In this lab, I use Juniper M7i Router(JUNOS 12.3R6.6) to finish the JNCIE Service Provider Bootcamp 10.b Detailed Lab Guide Lab2 IS-IS.
However, I found some thing wrong in this lab and I will point out during configuration.
Before we start lab, we need to load pre-configuration for this Lab.
JNCIE@M7i> file show JNCIE-SP_DLG_CH2_IS-IS_Pre_v20150117.txt
## Last changed: 2015-01-17 17:42:22 CST
version 12.3R6.6;
system {
host-name M7i;
time-zone Asia/Taipei;
root-authentication {
encrypted-password "$1$xHrLYWb1$t7zaprV7gI28TCVhVXknd0"; ## SECRET-DATA
}
name-server {
168.95.1.1;
8.8.8.8;
}
login {
user JNCIE {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$CFRZNtzp$xpn4xLgXQrBom0tstx93H/"; ## SECRET-DATA
}
}
}
services {
telnet;
}
ntp {
boot-server 211.22.103.158;
server 211.22.103.158 prefer;
server 140.112.2.189;
}
}
logical-systems {
C {
interfaces {
fe-0/0/1 {
unit 30 {
description To_R1-Fe-0/0/0.30;
vlan-id 30;
family inet {
address 172.27.0.30/30;
}
}
}
}
protocols {
rip {
group RIP {
export RIP-OUT;
neighbor fe-0/0/1.30;
}
}
}
policy-options {
policy-statement RIP-OUT {
term 1 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 172.16.16.0/29 receive;
route 172.16.20.0/24 receive;
route 172.16.21.0/24 receive;
}
}
}
DC1 {
interfaces {
fe-0/0/2 {
unit 21 {
description To_DC2_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.201/28;
}
}
}
}
}
DC2 {
interfaces {
fe-0/0/3 {
unit 21 {
description To_DC1_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.200/28;
}
}
}
}
}
DC3 {
interfaces {
fe-0/0/2 {
unit 335 {
description To_R3-Fe-0/0/0.335_R5-Fe-0/0/1.335;
vlan-id 335;
family inet {
address 172.27.0.101/28;
}
}
}
}
protocols {
ospf {
export OSPF-OUT;
area 0.0.0.0 {
interface fe-0/0/2.335;
}
}
}
policy-options {
policy-statement OSPF-OUT {
term 1 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 10.22.1.0/24 receive;
route 10.22.2.0/24 receive;
route 10.22.3.0/24 receive;
route 10.22.4.0/24 receive;
route 10.22.5.0/24 receive;
route 10.22.6.0/24 receive;
route 10.22.7.0/24 receive;
}
}
}
R1 {
interfaces {
fe-0/0/0 {
unit 12 {
description To_R2-Fe-0/0/1.12;
vlan-id 12;
family inet {
address 172.27.0.1/30;
}
family inet6 {
address 2008:4498::1/126;
}
}
unit 13 {
description To_R3-Fe-0/0/1.13;
vlan-id 13;
family inet {
address 172.27.0.14/30;
}
family inet6 {
address 2008:4498::e/126;
}
}
unit 14 {
description To_R4-Fe-0/0/1.14;
vlan-id 14;
family inet {
address 172.27.0.10/30;
}
family inet6 {
address 2008:4498::a/126;
}
}
unit 30 {
description To_C-Fe-0/0/1.30;
vlan-id 30;
family inet {
address 172.27.0.29/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 172.27.255.1/32;
}
}
}
}
}
R2 {
interfaces {
fe-0/0/0 {
unit 10 {
description To_T1-Fe-0/0/1.10;
vlan-id 10;
family inet {
address 172.27.0.37/30;
}
family inet6 {
address 2008:4498::25/126;
}
}
unit 21 {
description To_DC1-2_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.202/28;
