2.1 IS-IS概述
和OSPF一样,IS-IS也是一种基于链路状态并使用最短路径优先算法进行路由计算的一种IGP协议
ISIS适合做骨干网:区域扁平、收敛极快、承载庞大
特点:
支持CLNP网络、IP网络
工作在数据链路层
IS-IS路由优先级为15, 支持宽度量(Wide Metric)和窄度量(Narrow Metric),接口的链路开销 10
2.2 IS-IS区域
区域(Area):IS-IS基于路由器划分区域,IS-IS允许将整个路由域分为多个区域
2.3 IS-IS 拓扑结构
IS-IS路由器的三种类型
Level-1路由器(只能创建level-1的LSDB)
Level-2路由器(只能创建level-2的LSDB)
Level-1-2路由器(路由器默认的类型,能同时创建level-1和level-2的LSDB )
在广播网络中,IS-IS需要在所有的路由器中选举一个路由器作为DIS
2.4 IS-IS配置任务
基本功能:
【isis process-id】命令创建IS-IS进程并进入IS-IS视图,IS-IS进程ID的范围为1-65535,而且只有本地含义1
IS-IS视图下执行【network-entity net】命令设置网络实体名称。在整个区域和骨干区域中,要求保持系统ID唯一。NET最多只能配3个,必须保证它们的系统ID都相同
IS-IS视图下执行【is-level { level-1 | level-1-2 | level-2 }】命令设置设备的Level级别。默认设备Level级别为level-1-2
IS-IS视图下执行【cost-style { narrow | wide | wide-compatible }】命令设置IS-IS设备接收和发送路由的开销类型。默认情况下开销类型为narrow
IS-IS视图下执行【is-name symbolic-name】使能识别LSP报文中主机名称的能力,同时为本地路由器上IS-IS系统配置动态主机名
基本功能(续):
接口视图下执行【isis circuit-level [ level-1 | level-1-2 | level-2 ]】命令设置接口的电路Level级别。
默认情况下,级别为Level-1-2的IS-IS路由器上的接口电路级别为Level-1-2
接口视图下执行【isis enable [ process-id ]】命令使能IS-IS接口。配置该命令后,IS-IS将通过该接
口建立邻居和扩散LSP报文
接口视图下执行【isis dis-priority priority [ level-1 | level-2 ]】命令指定选举对应级别DIS时IS-IS接
口的优先级,范围是0-127,默认值为64
接口视图下执行【isis timer hello hello-interval [ level-1 | level-2 ]】命令指定IS-IS接口发送Hello报
文的间隔时间。默认情况下,IS-IS接口发送Hello报文的间隔时间是10秒
接口视图下执行【isis timer holding-multiplier number [ level-1 | level-2 ]】命令配置Hello报文的
发送间隔时间的倍数,以达到修改IS-IS的邻居保持时间的目的
验证:
display isis brief命令用来查看IS-IS协议的概要信息
display isis lsdb命令用来查看IS-IS的链路状态数据库信息
display isis peer命令用来查看IS-IS的邻居信息
display isis route命令用来查看IS-IS路由信息
案例
配置MSTP
[S1]stp instance 1 priority 4096
[S1]stp instance 2 priority 8192
[S1]stp region-configuration
[S1-mst-region]region-name HQ
[S1-mst-region]instance 1 vlan 12 to 13
[S1-mst-region]instance 2 vlan 14 to 15
[S1-mst-region]active region-configuration
[S1-mst-region]quit
[S2]stp instance 1 priority 8192
[S2]stp instance 2 priority 4096
[S2]stp region-configuration
[S2-mst-region]region-name HQ
[S2-mst-region]instance 1 vlan 12 to 13
[S2-mst-region]instance 2 vlan 14 to 15
[S2-mst-region]active region-configuration
[S2-mst-region]quit [S3]stp region-configuration
[S3-mst-region]region-name HQ
[S3-mst-region]instance 1 vlan 12 to 13
[S3-mst-region]instance 2 vlan 14 to 15
[S3-mst-region]active region-configuration 配置,包括配置路由器接口的IP地址、三层交换机创建
VLANIF并配置IP地址以及配置计算机和服务器的IP地址、子网掩码和网关
[S1]interface Vlanif2
[S1-Vlanif2]ip address 10.2.2.2 255.255.255.252
[S1-Vlanif2]quit
[S1]interface Vlanif12
[S1-Vlanif12]ip address 10.1.12.252 255.255.255.0
