Professional Documents
Culture Documents
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
iii
Contents
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
iv
Contents
Additional References 39
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
v
Contents
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
vi
CHAPTER 1
IS-IS Overview and Basic Configuration
This module provides a technical overview of the Integrated Intermediate System-to-Intermediate System
(IS-IS) routing protocol. IS-IS is a link-state Interior Gateway Protocol (IGP). Link-state protocols are
characterized by the propagation of the information required to build a complete network connectivity map
on each participating device. That map is then used to calculate the shortest path to destinations.
The IS-IS protocol was developed in the late 1980s by Digital Equipment Corporation (DEC) and was
standardized by the International Standards Organization (ISO) in ISO/IEC 10589. The current version of
this standard is ISO/IEC 10589:2002.
ISO/IEC 10589 defines support for the ISO Connectionless Network Protocol (CLNP) as defined in ISO
8473. However, the protocol was designed to be extensible to other network protocols. RFC 1195 defined
IS-IS support for IP, and additional IETF extensions have defined IS-IS support for IPv6. Integration of
support for multiple network layer protocols has led to the term Integrated IS-IS. The Cisco IOS IS-IS
implementation supports CLNP, IPv4, and IPv6. This module and its related modules use the term IS-IS to
refer to the Integrated IS-IS that is implemented by Cisco IOS software.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
1
IS-IS Overview and Basic Configuration
Prerequisites for IS-IS Overview and Basic Configuration
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
IS Address Assignment
An IS is identified by an address known as a Network Entity Title (NET). The NET is the address of a Network
Service Access Point (NSAP), which identifies an instance of the IS-IS routing protocol running on an IS.
The NET may be 8 to 20 octets in length and consists of three parts:
• Area address—This field is 1 to 13 octets in length and is composed of high-order octets of the address.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
2
IS-IS Overview and Basic Configuration
IS-IS PDU Types
Note An IS-IS instance may be assigned multiple area addresses. When this is the case, all area addresses are
considered synonymous. Multiple synonymous area addresses are useful when merging or splitting areas
in the domain. In normal operation, for example, once the merge or split has been completed, there is no
need to assign more than one area address to an IS-IS instance.
• System ID—This field is 6 octets long and immediately follows the area address. When the IS operates
at Level 1, the system ID must be unique among all the Level-1 devices in the same area. When the IS
operates at Level 2, the system ID must be unique among all devices in the domain.
• NSEL—The N-selector field is 1 octet in length and immediately follows the system ID. It must be set
to 00.
IIHs
Intermediate System-to-Intermediate System Hello PDUs (IIHs) are exchanged between IS neighbors on
circuits on which the IS-IS protocol is enabled. IIHs include the system ID of the sender, the assigned area
address(es), and the identity of neighbors on that circuit that are known to the sending IS. Additional optional
information may also be included.
There are three types of IIHs:
• Point-to-Point IIHs—These are sent on point-to-point circuits.
• Level-1 LAN IIHs—These are sent on multiaccess circuits when the sending IS operates as a Level-1
device on that circuit.
• Level-2 LAN IIHs—These are sent on multiaccess circuits when the sending IS operates as a Level-2
device on that circuit.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
3
IS-IS Overview and Basic Configuration
IS-IS Supported Circuit Types
LSPs
An IS generates Link-State PDUs (LSPs) to advertise its neighbors and the destination that are directly
connected to the IS. An LSP is uniquely identified by the following:
• System ID of the IS that generated the LSP
• Pseudonode ID—This value is always 0 except when the LSP is a pseudonode LSP (see “Operation of
IS-IS on Multiaccess Circuits” section.
• LSP number (0 to 255)
• 32-bit sequence number
SNPs
Sequence Number PDUs (SNPs) contain a summary description of one or more LSPs. There are two types
of SNPs for both Level 1 and Level 2:
• Complete Sequence Number PDUs (CSNPs) are used to send a summary of the LSPDB that an IS has
for a given level.
• Partial Sequence Number PDUs (PSNPs) are used to send a summary of a subset of the LSPs for a given
level that an IS either has in its database or needs to obtain.
For more information about how SNPs are used, see the “IS-IS Supported Circuit Types” section.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
4
IS-IS Overview and Basic Configuration
IS-IS Supported Circuit Types
If both ISs support Level 1 on that circuit and the ISs are configured with at least one matching address, the
adjacency supports Level 1. Level-1 LSPs and SNPs will be sent on that circuit.
If both ISs support Level 2 on that circuit, the adjacency supports Level 2. Level-2 LSPs and SNPs will be
sent on that circuit.
The adjacency then can be Level 1, Level 2, or Level 1 and 2.
ISs send point-to-point IIHs on point-to-point circuits. These IIHs allow each IS to discover the identity of
the neighbor, the configured area address(es), and the supported levels.
When an adjacency is first established, each IS sends a set of CSNPs for each level that is supported on the
circuit. A CSNP set describes the current contents of the LSPDB at that level. By comparing the contents of
the set of received CSNPs with the contents of the local LSPDB, each IS can determine where the databases
differ and initiate procedures to exchange the necessary LSPs so that the databases are efficiently and reliably
synchronized.
PSNPs are sent to acknowledge the receipt of an updated LSP.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
5
IS-IS Overview and Basic Configuration
IS-IS Election of the Designated Intermediate System
The devices in the IS-IS network topology in the figure below perform Level 1, Level 2, or Level 1 and 2
routing along the backbone of the network.
