Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

router isis

You can enable and configure IS‑IS on your FortiGate if this routing protocol is in use on your network. IS-IS is described in RFC 1142.

note icon

For each routing protocol, you can also use a redistribute command to redistribute IS-IS routes with the other protocol.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set default-originate6 {enable | disable}

set adjacency-check6 {enable | disable}

set redistribute6-l1 {enable | disable}

set redistribute6-l2 {enable | disable}

set redistribute6-l1-list <integer>

set redistribute6-l2-list <integer>

New IPv6 IS-IS related global settings.

set adv-passive-only {enable | disable}

set adv-passive-only6 {enable | disable}

Enable or disable (by default) IS-IS advertisement of IPv4 and/or IPv6 passive interfaces only.

config redistribute6 <protocol>

edit <protocol-name>

set status {enable | disable}

set metric <integer>

set metric-type {external | internal}

set level {level-1-2 | level-1 | level-2}

set routemap <name>

next

...

New IPv6 redistribute option.

config summary-address6

edit <name>

set prefix6 <ipv6-prefix>

set level {level-1-2 | level-1 | level-2}

next

...

New IPv6 IS-IS summary address option.

config isis-interface

edit <name>

set status6 {enable | disable}

next

...

Enable or disable (by default) IPv6 for the IS-IS interface.

config isis-interface

edit <name>

set network-type {loopback | ...}

next

...

New loopback network type for the IS-IS interface.