[S1-Vlanif12]quit
[S1]interface Vlanif13
[S1-Vlanif13]ip address 10.1.13.252 255.255.255.0
[S1-Vlanif13]quit
[S1]interface Vlanif14
[S1-Vlanif14]ip address 10.1.14.252 255.255.255.0
[S1-Vlanif14]quit
[S1]interface Vlanif15
[S1-Vlanif15]ip address 10.1.15.252 255.255.255.0
[S1-Vlanif15]quit [S2]interface Vlanif3
[S2-Vlanif3]ip address 10.2.3.2 255.255.255.252
[S2-Vlanif3]quit
[S2]interface Vlanif12
[S2-Vlanif12]ip address 10.1.12.253 255.255.255.0
[S2-Vlanif12]quit
[S2]interface Vlanif13
[S2-Vlanif13]ip address 10.1.13.253 255.255.255.0
[S2-Vlanif13]quit
[S2]interface Vlanif14
[S2-Vlanif14]ip address 10.1.14.253 255.255.255.0
[S2-Vlanif14]quit
[S2]interface Vlanif15
[S2-Vlanif15]ip address 10.1.15.253 255.255.255.0
[S2-Vlanif15]quit [S5]interface Vlanif22
[S5-Vlanif2]ip address 172.16.8.254 255.255.255.0
[S5-Vlanif2]quit
[S5]interface Vlanif33
[S5-Vlanif3]ip address 172.16.9.254 255.255.255.0
[S5-Vlanif3]quit
[S5]interface Vlanif44
[S5-Vlanif4]ip address 172.16.10.254 255.255.255.0
[S5-Vlanif4]quit
[S5]interface Vlanif55
[S5-Vlanif5]ip address 172.16.11.254 255.255.255.0
[S5-Vlanif5]quit
[S5]interface Vlanif66
[S5-Vlanif6]ip address 172.16.6.1 255.255.255.252
[S5-Vlanif6]quit [S6]interface Vlanif222
[S6-Vlanif2]ip address 192.168.2.254 255.255.255.0
[S6-Vlanif2]quit
[S6]interface Vlanif333
[S6-Vlanif3]ip address 192.168.3.254 255.255.255.0
[S6-Vlanif3]quit
[S6]interface Vlanif666
[S6-Vlanif6]ip address 192.168.6.2 255.255.255.252
[S6-Vlanif6]quit VRRP技术
[S1]interface vlanif12
[S1-Vlanif12]vrrp vrid 12 virtual-ip 10.1.12.254
[S1-Vlanif12]vrrp vrid 12 priority 120
[S1-Vlanif12]quit
[S1]interface Vlanif13
[S1-Vlanif13]vrrp vrid 13 virtual-ip 10.1.13.254
[S1-Vlanif13]vrrp vrid 13 priority 120
[S1-Vlanif13]quit
[S1]interface Vlanif14
[S1-Vlanif14]vrrp vrid 14 virtual-ip 10.1.14.254
[S1-Vlanif14]quit
[S1]interface Vlanif15
[S1-Vlanif15]vrrp vrid 15 virtual-ip 10.1.15.254
[S1-Vlanif15]quit [S2]interface Vlanif12
[S2-Vlanif12]vrrp vrid 12 virtual-ip 10.1.12.254
[S2-Vlanif12]quit
[S2]interface Vlanif13
[S2-Vlanif13]vrrp vrid 13 virtual-ip 10.1.13.254
[S2-Vlanif13]quit
[S2]interface Vlanif14
[S2-Vlanif14]vrrp vrid 14 virtual-ip 10.1.14.254
[S2-Vlanif14]vrrp vrid 14 priority 120
[S2-Vlanif14]quit
[S2]interface Vlanif15
[S2-Vlanif15]vrrp vrid 15 virtual-ip 10.1.15.254
[S2-Vlanif15]vrrp vrid 15 priority 120
[S2-Vlanif15]quit路由器SZ 配置NAT
使得总部和分公司的主机可以通过路由器SZ访问Internet
[SZ]acl number 2000
[SZ-acl-basic-2000]rule 10 permit source 192.168.2.0 0.0.1.255