Figure 2: Level 1, Level 2, and Level 1-2 Devices in an IS-IS Network Topology
The nonzero pseudonode ID is what differentiates a pseudonode LSP from a nonpseudonode LSP and is
chosen by the DIS to be unique among any other LAN circuits for which it is also the DIS at this level.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
6
IS-IS Overview and Basic Configuration
IS-IS Overview of LSPDB Synchronization
The DIS is also responsible for sending periodic CSNPs on the circuit. This provides a complete summary
description of the current contents of the LSPDB on the DIS. Other ISs on the circuit can then perform the
following activities:
• Flood LSPs that they have that are absent from or are newer than those that are described in the CSNPs
sent by the DIS.
• Request an LSP by sending a PSNP for LSPs that are described in the CSNPs sent by the DIS that are
absent from the local database or older than what is described in the CSNP set.
In this way, the LSPDBs of all ISs on a multiaccess circuit are efficiently and reliably synchronized.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
7
IS-IS Overview and Basic Configuration
IS-IS Overview of LSPDB Synchronization
Note The figure below is applicable to all Level-1 devices in an area or to all Level-2 devices in a Level-2
subdomain.
The figure below shows each device in the IS-IS network with its fully updated link-state database, after the
adjacencies have been formed among the neighbor devices.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
8
IS-IS Overview and Basic Configuration
IS-IS Overview of the Shortest Path Calculation
Note The figure below is applicable to all Level-1 devices in an area or to all Level-2 devices in a Level-2
subdomain.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
9
IS-IS Overview and Basic Configuration
How to Create Monitor and Make Changes to a Basic IS-IS Network
Note An IS can generate up to 256 LSPs at each level. The LSPs are identified by the numbers 0 through 255.
LSP 0 has special properties, including the significance of the setting of the ATT bit to indicate attachment
to other areas. When LSPs that are numbered 1 through 255 have the ATT bit set, it is not significant.
1. enable
2. configure terminal
3. router isis [area-tag]
4. net network-entity-title
5. end
DETAILED STEPS
Example:
Device# configure terminal
Step 3 router isis [area-tag] Assigns a tag to an IS-IS process. Enters router configuration mode.
• Configure tags to identify multiple IS-IS processes by giving a
Example: meaningful name for each routing process. If the tag is not
Device(config)# router isis specified, a null tag (0) is assumed and the process is referenced
with a null tag. The tag name must be unique among all IP router
processes for the device.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
10
IS-IS Overview and Basic Configuration
Enabling IS-IS as an IP Routing Protocol on the Interface
Step 5 end Exits router configuration mode and returns to privileged EXEC
mode.
Example:
Device(config-router)# end
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask [secondary]
5. ip router isis [area-tag]
6. end
DETAILED STEPS
Example:
Device# configure terminal
Example:
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
11
IS-IS Overview and Basic Configuration
Enabling IS-IS as an IP Routing Protocol on the Interface
Example:
Device(config-if)# ip address
172.16.1.27 255.255.255.0
Step 5 ip router isis [area-tag] Enables IS-IS on the interfaces that are to use IS-IS to distribute their
IP information (and additionally that might be used to establish IS-IS
Example: adjacencies).
Device(config-if)# ip router isis • Use the area-tag argument to specify to which IS-IS process
company1 the device belongs.
• If there is more than one IS-IS process on the device, repeat
the ip router isis command for each interface, specifying an
area tag for each interface to associate each interface with the
specific process to which it belongs.
Step 6 end Exits interface configuration mode and returns to privileged EXEC
mode.
Example:
Device(config-if)# end
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
12
IS-IS Overview and Basic Configuration
Monitoring IS-IS
Monitoring IS-IS
SUMMARY STEPS
1. enable
2. configure terminal
3. isis display delimiter [return count | character count]
4. exit
5. show ip protocols
6. show clns area-tag is-neighbors [type number] [detail]
7. show clns interface [type number]
8. show clns area-tag neighbors [type number] [area] [detail]
9. show clns area-tag traffic
10. show ip route [ip-address [mask]] [[longer-prefixes] | protocol [process-id] | list [access-list-number |
access-list-name] | static download]]
11. show isis [process-tag] database [level-1] [level-2] [l1] [l2] [detail] [lspid]
12. show isis database verbose
13. show isis lsp-log
14. show isis [area-tag] [ipv6 | *] spf-log
15. show isis [process-tag] [ipv6 | *] topology
16. show isis [area-tag] neighbors [detail]
DETAILED STEPS
Example:
Device# configure terminal
Step 3 isis display delimiter [return count | Makes output from multiarea displays easier to read by specifying the
character count] delimiter to use to separate displays of information.
Example:
Device(config)# isis display
delimiter return 3
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
13
IS-IS Overview and Basic Configuration
Monitoring IS-IS
Example:
Device(config)# exit
Step 5 show ip protocols Displays the parameters and current state of the active routing protocol
process.
Example: • You can use this command to learn what protocols are active, what
Device# show ip protocols interfaces they are active on, what networks they are routing for, and
other parameters that relate to the routing protocols.
Step 6 show clns area-tag is-neighbors [type Displays IS-IS information for IS-IS device adjacencies.
number] [detail]
Example:
Device# show clans is-neighbors
detail
Step 7 show clns interface [type number] List the CLNS-specific information about each interface.
