router isis
You can enable and configure IS‑IS on your FortiGate if this routing protocol is in use on your network. IS-IS is described in RFC 1142.
For each routing protocol, you can also use a redistribute command to redistribute IS-IS routes with the other protocol. |
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set default-originate6 {enable | disable} set adjacency-check6 {enable | disable} set redistribute6-l1 {enable | disable} set redistribute6-l2 {enable | disable} set redistribute6-l1-list <integer> set redistribute6-l2-list <integer> |
New IPv6 IS-IS related global settings. |
set adv-passive-only {enable | disable} set adv-passive-only6 {enable | disable} |
Enable or disable (by default) IS-IS advertisement of IPv4 and/or IPv6 passive interfaces only. |
config redistribute6 <protocol> edit <protocol-name> set status {enable | disable} set metric <integer> set metric-type {external | internal} set level {level-1-2 | level-1 | level-2} set routemap <name> next ... |
New IPv6 redistribute option. |
config summary-address6 edit <name> set prefix6 <ipv6-prefix> set level {level-1-2 | level-1 | level-2} next ... |
New IPv6 IS-IS summary address option. |
Enable or disable (by default) IPv6 for the IS-IS interface. | |
New loopback network type for the IS-IS interface. |
config router isis set is-type {level-1-2 | level-1 | level-2-only} IS type. level-1-2 Level 1 and 2. level-1 Level 1 only. level-2-only Level 2 only. set adv-passive-only {enable | disable} Enable/disable IS-IS advertisement of passive interfaces only. set adv-passive-only6 {enable | disable} Enable/disable IPv6 IS-IS advertisement of passive interfaces only. set auth-mode-l1 {password | md5} Level 1 authentication mode. password Password. md5 MD5. set auth-mode-l2 {password | md5} Level 2 authentication mode. password Password. md5 MD5. set auth-password-l1 {password_string} Authentication password for level 1 PDUs. size[128] set auth-password-l2 {password_string} Authentication password for level 2 PDUs. size[128] set auth-keychain-l1 {string} Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name set auth-keychain-l2 {string} Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name set auth-sendonly-l1 {enable | disable} Enable/disable level 1 authentication send-only. set auth-sendonly-l2 {enable | disable} Enable/disable level 2 authentication send-only. set ignore-lsp-errors {enable | disable} Enable/disable ignoring of LSP errors with bad checksums. set lsp-gen-interval-l1 {integer} Minimum interval for level 1 LSP regenerating. range[1-120] set lsp-gen-interval-l2 {integer} Minimum interval for level 2 LSP regenerating. range[1-120] set lsp-refresh-interval {integer} LSP refresh time in seconds. range[1-65535] set max-lsp-lifetime {integer} Maximum LSP lifetime in seconds. range[350-65535] set spf-interval-exp-l1 {string} Level 1 SPF calculation delay. set spf-interval-exp-l2 {string} Level 2 SPF calculation delay. set dynamic-hostname {enable | disable} Enable/disable dynamic hostname. set adjacency-check {enable | disable} Enable/disable adjacency check. set adjacency-check6 {enable | disable} Enable/disable IPv6 adjacency check. set overload-bit {enable | disable} Enable/disable signal other routers not to use us in SPF. set overload-bit-suppress {external | interlevel} Suppress overload-bit for the specific prefixes. external External. interlevel Inter-level. set overload-bit-on-startup {integer} Overload-bit only temporarily after reboot. range[5-86400] set default-originate {enable | disable} Enable/disable distribution of default route information. set default-originate6 {enable | disable} Enable/disable distribution of default IPv6 route information. set metric-style {option} Use old-style (ISO 10589) or new-style packet formats narrow Use old style of TLVs with narrow metric. wide Use new style of TLVs to carry wider metric. transition Send and accept both styles of TLVs during transition. narrow-transition Narrow and accept both styles of TLVs during transition. narrow-transition-l1 Narrow-transition level-1 only. narrow-transition-l2 Narrow-transition level-2 only. wide-l1 Wide level-1 only. wide-l2 Wide level-2 only. wide-transition Wide and accept both styles of TLVs during transition. wide-transition-l1 Wide-transition level-1 only. wide-transition-l2 Wide-transition level-2 only. transition-l1 Transition level-1 only. transition-l2 Transition level-2 only. set redistribute-l1 {enable | disable} Enable/disable redistribution of level 1 routes into level 2. set redistribute-l1-list {string} Access-list for route redistribution from l1 to l2. size[35] - datasource(s): router.access-list.name set redistribute-l2 {enable | disable} Enable/disable redistribution of level 2 routes into level 1. set redistribute-l2-list {string} Access-list for route redistribution from l2 to l1. size[35] - datasource(s): router.access-list.name set redistribute6-l1 {enable | disable} Enable/disable redistribution of level 1 IPv6 routes into level 2. set