[SZ-acl-basic-2000]rule 20 permit source 172.16.8.0 0.0.3.255
[SZ-acl-basic-2000]rule 30 permit source 10.1.12.0 0.0.3.255
[SZ-acl-basic-2000]quit
[SZ]interface GigabitEthernet2/0/0
[SZ-GigabitEthernet2/0/0]nat outbound 2000
[SZ-GigabitEthernet2/0/0]quit 配置IS-IS基本功能
S1、S2、S5、S6的IS-IS路由器类型为Level-1
在深圳总部到分公司的两条链路上修改IS-IS电路类型为Level-2
SZ:
[SZ]isis 1
[SZ-isis-1]cost-style wide
[SZ-isis-1]network-entity 49.0001.1111.1111.1111.00
[SZ-isis-1]is-name SZ [SZ]interface GigabitEthernet0/0/0
[SZ-GigabitEthernet0/0/0]isis enable 1
[SZ-GigabitEthernet0/0/0]isis circuit-level level-2
[SZ]interface GigabitEthernet0/0/1
[SZ-GigabitEthernet0/0/1]isis enable 1
[SZ-GigabitEthernet0/0/1]isis circuit-level level-2
[SZ]interface GigabitEthernet0/0/2
[SZ-GigabitEthernet0/0/2]isis enable 1
[SZ-GigabitEthernet0/0/2]isis circuit-level level-1
[SZ]interface GigabitEthernet1/0/0
[SZ-GigabitEthernet1/0/0]isis enable 1
[SZ-GigabitEthernet1/0/0]isis circuit-level level-1GZ:
[GZ]isis 1
[GZ-isis-1]cost-style wide
[GZ-isis-1]network-entity 49.0002.2222.2222.2222.00
[GZ-isis-1]is-name GZ
[GZ]interface GigabitEthernet0/0/0
[GZ-GigabitEthernet0/0/0]isis enable 1
[GZ-GigabitEthernet0/0/0]isis circuit-level level-2
[GZ]interface GigabitEthernet0/0/1
[GZ-GigabitEthernet0/0/1]isis enable 1
[GZ-GigabitEthernet0/0/1]isis circuit-level level-1BJ:
[BJ]isis 1
[BJ-isis-1]cost-style wide
[BJ-isis-1]network-entity 49.0003.3333.3333.3333.00
[BJ-isis-1]is-name BJ
[BJ]interface GigabitEthernet0/0/0
[BJ-GigabitEthernet0/0/0]isis enable 1
[BJ-GigabitEthernet0/0/0]isis circuit-level level-1
[BJ]interface GigabitEthernet0/0/1
[BJ-GigabitEthernet0/0/1]isis enable 1
[BJ-GigabitEthernet0/0/1]isis circuit-level level-2 S1 :
[S1]isis 1
[S1-isis-1]is-level level-1
[S1-isis-1]cost-style wide
[S1-isis-1]network-entity 49.0001.4444.4444.4444.00
[S1-isis-1]is-name S1
[S1]interface Vlanif2
[S1-Vlanif2]isis enable 1
[S1-Vlanif2]quit
[S1]interface Vlanif12
[S1-Vlanif12]isis enable 1
[S1]interface Vlanif13
[S1-Vlanif13]isis enable 1
[S1-Vlanif13]quit
[S1]interface Vlanif14
[S1-Vlanif14]isis enable 1
[S1-Vlanif14]quit
[S1]interface Vlanif15
[S1-Vlanif15]isis enable 1
[S1-Vlanif15]quitS2:
[S2]isis 1
[S2-isis-1]is-level level-1
[S2-isis-1]cost-style wide
[S2-isis-1]network-entity 49.0001.5555.5555.5555.00
[S2-isis-1]is-name S2
[S2]interface Vlanif3
[S2-Vlanif3]isis enable 1
[S2-Vlanif3]quit
[S2]interface Vlanif12
[S2-Vlanif12]isis enable 1
[S2-Vlanif12]quit
[S2]interface Vlanif13
[S2-Vlanif13]isis enable 1