Example:
Device# show clns interface
Step 8 show clns area-tag neighbors [type Displays both ES and IS neighbors.
number] [area] [detail]
• The show clns neighbor command output verifies that the right
adjacencies have established. A matrix of adjacencies should be
Example: prepared before you configure your devices, showing what neighbors
Device# show clns area3 neighbors should be expected in the adjacencies table, to facilitate verification.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
14
IS-IS Overview and Basic Configuration
Monitoring IS-IS
Step 10 show ip route [ip-address [mask]] Displays the current state of the routing table.
[[longer-prefixes] | protocol [process-id] |
list [access-list-number | access-list-name]
| static download]]
Example:
Device# show ip route 172.16.0.21
Step 11 show isis [process-tag] database [level-1] Displays additional information about the IS-IS database.
[level-2] [l1] [l2] [detail] [lspid]
• Displays the link-state database for Level-1 and Level-2, the contents
for each LSP, and the link-state protocol PDU identifier.
Example:
Device# show isis database detail
Step 12 show isis database verbose Displays additional information about the IS-IS database such as the
sequence number, checksum, and holdtime for LSPs.
Example:
Device# show isis database verbose
Step 13 show isis lsp-log Displays a log of LSPs including time of occurrence, count, interface, and
the event that triggered the LSP.
Example:
Device# show isis lsp-log
Step 14 show isis [area-tag] [ipv6 | *] spf-log Displays how often and why the device has run a full shortest path first
(SPF) calculation.
Example: • If the device continues to run SPF without ceasing, there might be
Device# show isis spf-log an issue regarding a change in the network (intra-area). The cause
for the continued SPF calculations could be an interconnecting link
that is transitioning up/down/up/down or a metric change. It is normal
for the SPF calculation to run a few times when a network change
occurs, but then it should cease.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
15
IS-IS Overview and Basic Configuration
Configuration Examples for a Basic IS-IS Network
Example:
Device# show isis topology
Step 16 show isis [area-tag] neighbors [detail] Displays IS-IS adjacency information.
• The show isis neighbor detail command output verifies that the right
Example: adjacencies have established. A matrix of adjacencies should be
Device# show isis neighbors detail prepared before you configure your devices, showing what neighbors
should be expected in the adjacencies table, to facilitate verification.
Example
When the show isis neighbors command is entered with the detail keyword, the output provides information
about the IS-IS adjacencies that have formed.
Troubleshooting Tips
You can use the following two system debugging commands to check your IS-IS IPv4 implementation.
• If adjacencies are not coming up properly, use the debug isis adj-packets command.
• To display a log of significant events during an IS-IS SPF calculation, use the debug isis spf-events
command.
Device A Configuration
router isis
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
16
IS-IS Overview and Basic Configuration
Example: Configuring a Basic IS-IS Network
net 49.0001.0000.0000.000a.00
interface ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip router isis
interface serial 2/0
ip router isis
ip address 192.168.1.2 255.255.255.0
Device B Configuration
router isis
net 49.0001.0000.0000.000b.00
interface ethernet0/0
ip router isis
ip address 172.17.1.1 255.255.255.0
interface serial2/0
ip router isis
ip address 192.168.1.1 255.255.255.0
interface serial5/0
ip router isis
ip address 172.21.1.1 255.255.255.0
Device C Configuration
router isis
net 49.0001.0000.0000.000c.00
interface ethernet2/0
ip router isis
ip address 172.21.1.2 255.255.255.0
interface serial5/0
ip router isis
ip address 172.22.1.1 255.255.255.0
The show isis topology command displays the following information about how the devices are connected
within the IS-IS network:
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
17
IS-IS Overview and Basic Configuration
Where to Go Next
The show ip route command displays information about the interfaces of each device, including their IP
addresses and how they are connected to Device B:
Where to Go Next
• To initially configure and enable IS-IS, see the “Configuring a Basic IS-IS Network” module.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
18
IS-IS Overview and Basic Configuration
Additional References for IS-IS Overview and Basic Configuration
• To customize IS-IS for your network design, see the “Customizing IS-IS for Your Network Design”
module.
• To customize IS-IS for achieving fast convergence and scalability, see the following modules:
• “Overview of IS-IS Fast Convergence”
• “Setting Best Practice Parameters for IS-IS Fast Convergence”
• “Reducing Failure Detection Times in IS-IS Networks”
• “Reducing Link Failure and Topology Change Notification Times in IS-IS Networks”
• “Reducing Alternate-Path Calculation Times in IS-IS Networks”
• To enhance IS-IS network security, see the "Enhancing Security in an IS-IS Network" module.
IPv6 Routing: IS-IS Support for IPv6 "IPv6 Routing: IS-IS Support for
IPv6 " module
Standards
Standard Title
ISO 8473 CLNP, Connectionless Network Protocol
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
19
IS-IS Overview and Basic Configuration
Glossary
MIBs
RFCs
RFC Title
RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual
Environments (http://www.ietf.org/rfc/rfc1195.txt)
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
Glossary
area —A physically connected portion of a routing domain in which all devices are assigned a common area
address. Also known as the Level-1 subdomain. A routing domain may consist of multiple areas that are
reachable by traversing the Level-2 subdomain.
area address —The high-order octets of the Network Entity Title (NET) assigned to an IS. All ISs in the
same Level-1 area are assigned the same area address.
CLNP —ISO Connectionless Network Protocol as defined in ISO 8473.