redistribute6-l1-list {string} Access-list for IPv6 route redistribution from l1 to l2. size[35] - datasource(s): router.access-list6.name set redistribute6-l2 {enable | disable} Enable/disable redistribution of level 2 IPv6 routes into level 1. set redistribute6-l2-list {string} Access-list for IPv6 route redistribution from l2 to l1. size[35] - datasource(s): router.access-list6.name config isis-net edit {id} # IS-IS net configuration. set id {integer} isis-net ID. range[0-4294967295] set net {string} IS-IS net xx.xxxx. ... .xxxx.xx. next config isis-interface edit {name} # IS-IS interface configuration. set name {string} IS-IS interface name. size[15] - datasource(s): system.interface.name set status {enable | disable} Enable/disable interface for IS-IS. set status6 {enable | disable} Enable/disable IPv6 interface for IS-IS. set network-type {broadcast | point-to-point | loopback} IS-IS interface's network type broadcast Broadcast. point-to-point Point-to-point. loopback Loopback. set circuit-type {level-1-2 | level-1 | level-2} IS-IS interface's circuit type level-1-2 Level 1 and 2. level-1 Level 1. level-2 Level 2. set csnp-interval-l1 {integer} Level 1 CSNP interval. range[1-65535] set csnp-interval-l2 {integer} Level 2 CSNP interval. range[1-65535] set hello-interval-l1 {integer} Level 1 hello interval. range[0-65535] set hello-interval-l2 {integer} Level 2 hello interval. range[0-65535] set hello-multiplier-l1 {integer} Level 1 multiplier for Hello holding time. range[2-100] set hello-multiplier-l2 {integer} Level 2 multiplier for Hello holding time. range[2-100] set hello-padding {enable | disable} Enable/disable padding to IS-IS hello packets. set lsp-interval {integer} LSP transmission interval (milliseconds). range[1-4294967295] set lsp-retransmit-interval {integer} LSP retransmission interval (sec). range[1-65535] set metric-l1 {integer} Level 1 metric for interface. range[1-63] set metric-l2 {integer} Level 2 metric for interface. range[1-63] set wide-metric-l1 {integer} Level 1 wide metric for interface. range[1-16777214] set wide-metric-l2 {integer} Level 2 wide metric for interface. range[1-16777214] set auth-password-l1 {password_string} Authentication password for level 1 PDUs. size[128] set auth-password-l2 {password_string} Authentication password for level 2 PDUs. size[128] set auth-keychain-l1 {string} Authentication key-chain for level 1 PDUs. size[35] - datasource(s): router.key-chain.name set auth-keychain-l2 {string} Authentication key-chain for level 2 PDUs. size[35] - datasource(s): router.key-chain.name set auth-send-only-l1 {enable | disable} Enable/disable authentication send-only for level 1 PDUs. set auth-send-only-l2 {enable | disable} Enable/disable authentication send-only for level 2 PDUs. set auth-mode-l1 {md5 | password} Level 1 authentication mode. md5 MD5. password Password. set auth-mode-l2 {md5 | password} Level 2 authentication mode. md5 MD5. password Password. set priority-l1 {integer} Level 1 priority. range[0-127] set priority-l2 {integer} Level 2 priority. range[0-127] set mesh-group {enable | disable} Enable/disable IS-IS mesh group. set mesh-group-id {integer} Mesh group ID <0-4294967295>, 0: mesh-group blocked. range[0-4294967295] next config summary-address edit {id} # IS-IS summary addresses. set id {integer} Summary address entry ID. range[0-4294967295] set prefix {ipv4 classnet any} Prefix. set level {level-1-2 | level-1 | level-2} Level. level-1-2 Level 1 and 2. level-1 Level 1. level-2 Level 2. next config summary-address6 edit {id} # IS-IS IPv6 summary address. set id {integer} Prefix entry ID. range[0-4294967295] set prefix6 {ipv6 prefix} IPv6 prefix. set level {level-1-2 | level-1 | level-2} Level. level-1-2 Level 1 and 2. level-1 Level 1. level-2 Level 2. next config redistribute edit {protocol} # IS-IS redistribute protocols. set protocol {string} Protocol name. size[35] set status {enable | disable} Status. set metric {integer} Metric. range[0-4261412864] set metric-type {external | internal} Metric type. external External. internal Internal. set level {level-1-2 | level-1 | level-2} Level. level-1-2 Level 1 and 2. level-1 Level 1. level-2 Level 2. set routemap {string} Route map name. size[35] - datasource(s): router.route-map.name next config redistribute6 edit {protocol} # IS-IS IPv6 redistribution for routing protocols. set protocol {string} Protocol name. size[35] set status {enable | disable} Enable/disable redistribution. set metric {integer} Metric. range[0-4261412864] set metric-type {external | internal} Metric type. external External metric type. internal Internal metric type. set level {level-1-2 | level-1 | level-2} Level. level-1-2 Level 1 and 2. level-1 Level 1. level-2 Level 2. set routemap {string} Route map name. size[35] - datasource(s): router.route-map.name next end
Additional information
The following section is for those options that require additional explanation.
auth-keychain-l1 {string}
Note: This field is available when auth-mode-l1
is set to md5
.
Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.
auth-keychain-l2 {string}
Note: This field is available when auth-mode-l2
is set to md5
.
Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.
auth-password-l1 {string}
Note: This field is available when auth-mode-l1
is set to password
.
Authentication password for level 1 PDUs.
auth-password-l2 {string}
Note: This field is available when auth-mode-l2
is set to password
.
Authentication password for level 2 PDUs.
is-type {level‑1 | level‑1-2 | level‑2‑only}
Set the ISIS level to use, choosing one of the following:
level-1
: intra-arealevel-1-2
: both intra- and inter-area (default)level-2-only
: inter-area
metric-style {narrow | narrow-transition | narrow-transition-l1 | narrow-transition-l2 | transition | transition-l1 | transition-l2 | wide | wide-l1 | wide-l2 | wide-transition | wide-transition-l1 | wide-transition-l2}
Use old-style (ISO 10589) or new-style packet formats.
narrow
: Use old style of TLVs with narrow metric (default)narrow-transition
: narrow, and accept both styles of TLVs during transitionnarrow-transition-l1
: narrow-transition level-1 onlynarrow-transition-l2
: narrow-transition level-2 onlytransition
: Send and accept both styles of TLVs during transitiontransition-l1
: transition level-1 onlytransition-l2
: transition level-2 onlywide
: Use new style of TLVs to carry wider metricwide-l1
: wide level-1 onlywide-l2
: wide level-2 onlywide-transition
: wide, and accept both styles of TLVs during transitionwide-transition-l1
: wide-transition level-1 onlywide-transition-l2
: wide-transition level-2 only
overload-bit-on-startup <seconds>
Set overload-bit only temporarily after reboot (5 - 86 400 seconds).
To disable, use the command unset overload-bit-on-startup
; the command set overload-bit-on-startup 0
is invalid.
overload-bit-suppress {external | interlevel}
Suppress overload-bit for the specific prefixes.
To disable, use the command unset overload-bit-suppress
.
redistribute-l1 {enable | disable}
Redistribute level 1 routes into level 2. If enabled, configure redistribute-l1-list
.
redistribute-l1-list <access-list>
Note: This field is available when redistribute-l1
is enabled.
Access-list for redistribute l1 to l2. You must create the access-list before it can be selected here, see router {access-list | access-list6}.
redistribute-l2 {enable | disable}
Redistribute level 2 routes into level 1. If enabled, configure redistribute-l2-list
.
redistribute-l2-list <access-list>
Note: This field is available when redistribute-l2
is enabled.
Access-list for redistribute l2 to l1. You must create the access-list before it can be selected here, see router {access-list | access-list6}.
config isis-interface
Use this subcommand to configure FortiGate interfaces for IS-IS.
auth-keychain-l1 {string}
Note: This field is available when auth-mode-l1
is set to md5
.
Authentication key-chain for level 1 PDUs. You must create the key-chain before it can be selected here, see router key-chain.
auth-keychain-l2 {string}
Note: This field is available when auth-mode-l2
is set to md5
.
Authentication key-chain for level 2 PDUs. You must create the key-chain before it can be selected here, see router key-chain.
auth-password-l1 {string}
Note: This field is available when auth-mode-l1
is set to password
.
Authentication password for level 1 PDUs.
auth-password-l2 {string}
Note: This field is available when auth-mode-l2
is set to password
.
Authentication password for level 2 PDUs.
circuit-type {level‑1 | level‑1-2 | level‑2‑only}
Set the ISIS circuit type to use for the interface, choosing one of the following:
level-1
: intra-arealevel-1-2
: both intra- and inter-area (default)level-2-only
: inter-area
config {redistribute | redistribute6} {bgp | connected | ospf | rip | static}
Use these subcommands to redistribute IPv4 and/or IPv6 routes from other routing protocols using IS-IS.
level {level‑1 | level-1-2 | level‑2}
Set the ISIS level type to use for distributing routes, choosing one of the following:
level-1
: intra-arealevel-1-2
: both intra- and inter-arealevel-2
: inter-area (default)
routemap {string}
Enter a route map name. You must create the route map before it can be selected here, see router route-map.
config {summary-address | summary-address6}
Use these subcommands to add IPv4 and/or IPv6 IS-IS summary addresses.
level {level‑1 | level-1-2 | level‑2}
Set the ISIS level to use for the summary database, choosing one of the following:
level-1
: intra-arealevel-1-2
: both intra- and inter-arealevel-2
: inter-area (default)