config router isis
    set is-type {level-1-2 | level-1 | level-2-only}   IS type.
            level-1-2     Level 1 and 2.
            level-1       Level 1 only.
            level-2-only  Level 2 only.
    set adv-passive-only {enable | disable}   Enable/disable IS-IS advertisement of passive interfaces only.
    set adv-passive-only6 {enable | disable}   Enable/disable IPv6 IS-IS advertisement of passive interfaces only.
    set auth-mode-l1 {password | md5}   Level 1 authentication mode.
            password  Password.
            md5       MD5.
    set auth-mode-l2 {password | md5}   Level 2 authentication mode.
            password  Password.
            md5       MD5.
    set auth-password-l1 {password_string}   Authentication password for level 1 PDUs. size[128]
    set auth-password-l2 {password_string}   Authentication password for level 2 PDUs. size[128]
    set auth-keychain-l1 {string}   Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name
    set auth-keychain-l2 {string}   Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name
    set auth-sendonly-l1 {enable | disable}   Enable/disable level 1 authentication send-only.
    set auth-sendonly-l2 {enable | disable}   Enable/disable level 2 authentication send-only.
    set ignore-lsp-errors {enable | disable}   Enable/disable ignoring of LSP errors with bad checksums.
    set lsp-gen-interval-l1 {integer}   Minimum interval for level 1 LSP regenerating. range[1-120]
    set lsp-gen-interval-l2 {integer}   Minimum interval for level 2 LSP regenerating. range[1-120]
    set lsp-refresh-interval {integer}   LSP refresh time in seconds. range[1-65535]
    set max-lsp-lifetime {integer}   Maximum LSP lifetime in seconds. range[350-65535]
    set spf-interval-exp-l1 {string}   Level 1 SPF calculation delay.
    set spf-interval-exp-l2 {string}   Level 2 SPF calculation delay.
    set dynamic-hostname {enable | disable}   Enable/disable dynamic hostname.
    set adjacency-check {enable | disable}   Enable/disable adjacency check.
    set adjacency-check6 {enable | disable}   Enable/disable IPv6 adjacency check.
    set overload-bit {enable | disable}   Enable/disable signal other routers not to use us in SPF.
    set overload-bit-suppress {external | interlevel}   Suppress overload-bit for the specific prefixes.
            external    External.
            interlevel  Inter-level.
    set overload-bit-on-startup {integer}   Overload-bit only temporarily after reboot. range[5-86400]
    set default-originate {enable | disable}   Enable/disable distribution of default route information.
    set default-originate6 {enable | disable}   Enable/disable distribution of default IPv6 route information.
    set metric-style {option}   Use old-style (ISO 10589) or new-style packet formats
            narrow                Use old style of TLVs with narrow metric.
            wide                  Use new style of TLVs to carry wider metric.
            transition            Send and accept both styles of TLVs during transition.
            narrow-transition     Narrow and accept both styles of TLVs during transition.
            narrow-transition-l1  Narrow-transition level-1 only.
            narrow-transition-l2  Narrow-transition level-2 only.
            wide-l1               Wide level-1 only.
            wide-l2               Wide level-2 only.
            wide-transition       Wide and accept both styles of TLVs during transition.
            wide-transition-l1    Wide-transition level-1 only.
            wide-transition-l2    Wide-transition level-2 only.
            transition-l1         Transition level-1 only.
            transition-l2         Transition level-2 only.
    set redistribute-l1 {enable | disable}   Enable/disable redistribution of level 1 routes into level 2.
    set redistribute-l1-list {string}   Access-list for route redistribution from l1 to l2. size[35] - datasource(s): router.access-list.name
    set redistribute-l2 {enable | disable}   Enable/disable redistribution of level 2 routes into level 1.
    set redistribute-l2-list {string}   Access-list for route redistribution from l2 to l1. size[35] - datasource(s): router.access-list.name
    set redistribute6-l1 {enable | disable}   Enable/disable redistribution of level 1 IPv6 routes into level 2.
    set redistribute6-l1-list {string}   Access-list for IPv6 route redistribution from l1 to l2. size[35] - datasource(s): router.access-list6.name
    set redistribute6-l2 {enable | disable}   Enable/disable redistribution of level 2 IPv6 routes into level 1.
    set redistribute6-l2-list {string}   Access-list for IPv6 route redistribution from l2 to l1. size[35] - datasource(s): router.access-list6.name
    config isis-net
        edit {id}
        # IS-IS net configuration.
            set id {integer}   isis-net ID. range[0-4294967295]
            set net {string}   IS-IS net xx.xxxx. ... .xxxx.xx.
        next
    config isis-interface
        edit {name}
        # IS-IS interface configuration.
            set name {string}   IS-IS interface name. size[15] - datasource(s): system.interface.name
            set status {enable | disable}   Enable/disable interface for IS-IS.
            set status6 {enable | disable}   Enable/disable IPv6 interface for IS-IS.
            set network-type {broadcast | point-to-point | loopback}   IS-IS interface's network type
                    broadcast       Broadcast.
                    point-to-point  Point-to-point.
                    loopback        Loopback.
            set circuit-type {level-1-2 | level-1 | level-2}   IS-IS interface's circuit type
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set csnp-interval-l1 {integer}   Level 1 CSNP interval. range[1-65535]
            set csnp-interval-l2 {integer}   Level 2 CSNP interval. range[1-65535]
            set hello-interval-l1 {integer}   Level 1 hello interval. range[0-65535]
            set hello-interval-l2 {integer}   Level 2 hello interval. range[0-65535]
            set hello-multiplier-l1 {integer}   Level 1 multiplier for Hello holding time. range[2-100]
            set hello-multiplier-l2 {integer}   Level 2 multiplier for Hello holding time. range[2-100]
            set hello-padding {enable | disable}   Enable/disable padding to IS-IS hello packets.
            set lsp-interval {integer}   LSP transmission interval (milliseconds). range[1-4294967295]
            set lsp-retransmit-interval {integer}   LSP retransmission interval (sec). range[1-65535]
            set metric-l1 {integer}   Level 1 metric for interface. range[1-63]
            set metric-l2 {integer}   Level 2 metric for interface. range[1-63]
            set wide-metric-l1 {integer}   Level 1 wide metric for interface. range[1-16777214]
            set wide-metric-l2 {integer}   Level 2 wide metric for interface. range[1-16777214]
            set auth-password-l1 {password_string}   Authentication password for level 1 PDUs. size[128]
            set auth-password-l2 {password_string}   Authentication password for level 2 PDUs. size[128]
            set auth-keychain-l1 {string}   Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name
            set auth-keychain-l2 {string}   Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name
            set auth-send-only-l1 {enable | disable}   Enable/disable authentication send-only for level 1 PDUs.
            set auth-send-only-l2 {enable | disable}   Enable/disable authentication send-only for level 2 PDUs.
            set auth-mode-l1 {md5 | password}   Level 1 authentication mode.
                    md5       MD5.
                    password  Password.
            set auth-mode-l2 {md5 | password}   Level 2 authentication mode.
                    md5       MD5.
                    password  Password.
            set priority-l1 {integer}   Level 1 priority. range[0-127]
            set priority-l2 {integer}   Level 2 priority. range[0-127]
            set mesh-group {enable | disable}   Enable/disable IS-IS mesh group.
            set mesh-group-id {integer}   Mesh group ID <0-4294967295>, 0: mesh-group blocked. range[0-4294967295]
        next
    config summary-address
        edit {id}
        # IS-IS summary addresses.
            set id {integer}   Summary address entry ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Prefix.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
        next
    config summary-address6
        edit {id}
        # IS-IS IPv6 summary address.
            set id {integer}   Prefix entry ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   IPv6 prefix.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
        next
    config redistribute
        edit {protocol}
        # IS-IS redistribute protocols.
            set protocol {string}   Protocol name. size[35]
            set status {enable | disable}   Status.
            set metric {integer}   Metric. range[0-4261412864]
            set metric-type {external | internal}   Metric type.
                    external  External.
                    internal  Internal.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config redistribute6
        edit {protocol}
        # IS-IS IPv6 redistribution for routing protocols.
            set protocol {string}   Protocol name. size[35]
            set status {enable | disable}   Enable/disable redistribution.
            set metric {integer}   Metric. range[0-4261412864]
            set metric-type {external | internal}   Metric type.
                    external  External metric type.
                    internal  Internal metric type.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
end