DIS —Designated Intermediate System. An IS elected by all the ISs operating on a multiaccess circuit at a
given level to represent the multiaccess circuit. The DIS sends pseudonode LSPs on behalf of the circuit
advertising adjacencies to all the ISs operating on that circuit.
domain —The portion of a network on which the IS-IS protocol is configured to operate. The routing domain
consists of all Level-1 areas and the Level-2 subdomain.
ES —end system. An ES is any nonrouting host or node.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
20
IS-IS Overview and Basic Configuration
Glossary
Integrated IS-IS —Extended form of IS-IS that supports multiple network protocols. Extensions have been
defined in IETF documents, especially RFC 1195.
IS —intermediate system. OSI term for a device.
IP —Internet Protocol Version 4, also known as IPv4.
IPv6 —Internet Protocol Version 6.
IS-IS —Intermediate System-to-Intermediate System. Routing protocol as defined in ISO/IEC 10589.
Level-1 router —An IS that supports Level-1 routing for its assigned area.
Level-2 router —An IS that supports Level-2 routing.
Level-2 subdomain —All Level-2 capable devices in a domain and the links that interconnect them. Level-1
areas are interconnected via the Level-2 subdomain. For routing in a domain to work properly, the Level-2
subdomain must not be partitioned.
NET —Network Entity Title. An address assigned to an instance of the IS-IS protocol. The NET includes an
area address, a system ID, and an N-selector. When multiple NETs are assigned to an IS-IS instance, only the
area address portion of the NET may differ.
NSEL —N-selector. The least significant octet of a Network Entity Title. It is always assigned the value 00.
system ID —The part of the NET that immediately follows the area address. The field is 6 octets long.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
21
IS-IS Overview and Basic Configuration
Glossary
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
22
CHAPTER 2
Loop-Free Alternate Fast Reroute
This document describes Loop-Free Alternate (LFA) Fast Reroute (FRR).
• Multiprotocol Label Switching (MPLS) feature must be enabled. You must enable the mpls ldp
explicit-null command;
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
23
Loop-Free Alternate Fast Reroute
Restrictions for Loop-Free Alternate Fast Reroute
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
24
Loop-Free Alternate Fast Reroute
Supported Information
Supported Information
• LFA FRR is supported with equal cost multipath (ECMP).
• Fast Reroute triggered by Bidirectional Forwarding (BFD) is supported starting Cisco IOS XE Release
3.9.
• Remote LFA tunnels are High Availability aware; hence, Stateful Switchover (SSO) compliant.
LFA FRR and Remote LFA FRR over Bridge Domains Interfaces
The router supports bridge domain interfaces (BDI).
LFA FRR and remote LFA FRR is supported on bridge domain interfaces on the router.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
25
Loop-Free Alternate Fast Reroute
Remote LFA FRR
Repair Paths
Repair paths forward traffic during a routing transition. When a link or a router fails, due to the loss of a
physical layer signal, initially, only the neighboring routers are aware of the failure. All other routers in the
network are unaware of the nature and location of this failure until information about this failure is propagated
through a routing protocol, which may take several hundred milliseconds. It is, therefore, necessary to arrange
for packets affected by the network failure to be steered to their destinations.
A router adjacent to the failed link employs a set of repair paths for packets that would have used the failed
link. These repair paths are used from the time the router detects the failure until the routing transition is
complete. By the time the routing transition is complete, all routers in the network revise their forwarding
data and the failed link is eliminated from the routing computation.
Repair paths are precomputed in anticipation of failures so that they can be activated the moment a failure is
detected.
The IPv4 LFA FRR feature uses the following repair paths:
• Equal Cost Multipath (ECMP) uses a link as a member of an equal cost path-split set for a destination.
The other members of the set can provide an alternative path when the link fails.
• LFA is a next-hop route that delivers a packet to its destination without looping back. Downstream paths
are a subset of LFAs.
The red looping arrow represents traffic that is looping immediately after a failure between node A and C
(before network reconvergence). Device A tries to send traffic destined to F to next-hop B. Device B cannot
be used as an LFA for prefixes advertised by nodes C and F. The actual LFA is node D. However, node D is
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
26
Loop-Free Alternate Fast Reroute
Remote LFA FRR
not directly connected to the protecting node A. To protect prefixes advertised by C, node A must tunnel the
packet around the failed link A-C to node D, provided that the tunnel does not traverse the failing link.
Remote LFA FRR enables you to tunnel a packet around a failed link to a remote loop-free alternate that is
more than one hop away. In the figure above, the green arrow between A and D shows the tunnel that is
automatically created by the remote LFA feature to bypass looping.
Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) and LFA FRR Integration
Starting Cisco IOS XE Release 3.10S, both the Labeled Border Gateway Protocol (BGP) Prefix-Independent
Convergence (PIC) feature and the Loop-Free Alternate (LFA) Fast Reroute (FRR) feature can be configured
together on the router.
Starting Cisco IOS XE Release 3.11, BGP PIC is supported for bridge domain interfaces (BDI) with FRR.
Note Each bridge domain interface (BDI) protected by FRR can have only one EFP.
For information on configuring BGP PIC, see BGP PIC Edge for IP and MPLS-VPN.
Note Remote LFA FRR with VPLS is not supported on the Cisco ASR 900 RSP3 Module for Cisco IOS XE
Release 3.16.
VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from
multiple sites via the infrastructure provided by their service provider. For information on configuring VPLS,
see Configuring Virtual Private LAN Services. Starting With Cisco IOS XE Release 3.10S, Remote LFA
FRR is supported with VPLS.
