface, and the command starts with IPISS authentication. And there are two options here; we need to define the mode here. So I’m going to say the mode. So which mode do you want? If you want a clear text mode, you need to use the text command or text option. If you want MDF-encrypted authentication, you need to use MD five. So we are going to use clear text between three and four and five and six; we use MD 5, and then we need to define the level because the routers three and four are forming a level one neighborship. Okay, so I’m just using level one here, and after that again,

I’m going to use ISS authentication. This time I had to use the keychain option—here, the keychain and the name of the kitchen. We used CCIE. So again, if you want, you can just define the level here again, but it is not compulsory. It will work for both levels if you do not define by default. So define the level as not compulsory. As you can see, you can simply press enter here. So it’s up to you whether you want to leave it or define the level. So once I’ve done that, I’ll need to do the same thing on the router 4. You can see there is a message that authentication failed because we did not configure the other end, which is my router 4. Okay, so there’s a failed authentication here. So now I just use this command called “clearceilings neighbors” here just to clear my neighborship. After clearing the neighborship, you can see that routers 3 and 4 did not form the neighborship. I don’t see the neighbors, so they will only come up when I configure the router, four also. So I’m going to router four and doing the same thing (keychain any name you want; it’s not required that it’s the same on both routers). But one thing we need to keep in mind is that the key number and key string must be the same on both sides. When doing this, make sure to press Enter before entering any spaces. And then I’m going to the interface “zero by zero,” which is my interface, connecting between three and four ISS authentication modes. I’m going to use clear text mode, okay, for level one. And then I’m going to say ISS authentication.

And then we are going to define the keychain and the name of the keychain. We use CCIE for level one neighbourhoods. Done? Okay, so once we do this, I should see the auto, and three and four should form the neighbor. So now I can see that once I issue the command called “shoe ISS neighbors,” I can see that three and four are forming the neighborship without any problem. So whenever you confirm authentication, these are the things we need to keep in mind. Okay? So in a similar way, what I’ll do is try to do the same thing: configure authentication between five and six using MD five. So I’ll try to do that quickly. So, let’s go to the router and look for six.

Find six on the router again; I’m going to create a keychain name, any name you want. I’m using CCI ones, twos, and threes as my password and then enabling on the interface, which is connecting between five and six f zero by zero, and the command starts with ISS authentication, and then I need to define the mode. So this time I’m going to use the mode “MDFI,” and again it is a level one neighborhood. After that ISS authentication, I’m going to define the keychain as CCI. Now, similarly, I’ll go to router six so I can possibly use these commands because both sides are using the same thing. So I can simply copy and paste the same commands on the router six as well because I’m using the same keychain and interface, so there’s no big difference. So I can just type this. So once you do that, I should see the neighbouring ship come up without any problem, and the exchange of routes also happens normally.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!