Additional information

The following section is for those options that require additional explanation.

auth-keychain-l1 {string}

Note: This field is available when auth-mode-l1 is set to md5.

Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-keychain-l2 {string}

Note: This field is available when auth-mode-l2 is set to md5.

Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-password-l1 {string}

Note: This field is available when auth-mode-l1 is set to password.

Authentication password for level 1 PDUs.

auth-password-l2 {string}

Note: This field is available when auth-mode-l2 is set to password.

Authentication password for level 2 PDUs.

is-type {level‑1 | level‑1-2 | level‑2‑only}

Set the ISIS level to use, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area (default)
  • level-2-only: inter-area

metric-style {narrow | narrow-transition | narrow-transition-l1 | narrow-transition-l2 | transition | transition-l1 | transition-l2 | wide | wide-l1 | wide-l2 | wide-transition | wide-transition-l1 | wide-transition-l2}

Use old-style (ISO 10589) or new-style packet formats.

  • narrow: Use old style of TLVs with narrow metric (default)
  • narrow-transition: narrow, and accept both styles of TLVs during transition
  • narrow-transition-l1: narrow-transition level-1 only
  • narrow-transition-l2: narrow-transition level-2 only
  • transition: Send and accept both styles of TLVs during transition
  • transition-l1: transition level-1 only
  • transition-l2: transition level-2 only
  • wide: Use new style of TLVs to carry wider metric
  • wide-l1: wide level-1 only
  • wide-l2: wide level-2 only
  • wide-transition: wide, and accept both styles of TLVs during transition
  • wide-transition-l1: wide-transition level-1 only
  • wide-transition-l2: wide-transition level-2 only

overload-bit-on-startup <seconds>

Set overload-bit only temporarily after reboot (5 - 86 400 seconds).

To disable, use the command unset overload-bit-on-startup ; the command set overload-bit-on-startup 0 is invalid.

overload-bit-suppress {external | interlevel}

Suppress overload-bit for the specific prefixes.

To disable, use the command unset overload-bit-suppress.

redistribute-l1 {enable | disable}

Redistribute level 1 routes into level 2. If enabled, configure redistribute-l1-list.

redistribute-l1-list <access-list>

Note: This field is available when redistribute-l1 is enabled.