}
}
unit 24 {
description To_R4-Fe-0/0/1.24;
vlan-id 24;
family inet {
address 172.27.0.5/30;
}
family inet6 {
address 2008:4498::5/126;
}
}
}
fe-0/0/1 {
unit 12 {
description To_R1-Fe-0/0/0.12;
vlan-id 12;
family inet {
address 172.27.0.2/30;
}
family inet6 {
address 2008:4498::2/126;
}
}
}
lo0 {
unit 2 {
family inet {
address 172.27.255.2/32;
}
}
}
}
}
R3 {
interfaces {
fe-0/0/0 {
unit 34 {
description To_R4-Fe-0/0/1.34;
vlan-id 34;
family inet {
address 172.27.0.17/30;
}
family inet6 {
address 2008:4498::13/126;
}
}
unit 35 {
description To_R5-Fe-0/0/1.35;
vlan-id 35;
family inet {
address 172.27.0.26/30;
}
family inet6 {
address 2008:4498::1a/126;
}
}
unit 335 {
description To_DC3_R5-Fe-0/0/1.335;
vlan-id 335;
family inet {
address 172.27.0.103/28;
}
}
}
fe-0/0/1 {
unit 13 {
description To_R1-Fe-0/0/0.13;
vlan-id 13;
family inet {
address 172.27.0.13/30;
}
family inet6 {
address 2008:4498::d/126;
}
}
}
lo0 {
unit 3 {
family inet {
address 172.27.255.3/32;
}
}
}
}
}
R4 {
interfaces {
fe-0/0/0 {
unit 45 {
description To_R5-Fe-0/0/1.45;
vlan-id 45;
family inet {
address 172.27.0.21/30;
}
family inet6 {
address 2008:4498::15/126;
}
}
}
fe-0/0/1 {
unit 14 {
description To_R1-Fe-0/0/0.14;
vlan-id 14;
family inet {
address 172.27.0.9/30;
}
family inet6 {
address 2008:4498::9/126;
}
}
unit 21 {
description To_DC1-2_R2-Fe-0/0/0.21;
vlan-id 21;
family inet {
address 172.20.21.204/28;
}
}
unit 24 {
description To_R2-Fe-0/0/0.24;
vlan-id 24;
family inet {
address 172.27.0.6/30;
}
family inet6 {
address 2008:4498::6/126;
}
}
unit 34 {
description To_R3-Fe-0/0/0.34;
vlan-id 34;
family inet {
address 172.27.0.18/30;
}
family inet6 {
address 2008:4498::12/126;
}
}
}
lo0 {
unit 4 {
family inet {
address 172.27.255.4/32;
}
}
}
}
}
R5 {
interfaces {
fe-0/0/0 {
unit 20 {
description To_T2-Fe-0/0/1.20;
vlan-id 20;
family inet {
address 172.27.0.57/30;
}
family inet6 {
address 2008:4498::39/126;
}
}
}
fe-0/0/1 {
unit 35 {
description To_R3-Fe-0/0/0.35;
vlan-id 35;
family inet {
address 172.27.0.25/30;
}
family inet6 {
address 2008:4498::19/126;
}
}
unit 45 {
description To_R4-Fe-0/0/0.45;
vlan-id 45;
family inet {
address 172.27.0.22/30;
}
family inet6 {
address 2008:4498::16/126;
}
}
unit 335 {
description To_DC3_R3-Fe-0/0/0.335;
vlan-id 335;
family inet {
address 172.27.0.105/28;
}
}
}
lo0 {
unit 5 {
family inet {
address 172.27.255.5/32;
}
}
}
}
}
T1 {
interfaces {
fe-0/0/1 {
unit 10 {
description To_R2-Fe-0/0/0.10;
vlan-id 10;
family inet {
address 172.27.0.38/30;
}
family inet6 {
address 2008:4498::26/126;
}
}
}
}
}
T2 {
interfaces {
fe-0/0/1 {
unit 20 {
description To_R5-Fe-0/0/0.20;
vlan-id 20;
family inet {
address 172.27.0.58/30;
}
family inet6 {
address 2008:4498::3a/126;
}
}
}
}
}
}
interfaces {
fe-0/0/0 {
vlan-tagging;
}
fe-0/0/1 {
vlan-tagging;
}
fe-0/0/2 {
vlan-tagging;
}
fe-0/0/3 {
vlan-tagging;
}
fxp0 {
description To_SW1_Fa1/0/23;
unit 0 {