[S2-Vlanif13]quit
[S2]interface Vlanif14
[S2-Vlanif14]isis enable 1
[S2-Vlanif14]quit
[S2]interface Vlanif15
[S2-Vlanif15]isis enable 1
[S2-Vlanif15]quitS5:
[S5]isis 1
[S5-isis-1]is-level level-1
[S5-isis-1]cost-style wide
[S5-isis-1]network-entity 49.0002.6666.6666.6666.00
[S5-isis-1]is-name S5
[S5-isis-1]quit
[S5]interface Vlanif22
[S5-Vlanif2]isis enable 1
[S5-Vlanif2]isis silent
[S5-Vlanif2]quit
[S5]interface Vlanif33
[S5-Vlanif3]isis enable 1
[S5-Vlanif3]isis silent
[S5-Vlanif3]quit
[S5]interface Vlanif44
[S5-Vlanif4]isis enable 1
[S5-Vlanif4]isis silent
[S5-Vlanif4]quit
[S5]interface Vlanif55
[S5-Vlanif5]isis enable 1
[S5-Vlanif5]isis silent
[S5-Vlanif5]quit
[S5]interface Vlanif66
[S5-Vlanif6]isis enable 1
[S5-Vlanif6]quit S6 :
[S6]isis 1
[S6-isis-1]is-level level-1
[S6-isis-1]cost-style wide
[S6-isis-1]network-entity 49.0003.7777.7777.7777.00
[S6-isis-1]is-name S6
[S6-isis-1]quit
[S6]interface Vlanif222
[S6-Vlanif2]isis enable 1
[S6-Vlanif2]isis silent
[S6-Vlanif2]quit
[S6]interface Vlanif333
[S6-Vlanif3]isis enable 1
[S6-Vlanif3]isis silent
[S6-Vlanif3]quit
[S6]interface Vlanif666
[S6-Vlanif6]isis enable 1
[S6-Vlanif6]quit IS-IS验证 :
SZ:
[SZ]interface GigabitEthernet0/0/0
[SZ-GigabitEthernet0/0/0]isis authentication-mode md5 cipher 123456
[SZ]interface GigabitEthernet0/0/1
[SZ-GigabitEthernet0/0/1]isis authentication-mode md5 cipher 123456GZ:
[GZ]interface GigabitEthernet0/0/0
[GZ-GigabitEthernet0/0/0]isis authentication-mode md5 cipher 123456 BJ:
[BJ]interface GigabitEthernet0/0/1
[BJ-GigabitEthernet0/0/1]isis authentication-mode md5 cipher 123456IS-IS区域49.0001配置区域MD5验证
SZ:
[SZ]isis 1
[SZ-isis-1]area-authentication-mode md5 cipher 123456 S1:
[S1]isis 1
[S1-isis-1]area-authentication-mode md5 cipher 123456 S2:
[S2]isis 1
[S2-isis-1]area-authentication-mode md5 cipher 123456配置IS-IS路由聚合
SZ:
[SZ]isis 1
[SZ-isis-1]summary10.1.12.0 255.255.252.0 avoid-feedback generate_null0_routeGZ:
[GZ]isis 1
[GZ-isis-1]summary 172.16.8.0 255.255.252.0 avoid-feedback generate_null0_route BJ:
[BJ]isis 1
[BJ-isis-1]summary 192.168.2.0 255.255.254.0 avoid-feedback generate_null0_route 配置IS-IS默认路由注入
[SZ]ip route-static 0.0.0.0 0.0.0.0 218.18.12.2
[SZ]isis 1
[SZ-isis-1]default-route-advertise always cost 20 tag 1111 控制路由器SZ成为连接三层交换机S1和S2的相应网段的DIS。交换机S1和S2为Level-1路由器
[SZ]interface GigabitEthernet0/0/2
[SZ-GigabitEthernet0/0/2]isis dis-priority 96 level-1
[SZ]interface GigabitEthernet1/0/0
[SZ-GigabitEthernet1/0/0]isis dis-priority 96 level-1