Access-list for redistribute l1 to l2. You must create the access-list before it can be selected here, see router {access-list | access-list6}.

redistribute-l2 {enable | disable}

Redistribute level 2 routes into level 1. If enabled, configure redistribute-l2-list.

redistribute-l2-list <access-list>

Note: This field is available when redistribute-l2 is enabled.

Access-list for redistribute l2 to l1. You must create the access-list before it can be selected here, see router {access-list | access-list6}.

config isis-interface

Use this subcommand to configure FortiGate interfaces for IS-IS.

auth-keychain-l1 {string}

Note: This field is available when auth-mode-l1 is set to md5.

Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-keychain-l2 {string}

Note: This field is available when auth-mode-l2 is set to md5.

Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-password-l1 {string}

Note: This field is available when auth-mode-l1 is set to password.

Authentication password for level 1 PDUs.

auth-password-l2 {string}

Note: This field is available when auth-mode-l2 is set to password.

Authentication password for level 2 PDUs.

circuit-type {level‑1 | level‑1-2 | level‑2‑only}

Set the ISIS circuit type to use for the interface, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area (default)
  • level-2-only: inter-area

config {redistribute | redistribute6} {bgp | connected | ospf | rip | static}

Use these subcommands to redistribute IPv4 and/or IPv6 routes from other routing protocols using IS-IS.

level {level‑1 | level-1-2 | level‑2}

Set the ISIS level type to use for distributing routes, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area
  • level-2: inter-area (default)

routemap {string}

Enter a route map name. You must create the route map before it can be selected here, see router route-map.

config {summary-address | summary-address6}

Use these subcommands to add IPv4 and/or IPv6 IS-IS summary addresses.

level {level‑1 | level-1-2 | level‑2}

Set the ISIS level to use for the summary database, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area
  • level-2: inter-area (default)

router isis

You can enable and configure IS‑IS on your FortiGate if this routing protocol is in use on your network. IS-IS is described in RFC 1142.

note icon

For each routing protocol, you can also use a redistribute command to redistribute IS-IS routes with the other protocol.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set default-originate6 {enable | disable}

set adjacency-check6 {enable | disable}

set redistribute6-l1 {enable | disable}

set redistribute6-l2 {enable | disable}

set redistribute6-l1-list <integer>

set redistribute6-l2-list <integer>

New IPv6 IS-IS related global settings.

set adv-passive-only {enable | disable}

set adv-passive-only6 {enable | disable}

Enable or disable (by default) IS-IS advertisement of IPv4 and/or IPv6 passive interfaces only.

config redistribute6 <protocol>

edit <protocol-name>

set status {enable | disable}

set metric <integer>

set metric-type {external | internal}

set level {level-1-2 | level-1 | level-2}

set routemap <name>

next

...

New IPv6 redistribute option.

config summary-address6

edit <name>

set prefix6 <ipv6-prefix>

set level {level-1-2 | level-1 | level-2}

next

...

New IPv6 IS-IS summary address option.

config isis-interface

edit <name>

set status6 {enable | disable}

next

...

Enable or disable (by default) IPv6 for the IS-IS interface.

config isis-interface

edit <name>

set network-type {loopback | ...}

next

...

New loopback network type for the IS-IS interface.