For information on configuring remote LFA FRR with VPLS, see How to Configure Loop-Free Alternate
Fast Reroute, on page 28.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
27
Loop-Free Alternate Fast Reroute
How to Configure Loop-Free Alternate Fast Reroute
SUMMARY STEPS
1. enable
2. configure terminal
3. router isis [area-tag]
4. fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name}
5. fast-reroute remote-lfa {level-1 | level-2} mpls-ldp [maximum-metric metric-value]
6. end
DETAILED STEPS
Example:
Device# configure terminal
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
28
Loop-Free Alternate Fast Reroute
Configuring IS-IS Remote Loop-Free Alternate Fast Reroute
Step 5 fast-reroute remote-lfa {level-1 | level-2} mpls-ldp Configures an FRR path that redirects traffic to a remote LFA
[maximum-metric metric-value] tunnel for either level 1 or level 2 packets.
• Use the maximum-metric metric-value
Example: keyword-argument pair to specify the maximum metric
Device(config-router)# fast-reroute remote-lfa value required to reach the release node.
level-1 mpls-ldp
Step 6 end Exits router configuration mode and enters privileged EXEC
mode.
Example:
Device(config-router)# end
Recommended Configurations
• For optimal results with remote LFA FRR, it is recommended that you use the following SFP timers:
• ISIS
◦spf-interval 5 50 200
◦prc-interval 5 50 200
◦spf-interval 5 50 200
◦sp-gen-interval 5 50 200
◦fast-flood 10
• OSPF
◦timers throttle spf 50 200 5000
◦timers throttle lsa 50 200 5000
◦timers lsa arrival 100
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
29
Loop-Free Alternate Fast Reroute
Configuring IS-IS Remote Loop-Free Alternate Fast Reroute
• Globally configure the MPLS IGP hold-down timer to avoid an indefinite wait by IGP for synchronization
using the mpls ldp igp sync holdown 2000 command.
Example: Configuration of Remote LFA FRR with VPLS at the interface level.
!
interface GigabitEthernet0/3/3
ip address 198.51.100.1 255.255.255.0
ip router isis hp
logging event link-status
load-interval 30
negotiation auto
mpls ip
mpls traffic-eng tunnels
isis network point-to-point
end
!
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
30
Loop-Free Alternate Fast Reroute
How to Configure OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
Example: Configuration of remote LFA FRR with VPLS at the global level.
!
l2 vfi Test-2000 manual
vpn id 2010
bridge-domain 2010
neighbor 192.0.2.1 encapsulation mpls
!
Example: Configuration of remote LFA FRR with VPLS at Access side.
!
interface TenGigabitEthernet0/2/0
no ip address
service instance trunk 1 ethernet
encapsulation dot1q 12-2012
rewrite ingress tag pop 1 symmetric
bridge-domain from-encapsulation
!
SUMMARY STEPS
1. enable
2. configure terminal
3. router ospf process-id
4. fast-reroute per-prefix remote-lfa [area area-id] tunnel mpls-ldp
DETAILED STEPS
Example:
Device# configure terminal
Step 3 router ospf process-id Enables OSPF routing and enters router configuration mode.
Example:
Device(config)# router ospf 10
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
31
Loop-Free Alternate Fast Reroute
How to Configure OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
SUMMARY STEPS
1. enable
2. configure terminal
3. router ospf process-id
4. fast-reroute per-prefix remote-lfa [area area-id] maximum-cost distance
DETAILED STEPS
Example:
Device# configure terminal
Step 3 router ospf process-id Enables OSPF routing and enters router configuration mode.
Example:
Device(config)# router ospf 10
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
32
Loop-Free Alternate Fast Reroute
Verifying Loop-Free Alternate Fast Reroute
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
33
Loop-Free Alternate Fast Reroute
Example: Verifying LFA FRR with L2VPN
HW Info:
TCAM handle: 0x0000023f TCAM index: 0x0000000d
FID index : 0x0000f804 EAID : 0x0000808a
MET : 0x0000400c FID Count : 0x00000000
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
34
Loop-Free Alternate Fast Reroute
Configuration Examples for OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
FIFC entries : 32
PPO handle : 0x00000000
Next OCE : Adjacency (0x10e63b38)
Bkup OCE : Adjacency (0x10e6e590)
HW Info:
FID index: 0x0000f486 EL3 index: 0x00001003 EL2 index: 0x00000000
El2RW : 0x00000107 MET index: 0x0000400c EAID : 0x00008060
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: d0:c2:82:17:8a:82:08:00:40:00:0d:02
HW Info:
FID index: 0x0000f49d EL3 index: 0x00001008 EL2 index: 0x00000000
El2RW : 0x00000111 MET index: 0x00004017 EAID : 0x0000807d
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: d0:c2:82:17:c9:83:08:00:40:00:0d:07
Example: Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR
The following example displays information about about tunnel interfaces created by OSPF IPv4 LFA IPFRR:
Router# show ip ospf fast-reroute remote-lfa tunnels
Interface MPLS-Remote-Lfa3
Tunnel type: MPLS-LDP
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
35
Loop-Free Alternate Fast Reroute
Verifying Remote Loop-Free Alternate Fast Reroute with VPLS
198.51.100.2/32, epoch 2
local label info: global/2033
1 RR source [heavily shared]
nexthop 192.0.2.14 TenGigabitEthernet0/1/0 label [explicit-null|70]
repair: attached-nexthop 192.0.2.1 MPLS-Remote-Lfa2
nexthop 192.0.2.1 MPLS-Remote-Lfa2, repair
!
