Configuring optional IS-IS interface parameters

Use the following procedure to configure optional IS-IS interface parameters.

Important

Important

Save your configuration using save config for the updates to be available after reboot. Saving the configuration also ensures that any authentication keys (passwords) specified during the configuration are properly encrypted.

Procedure

  1. Enter Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]} or interface mlt <1-512>

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure optional IS-IS interface parameters:
    1. Specify the authentication type used for IS-IS hello packets on the interface:

      isis hello-auth type {none|simple|hmac-md5|hmac-sha-256}

    2. If you select simple as the hello-auth type, you must also specify a key value but the key-id is optional:

      isis hello-auth type simple key WORD<1–16> [key-id <1–255>]

    3. If you select hmac-md5 or hmac-sha-256, you must also specify a key value. The key-id is optional:

      isis hello-auth type hmac-md5 key WORD<1–16> [key-id <1–255>]]

      isis hello-auth type hmac-sha-256 key WORD<1–16> [key-id <1–255>]]

    4. Configure the level 1 IS-IS designated router priority:

      isis [l1-dr-priority <0–127>]

      Note

      Note

      This parameter is not used for SPBM because SPBM only runs on point-to-point interfaces. This parameter is for designated router election on a broadcast LAN segment, which is not supported.

    5. Configure the level 1 hello interval:

      isis [l1-hello-interval <1–600>]

    6. Configure the level 1 hello multiplier:

      isis [l1-hello-multiplier <1–600>]

Example

Switch:1> enable

Switch:1# configure terminal

Switch(config):1# interface gigabitethernet 1/1

Switch(config-if):1# isis

Switch(config-if):1# isis hello-auth type hmac-md5 key test

Switch(config-if):1# isis l1–dr-priority 100

Switch(config-if):1# isis l1–hello-interval 20

Switch(config-if):1# isis l1–hello-multiplier 10

Switch(config):1# save config

Variable definitions

The following table defines parameters for the isis command.

Variable

Value

hello-auth type {none|simple|hmac-md5|hmac-sha-256}][key [key WORD<1–16> ] [key-id <1–255> ]

Specifies the authentication type used for IS-IS hello packets on the interface. type can be one of the following:

  • none

  • simple: If selected, you must also specify a key value but the key id is optional. Simple password authentication uses a text password in the transmitted packet. The receiving router uses an authentication key (password) to verify the packet.

  • hmac-md5: If selected, you must also specify a key value but the key-id is optional. MD5 authentication creates an encoded checksum in the transmitted packet. The receiving router uses an authentication key (password) to verify the MD5 checksum of the packet. There is an optional key ID.

  • hmac-sha–256: If selected, you must also specify a key value but the key-id is optional. With SHA-256 authentication, the switch adds an hmac-sha–256 digest to each Hello packet. The switch that receives the Hello packet computes the digest of the packet and compares it with the received digest. If the digests match, the packet is accepted. If the digests do not match, the receiving switch discards the packet. There is an optional key ID.

    Note:

    Secure Hashing Algorithm 256 bits (SHA-256) is a cipher and a cryptographic hash function of SHA2 authentication. You can use SHA-256 to authenticate IS-IS Hello messages. This authentication method uses the SHA-256 hash function and a secret key to establish a secure connection between switches that share the same key.

    This feature is in full compliance with RFC 5310.

The default is none. Use the no or default options to set the hello-auth type to none.

l1-dr-priority <0–127>

Configures the level 1 IS-IS designated router priority to the specified value. The default value is 64.

Use the no or default options to set this parameter to the default value of 64.

Note:

This parameter is not used for SPBM because SPBM only runs on point-to-point interfaces. This parameter is for designated router election on a broadcast LAN segment, which is not supported.

l1-hello-interval <1–600>

Configures the level 1 hello interval. The default value is 9 seconds.

Use the no or default options to set this parameter to the default value of 9 seconds.

l1-hello-multiplier <1–600>

Configures the level 1 hello multiplier. The default value is 3 seconds.

Use the no or default options to set this parameter to the default value of 3 seconds.