config router isis
    set is-type {level-1-2 | level-1 | level-2-only}   IS type.
            level-1-2     Level 1 and 2.
            level-1       Level 1 only.
            level-2-only  Level 2 only.
    set adv-passive-only {enable | disable}   Enable/disable IS-IS advertisement of passive interfaces only.
    set adv-passive-only6 {enable | disable}   Enable/disable IPv6 IS-IS advertisement of passive interfaces only.
    set auth-mode-l1 {password | md5}   Level 1 authentication mode.
            password  Password.
            md5       MD5.
    set auth-mode-l2 {password | md5}   Level 2 authentication mode.
            password  Password.
            md5       MD5.
    set auth-password-l1 {password_string}   Authentication password for level 1 PDUs. size[128]
    set auth-password-l2 {password_string}   Authentication password for level 2 PDUs. size[128]
    set auth-keychain-l1 {string}   Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name
    set auth-keychain-l2 {string}   Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name
    set auth-sendonly-l1 {enable | disable}   Enable/disable level 1 authentication send-only.
    set auth-sendonly-l2 {enable | disable}   Enable/disable level 2 authentication send-only.
    set ignore-lsp-errors {enable | disable}   Enable/disable ignoring of LSP errors with bad checksums.
    set lsp-gen-interval-l1 {integer}   Minimum interval for level 1 LSP regenerating. range[1-120]
    set lsp-gen-interval-l2 {integer}   Minimum interval for level 2 LSP regenerating. range[1-120]
    set lsp-refresh-interval {integer}   LSP refresh time in seconds. range[1-65535]
    set max-lsp-lifetime {integer}   Maximum LSP lifetime in seconds. range[350-65535]
    set spf-interval-exp-l1 {string}   Level 1 SPF calculation delay.
    set spf-interval-exp-l2 {string}   Level 2 SPF calculation delay.
    set dynamic-hostname {enable | disable}   Enable/disable dynamic hostname.
    set adjacency-check {enable | disable}   Enable/disable adjacency check.
    set adjacency-check6 {enable | disable}   Enable/disable IPv6 adjacency check.
    set overload-bit {enable | disable}   Enable/disable signal other routers not to use us in SPF.
    set overload-bit-suppress {external | interlevel}   Suppress overload-bit for the specific prefixes.
            external    External.
            interlevel  Inter-level.
    set overload-bit-on-startup {integer}   Overload-bit only temporarily after reboot. range[5-86400]
    set default-originate {enable | disable}   Enable/disable distribution of default route information.
    set default-originate6 {enable | disable}   Enable/disable distribution of default IPv6 route information.
    set metric-style {option}   Use old-style (ISO 10589) or new-style packet formats
            narrow                Use old style of TLVs with narrow metric.
            wide                  Use new style of TLVs to carry wider metric.
            transition            Send and accept both styles of TLVs during transition.
            narrow-transition     Narrow and accept both styles of TLVs during transition.
            narrow-transition-l1  Narrow-transition level-1 only.
            narrow-transition-l2  Narrow-transition level-2 only.
            wide-l1               Wide level-1 only.
            wide-l2               Wide level-2 only.
            wide-transition       Wide and accept both styles of TLVs during transition.
            wide-transition-l1    Wide-transition level-1 only.
            wide-transition-l2    Wide-transition level-2 only.
            transition-l1         Transition level-1 only.
            transition-l2         Transition level-2 only.
    set redistribute-l1 {enable | disable}   Enable/disable redistribution of level 1 routes into level 2.
    set redistribute-l1-list {string}   Access-list for route redistribution from l1 to l2. size[35] - datasource(s): router.access-list.name
    set redistribute-l2 {enable | disable}   Enable/disable redistribution of level 2 routes into level 1.
    set redistribute-l2-list {string}   Access-list for route redistribution from l2 to l1. size[35] - datasource(s): router.access-list.name
    set redistribute6-l1 {enable | disable}   Enable/disable redistribution of level 1 IPv6 routes into level 2.
    set redistribute6-l1-list {string}   Access-list for IPv6 route redistribution from l1 to l2. size[35] - datasource(s): router.access-list6.name
    set redistribute6-l2 {enable | disable}   Enable/disable redistribution of level 2 IPv6 routes into level 1.
    set redistribute6-l2-list {string}   Access-list for IPv6 route redistribution from l2 to l1. size[35] - datasource(s): router.access-list6.name
    config isis-net
        edit {id}
        # IS-IS net configuration.
            set id {integer}   isis-net ID. range[0-4294967295]
            set net {string}   IS-IS net xx.xxxx. ... .xxxx.xx.
        next