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
36
Loop-Free Alternate Fast Reroute
Example: Verifying Remote LFA FRR with VPLS
HW Info:
TCAM handle: 0x00000266 TCAM index: 0x00000015
FID index : 0x00008e7f EAID : 0x0001d7c4
MET : 0x0000401c FID Count : 0x00000000
=== Label OCE ===
Label flags: 4
Num Labels: 1
Num Bk Labels: 1
Out Labels: 0
Out Backup Labels: 70
=== FRR OCE ===
FRR type : IP FRR
FRR state : Primary
Primary IF's gid : 52
Primary FID : 0x00008cb6
FIFC entries : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0
PPO handle : 0x00000000
Next OCE : Adjacency (0x130e0df0)
Bkup OCE : Adjacency (0x130de608)
HW Info:
FID index: 0x00008ca8 EL3 index: 0x0000101c EL2 index: 0x00000000
El2RW : 0x00000003 MET index: 0x00004024 EAID : 0x0001d7cb
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 00:00:00:00:00:00:00:00:00:00:00:00
HW Info:
FID index: 0x00008c78 EL3 index: 0x0000101c EL2 index: 0x00000000
El2RW : 0x00000109 MET index: 0x0000400e EAID : 0x0001cf4b
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
37
Loop-Free Alternate Fast Reroute
Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR
1. enable
2. show ip ospf fast-reroute remote-lfa tunnels
DETAILED STEPS
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
38
Loop-Free Alternate Fast Reroute
Additional References
Additional References
Related Documents
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
39
Loop-Free Alternate Fast Reroute
Additional References
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
40
CHAPTER 3
Policy-Based Routing
The Policy-Based Routing feature is a process whereby a device puts packets through a route map before
routing the packets. The route map determines which packets are routed next to which device. Policy-based
routing is a more flexible mechanism for routing packets than destination routing.
Policy-Based Routing
Policy-based routing is a process whereby the device puts packets through a route map before routing them.
The route map determines which packets are routed next to which device. You might enable policy-based
routing if you want certain packets to be routed in a certain way other than the obvious shortest path. Possible
applications for policy-based routing are to provide equal access, protocol-sensitive routing, source-sensitive
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
41
Policy-Based Routing
Restrictions for Policy-Based Routing
routing, routing based on interactive versus batch traffic, and routing based on dedicated links. Policy-based
routing is a more flexible mechanism for routing packets than destination routing.
To enable policy-based routing, you must identify which route map to use for policy-based routing and create
the route map. The route map itself specifies the match criteria and the resulting action if all of the match
clauses are met.
To enable policy-based routing on an interface, indicate which route map the device should use by using the
ip policy route-map map-tag command in interface configuration mode. A packet arriving on the specified
interface is subject to policy-based routing except when its destination IP address is the same as the IP address
of the device’s interface. This ip policy route-map command disables fast switching of all packets arriving
on this interface.
To define the route map to be used for policy-based routing, use the route-map map-tag [permit]
[sequence-number] global configuration command.
To define the criteria by which packets are examined to learn if they will be policy-based routed, use the
match ip address {access-list-number | access-list-name} command or both in route map configuration
mode. No match clause in the route map indicates no packet match.
To display the cache entries in the policy route cache, use the show ip cache policy command.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
42
Policy-Based Routing
How to Configure Policy-Based Routing
1. enable
2. configure terminal
3. sdm prefer video
4. ip access-list extended <name>
5. permit protocol source [source-wildcard] destination [destination-wildcard]
6. exit
7. Route-map <route_map_name> permit <sequence_number>
8. match ip address <match_criteria_name>
9. set ip next-hop <ip_address> set ip vrf <vrf_name> next-hop <ip_address> set vrf <vrf_name>
10. exit
11. interface type number
12. ip policy route-map <route_map_name>
13. exit
DETAILED STEPS
Example:
Router# configure terminal
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
43
Policy-Based Routing
Configuring Policy-Based Routing
Step 5 permit protocol source [source-wildcard] destination Creates a match statement to match the specified source
[destination-wildcard] & destination IP address.
Example:
Router(config-ext-nacl)#permit ip 10.0.0.0
0.255.255.255 200.0.0.0 0.255.255.255
Example:
Router(config-ext-nacl)#exit
Step 7 Route-map <route_map_name> permit Creates a Route-map statement named "pbr" for
<sequence_number> redistributing routes from one routing protocol into another
routing protocol or enables policy-based routing and enters
Example: route-map configuration mode.
Step 8 match ip address <match_criteria_name> Defines the match criteria by which packets are examined
to learn if they will be policy-based routed.
Example:
Router(config-route-map)#match ip address
pbr-acl1
Step 9 set ip next-hop <ip_address> set ip vrf <vrf_name> Specifies where to output packets that pass a match clause
next-hop <ip_address> set vrf <vrf_name> of a route map for policy routing.
Example:
Router(config-route-map)#set ip next-hop 30.0.0.2
Router(config-route-map)#set ip vrf vrf1 next-hop
30.0.0.1
Router(config-route-map)#set vrf vrf1
Example:
Router(config-route-map)#exit
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
44
Policy-Based Routing
Verifying Policy-Based Routing
Step 12 ip policy route-map <route_map_name> Identifies a route map to use for policy routing on an
interface.
Example:
Router(config-if)#ip policy route-map pbr
Example:
Router(config-if)#exit
Device# conf t
Device(config)# route-map equal-access permit 10
Device(config-route-map)# match ip address 1
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
45
Policy-Based Routing
Additional References
Device# conf t
Device(config)# interface GigabitEthernet0/0/2
Device(config-if)# ip policy route-map equal-access
Device(config-if)# exit
Additional References
Related Documents
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
46
Policy-Based Routing
Feature Information for Policy-Based Routing
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
47
Policy-Based Routing
Feature Information for Policy-Based Routing
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
48
CHAPTER 4
Segment Routing—IS-IS v4 node SID
The Segment Routing—ISIS v4 node SID feature provides support for segment routing on IS-IS networks.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
49
Segment Routing—IS-IS v4 node SID
Configuring Segment Routing
SUMMARY STEPS
1. enable
2. configure terminal
3. segment-routing mpls
4. connected-prefix-sid-map
5. address-family ipv4
6. 1.1.1.1/32 100
DETAILED STEPS
Example:
Device# configure terminal
Step 3 segment-routing mpls Enables the segment feature using the mpls data plane.
Example:
Device(config-sr)# segment-routing mpls
Device(config-srmpls)# connected-prefix-sid-map
Example:
Device(config-srmpls-conn)# address-family
1.1.1.1/32 100 range 1
Example:
Device(config-srmpls-conn-af)# 1.1.1.1/32 100
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
50
Segment Routing—IS-IS v4 node SID
Configuring Segment Routing on IS-IS Network
SUMMARY STEPS
1. router isis
2. net network-entity-title
3. metric-style wide
4. segment-routing mpls
5. exit
6. show isis segment-routing state
DETAILED STEPS
Step 2 net network-entity-title Configures network entity titles (NETs) for the routing
instance.
Example:
Device(config-router)# net 49.0000.0000.0003.00
Step 3 metric-style wide Configures the device to generate and accept only wide
link
Example: metrics.
Device(config-router)# metric-style wide
Example:
Device(config-router)# segment-routing mpls
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
51
Segment Routing—IS-IS v4 node SID
Configuring Prefix-SID for IS-IS
The following example displays output from the show isis segment-routing state command for the segment
routing under IS-IS:
Device# show isis segment-routing
SUMMARY STEPS
1. enable
2. configure terminal
3. interface Loopback interface-instanceinterface-type
4. address-family { ipv4 | ipv6 } [ unicast ]
5. prefix-sid index index-value [ n-flag-clearlevel ] [ explicit-null ]
6. exit
DETAILED STEPS
Example:
Device# enable
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
52
Segment Routing—IS-IS v4 node SID
Configuring Prefix Attribute N-flag-clear
Example:
Device# configure terminal
Step 3 interface Loopback interface-instanceinterface-type Specifies the interface loopback and interface type.
Example:
Device(config)# interface loopback0 passive
Step 4 address-family { ipv4 | ipv6 } [ unicast ] Specifies the IPv4 or IPv6 address family, and enters
router address family configuration mode.
Example:
Device(config-if)# address-family ipv4 unicast
Step 5 prefix-sid index index-value [ n-flag-clearlevel ] [ Configures the prefix-SID index for the interface.
explicit-null ]
Example:
Device(config-if-af)# prefix-sid index 1001
[n-flag-clear] [explicit-null]
SUMMARY STEPS
1. enable
2. configure terminal
3. interface loopback0
4. isis prefix-attributes n-flag-clear {Level-1|Level-2}
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
53
Segment Routing—IS-IS v4 node SID
Configuration Examples for Segment Routing —IS-IS v4 node SID
DETAILED STEPS
Example:
Device# configure terminal
Example:
Device(config)# interface loopback0
Step 4 isis prefix-attributes n-flag-clear {Level-1|Level-2} Clears the prefix-SID attribute N-flag explicitly.
Example:
Device(config-if)# isis prefix-attributes
n-flag-clear level-1
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
54
Segment Routing—IS-IS v4 node SID
Example: Configuring Prefix Attribute N-Flag-Clear
Additional References
Related Documents
Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
55
Segment Routing—IS-IS v4 node SID
Feature Information for Segment Routing—IS-IS v4 node SID
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
56
CHAPTER 5
PPPoE Intermediate Agent
Point-to-point protocol over Ethernet intermediate agent (PPPoE IA) is placed between a subscriber and
broadband remote access server (BRAS). PPPoE IA helps the service provider BRAS to distinguish between
end hosts connected over Ethernet and an access device. The topology of a typical PPPoE implementation
is shown in the figure below.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
57
PPPoE Intermediate Agent
Information About PPPoE Intermediate Agent
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
58
PPPoE Intermediate Agent
How to Configure PPPoE Intermediate Agent
• If PPoE IA is enabled per-interface, the circuit-id and remote-id configured for that interface is
used. If not global vlaues are used
Note If you do not specify the access node identifier of the switch, the value is automatically set as 0.0.0.0.
enable
configure terminal
pppoe intermediate-agent format-type access-node-id string switch123
end
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
59
PPPoE Intermediate Agent
Enabling or Disabling PPPoE IA on an Interface
Note PPPoE IA sends a generic error message only on specific error condition. If you do not specify string
{message}, the error message is not added.
enable
configure terminal
pppoe intermediate-agent format-type generic-error-message string
end
enable
configure terminal
pppoe intermediate-agent format-type identifier-string string circuit1 option spv delimiter
:
end
Note This setting applies to all frames passing through this interface, regardless of the EFP to which they belong.