    config isis-interface
        edit {name}
        # IS-IS interface configuration.
            set name {string}   IS-IS interface name. size[15] - datasource(s): system.interface.name
            set status {enable | disable}   Enable/disable interface for IS-IS.
            set status6 {enable | disable}   Enable/disable IPv6 interface for IS-IS.
            set network-type {broadcast | point-to-point | loopback}   IS-IS interface's network type
                    broadcast       Broadcast.
                    point-to-point  Point-to-point.
                    loopback        Loopback.
            set circuit-type {level-1-2 | level-1 | level-2}   IS-IS interface's circuit type
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set csnp-interval-l1 {integer}   Level 1 CSNP interval. range[1-65535]
            set csnp-interval-l2 {integer}   Level 2 CSNP interval. range[1-65535]
            set hello-interval-l1 {integer}   Level 1 hello interval. range[0-65535]
            set hello-interval-l2 {integer}   Level 2 hello interval. range[0-65535]
            set hello-multiplier-l1 {integer}   Level 1 multiplier for Hello holding time. range[2-100]
            set hello-multiplier-l2 {integer}   Level 2 multiplier for Hello holding time. range[2-100]
            set hello-padding {enable | disable}   Enable/disable padding to IS-IS hello packets.
            set lsp-interval {integer}   LSP transmission interval (milliseconds). range[1-4294967295]
            set lsp-retransmit-interval {integer}   LSP retransmission interval (sec). range[1-65535]
            set metric-l1 {integer}   Level 1 metric for interface. range[1-63]
            set metric-l2 {integer}   Level 2 metric for interface. range[1-63]
            set wide-metric-l1 {integer}   Level 1 wide metric for interface. range[1-16777214]
            set wide-metric-l2 {integer}   Level 2 wide metric for interface. range[1-16777214]
            set auth-password-l1 {password_string}   Authentication password for level 1 PDUs. size[128]
            set auth-password-l2 {password_string}   Authentication password for level 2 PDUs. size[128]
            set auth-keychain-l1 {string}   Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name
            set auth-keychain-l2 {string}   Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name
            set auth-send-only-l1 {enable | disable}   Enable/disable authentication send-only for level 1 PDUs.
            set auth-send-only-l2 {enable | disable}   Enable/disable authentication send-only for level 2 PDUs.
            set auth-mode-l1 {md5 | password}   Level 1 authentication mode.
                    md5       MD5.
                    password  Password.
            set auth-mode-l2 {md5 | password}   Level 2 authentication mode.
                    md5       MD5.
                    password  Password.
            set priority-l1 {integer}   Level 1 priority. range[0-127]
            set priority-l2 {integer}   Level 2 priority. range[0-127]
            set mesh-group {enable | disable}   Enable/disable IS-IS mesh group.
            set mesh-group-id {integer}   Mesh group ID <0-4294967295>, 0: mesh-group blocked. range[0-4294967295]
        next
    config summary-address
        edit {id}
        # IS-IS summary addresses.
            set id {integer}   Summary address entry ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Prefix.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
        next
    config summary-address6
        edit {id}
        # IS-IS IPv6 summary address.
            set id {integer}   Prefix entry ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   IPv6 prefix.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
        next
    config redistribute
        edit {protocol}
        # IS-IS redistribute protocols.
            set protocol {string}   Protocol name. size[35]
            set status {enable | disable}   Status.
            set metric {integer}   Metric. range[0-4261412864]
            set metric-type {external | internal}   Metric type.
                    external  External.
                    internal  Internal.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    config redistribute6
        edit {protocol}
        # IS-IS IPv6 redistribution for routing protocols.
            set protocol {string}   Protocol name. size[35]
            set status {enable | disable}   Enable/disable redistribution.
            set metric {integer}   Metric. range[0-4261412864]
            set metric-type {external | internal}   Metric type.
                    external  External metric type.
                    internal  Internal metric type.
            set level {level-1-2 | level-1 | level-2}   Level.
                    level-1-2  Level 1 and 2.
                    level-1    Level 1.
                    level-2    Level 2.
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
end