By default the PPPoE IA feature is disabled on all interfaces. You need to run this command on every
interface that requires this feature.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
60
PPPoE Intermediate Agent
Enabling or Disabling PPPoE IA on an Interface
Note If BD is enabled with PPPoE IA, BD level circuit-id configuration overwrites all other circuit-id
configuration, for the packets that are received on that particular BD.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
61
PPPoE Intermediate Agent
Enabling or Disabling PPPoE IA on an Interface
intermediate-agent format-type remote-id string word command irrespective of the BD. This command
over-writes global level remote-id configuration or automatic generation of remote-id by the device.
This parameter is not set by default.
Note If BD is enabled with PPPoE IA, BD level remote-id configuration overwrites all other remote-id
configuration, for the packets that are received on that particular BD.
enable
configure terminal
interface GigabitEthernet 0/0/1
pppoe intermediate-agent format-type remote-id string granite
end
Note The default value of remote-id is the router MAC address (for all bridge-domains).
Note This limit applies to the physical interface to counter misbehaving hosts. Even if a single EFP misbehaves
on an interface in trunk mode, the entire interface is shut down (error-disabled), bringing down other EFP
traffic on the interface.
If you set the limit on the interface that connect the access switch to BRAS, use a higher value since the BRAS
aggregates all the PPPoE traffic to the access switch through this interface.
enable
configure terminal
interface GigabitEthernet 0/1/1
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
62
PPPoE Intermediate Agent
Enabling or Disabling PPPoE IA on an Interface
Note BRAS automatically strips the vendor-specific tag off of the PPPoE discovery packets before sending
them downstream to the access switch. To operate with older BRAS which does not possess this capability,
use the pppoe intermediate-agent vendor-tag strip command on the interface connecting the access
switch to BRAS
enable
configure terminal
interface GigabitEthernet 0/0/1
pppoe intermediate-agent vendor-tag strip
end
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
63
PPPoE Intermediate Agent
Verifying PPoE IA Configuration
Interface : GigabitEthernet0/0/24
Packets received
All = 53
PADI = 17 PADO = 0
PADR = 17 PADS = 0
PADT = 19
Packets dropped:
Rate-limit exceeded = 0
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
BD 40: Packets received PADI = 8 PADO = 0 PADR = 8 PADS = 0 PADT = 9
BD 50: Packets received PADI = 9 PADO = 0 PADR = 9 PADS = 0 PADT = 10
Interface : GigabitEthernet0/0/24
Packets received
All = 59
PADI = 0 PADO = 19
PADR = 0 PADS = 26
PADT = 14
Packets dropped:
Rate-limit exceeded = 0
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
BD 40: Packets received PADI = 0 PADO = 12 PADR = 0 PADS = 15 PADT = 7
BD 50: Packets received PADI = 0 PADO = 7 PADR = 0 PADS = 11 PADT = 7
Use the following command to view the packet details on an interface:
Router# show pppoe intermediate-agent statistics interface type typeslot /subslot /port
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
64
PPPoE Intermediate Agent
Verifying PPPoE IA is Enabled
Example:
Router# show pppoe intermediate-agent statistics interface gigabitEthernet 0/0/3
Interface : Gi 0/0/3
Packets received
All = 0
PADI = 0 PADO = 0
PADR = 0 PADS = 0
PADT = 0
Packets dropped:
Rate-limit exceeded = 0
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
BD 40: Packets received PADI = 0 PADO = 0 PADR = 0 PADS = 0 PADT = 0
BD 50: Packets received PADI = 0 PADO = 0 PADR = 0 PADS = 0 PADT = 0
Troubleshooting Tips
The following debug commands can help you troubleshoot an improper PPPoE intermediate agent configuration
and its related features:
• debug pppoe intermediate-agent packet—Displays the contents of a packet received in the software:
source and destination MAC address of Ethernet frame, code, version and type of PPPoE Discovery
packet and a list of TAGs present.
• debug pppoe intermediate-agent event—Provides debugging information about PPPoE events.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
65
PPPoE Intermediate Agent
Configuration Examples
• debug radius—Generates a report that includes information about the incoming access interface, where
discovery frames are received, and about the session being established in PPPoE extended NAS-Port
format (format d).
Configuration Examples
Configuration Example for PPPoE IA on an Interface
enable
configure terminal
interface GigabitEthernet0/0/1
no ip address
media-type rj45
negotiation auto
pppoe intermediate-agent format-type circuit-id string cktid10
pppoe intermediate-agent format-type remote-id string rmtid10
pppoe intermediate-agent
service instance 1 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
bridge-domain 40
!
end
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
66
PPPoE Intermediate Agent
Additional References for PPPoE Intermediate Agent
!
service instance 2 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
bridge-domain 30
!
end
In this example:
• the packet received on bd 40 will have circuit and remote id as cktid-20 and rmtid-20 respectively
• the packet received on bd 30 will have circuit & remote id as cktid-10 and rmtid-10 respectively
MIBs
RFCs
RFC Title
No new or modified RFCs are supported, and support —
for existing RFCs has not been modified.
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
67
PPPoE Intermediate Agent
Additional References for PPPoE Intermediate Agent
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
68
INDEX
I R
IP 41 route maps 41
policy routing 41 policy routing, defining 41
P
policy routing 41
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
IN-1
Index
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
IN-2