Additional information

The following section is for those options that require additional explanation.

auth-keychain-l1 {string}

Note: This field is available when auth-mode-l1 is set to md5.

Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-keychain-l2 {string}

Note: This field is available when auth-mode-l2 is set to md5.

Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-password-l1 {string}

Note: This field is available when auth-mode-l1 is set to password.

Authentication password for level 1 PDUs.

auth-password-l2 {string}

Note: This field is available when auth-mode-l2 is set to password.

Authentication password for level 2 PDUs.

is-type {level‑1 | level‑1-2 | level‑2‑only}

Set the ISIS level to use, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area (default)
  • level-2-only: inter-area

metric-style {narrow | narrow-transition | narrow-transition-l1 | narrow-transition-l2 | transition | transition-l1 | transition-l2 | wide | wide-l1 | wide-l2 | wide-transition | wide-transition-l1 | wide-transition-l2}

Use old-style (ISO 10589) or new-style packet formats.

  • narrow: Use old style of TLVs with narrow metric (default)
  • narrow-transition: narrow, and accept both styles of TLVs during transition
  • narrow-transition-l1: narrow-transition level-1 only
  • narrow-transition-l2: narrow-transition level-2 only
  • transition: Send and accept both styles of TLVs during transition
  • transition-l1: transition level-1 only
  • transition-l2: transition level-2 only
  • wide: Use new style of TLVs to carry wider metric
  • wide-l1: wide level-1 only
  • wide-l2: wide level-2 only
  • wide-transition: wide, and accept both styles of TLVs during transition
  • wide-transition-l1: wide-transition level-1 only
  • wide-transition-l2: wide-transition level-2 only

overload-bit-on-startup <seconds>

Set overload-bit only temporarily after reboot (5 - 86 400 seconds).

To disable, use the command unset overload-bit-on-startup ; the command set overload-bit-on-startup 0 is invalid.

overload-bit-suppress {external | interlevel}

Suppress overload-bit for the specific prefixes.

To disable, use the command unset overload-bit-suppress.

redistribute-l1 {enable | disable}

Redistribute level 1 routes into level 2. If enabled, configure redistribute-l1-list.

redistribute-l1-list <access-list>

Note: This field is available when redistribute-l1 is enabled.

Access-list for redistribute l1 to l2. You must create the access-list before it can be selected here, see router {access-list | access-list6}.

redistribute-l2 {enable | disable}

Redistribute level 2 routes into level 1. If enabled, configure redistribute-l2-list.

redistribute-l2-list <access-list>

Note: This field is available when redistribute-l2 is enabled.

Access-list for redistribute l2 to l1. You must create the access-list before it can be selected here, see router {access-list | access-list6}.

config isis-interface

Use this subcommand to configure FortiGate interfaces for IS-IS.

auth-keychain-l1 {string}

Note: This field is available when auth-mode-l1 is set to md5.

Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-keychain-l2 {string}

Note: This field is available when auth-mode-l2 is set to md5.

Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.

auth-password-l1 {string}

Note: This field is available when auth-mode-l1 is set to password.

Authentication password for level 1 PDUs.

auth-password-l2 {string}

Note: This field is available when auth-mode-l2 is set to password.

Authentication password for level 2 PDUs.

circuit-type {level‑1 | level‑1-2 | level‑2‑only}

Set the ISIS circuit type to use for the interface, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area (default)
  • level-2-only: inter-area

config {redistribute | redistribute6} {bgp | connected | ospf | rip | static}

Use these subcommands to redistribute IPv4 and/or IPv6 routes from other routing protocols using IS-IS.

level {level‑1 | level-1-2 | level‑2}

Set the ISIS level type to use for distributing routes, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area
  • level-2: inter-area (default)

routemap {string}

Enter a route map name. You must create the route map before it can be selected here, see router route-map.

config {summary-address | summary-address6}

Use these subcommands to add IPv4 and/or IPv6 IS-IS summary addresses.

level {level‑1 | level-1-2 | level‑2}

Set the ISIS level to use for the summary database, choosing one of the following:

  • level-1: intra-area
  • level-1-2: both intra- and inter-area
  • level-2: inter-area (default)