family inet {
address 192.168.100.221/26;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.100.200;
}
}
JNCIE@M7i>
JNCIE@M7i>
JNCIE@M7i>
JNCIE@M7i> file show JNCIE-SP_DLG_CH2_IS-IS_Pre_v20150117.txt
## Last changed: 2015-01-17 17:42:22 CST
version 12.3R6.6;
system {
host-name M7i;
time-zone Asia/Taipei;
root-authentication {
encrypted-password "$1$xHrLYWb1$t7zaprV7gI28TCVhVXknd0"; ## SECRET-DATA
}
name-server {
168.95.1.1;
8.8.8.8;
}
login {
user JNCIE {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$CFRZNtzp$xpn4xLgXQrBom0tstx93H/"; ## SECRET-DATA
}
}
}
services {
telnet;
}
ntp {
boot-server 211.22.103.158;
server 211.22.103.158 prefer;
server 140.112.2.189;
}
}
logical-systems {
C {
interfaces {
fe-0/0/1 {
unit 30 {
description To_R1-Fe-0/0/0.30;
vlan-id 30;
family inet {
address 172.27.0.30/30;
}
}
}
}
protocols {
rip {
group RIP {
export RIP-OUT;
neighbor fe-0/0/1.30;
}
}
}
policy-options {
policy-statement RIP-OUT {
term 1 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 172.16.16.0/29 receive;
route 172.16.20.0/24 receive;
route 172.16.21.0/24 receive;
}
}
}
DC1 {
interfaces {
fe-0/0/2 {
unit 21 {
description To_DC2_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.201/28;
}
}
}
}
}
DC2 {
interfaces {
fe-0/0/3 {
unit 21 {
description To_DC1_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.200/28;
}
}
}
}
}
DC3 {
interfaces {
fe-0/0/2 {
unit 335 {
description To_R3-Fe-0/0/0.335_R5-Fe-0/0/1.335;
vlan-id 335;
family inet {
address 172.27.0.101/28;
}
}
}
}
protocols {
ospf {
export OSPF-OUT;
area 0.0.0.0 {
interface fe-0/0/2.335;
}
}
}
policy-options {
policy-statement OSPF-OUT {
term 1 {
from protocol static;
then accept;
}
}
}
routing-options {
static {
route 10.22.1.0/24 receive;
route 10.22.2.0/24 receive;
route 10.22.3.0/24 receive;
route 10.22.4.0/24 receive;
route 10.22.5.0/24 receive;
route 10.22.6.0/24 receive;
route 10.22.7.0/24 receive;
}
}
}
R1 {
interfaces {
fe-0/0/0 {
unit 12 {
description To_R2-Fe-0/0/1.12;
vlan-id 12;
family inet {
address 172.27.0.1/30;
}
family inet6 {
address 2008:4498::1/126;
}
}
unit 13 {
description To_R3-Fe-0/0/1.13;
vlan-id 13;
family inet {
address 172.27.0.14/30;
}
family inet6 {
address 2008:4498::e/126;
}
}
unit 14 {
description To_R4-Fe-0/0/1.14;
vlan-id 14;
family inet {
address 172.27.0.10/30;
}
family inet6 {
address 2008:4498::a/126;
}
}
unit 30 {
description To_C-Fe-0/0/1.30;
vlan-id 30;
family inet {
address 172.27.0.29/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 172.27.255.1/32;
}
}
}
}
}
R2 {
interfaces {
fe-0/0/0 {
unit 10 {
description To_T1-Fe-0/0/1.10;
vlan-id 10;
family inet {
address 172.27.0.37/30;
}
family inet6 {
address 2008:4498::25/126;
}
}
unit 21 {
description To_DC1-2_R4-Fe-0/0/1.21;
vlan-id 21;
family inet {
address 172.20.21.202/28;
}
}
unit 24 {
description To_R4-Fe-0/0/1.24;
vlan-id 24;
family inet {
address 172.27.0.5/30;
}
family inet6 {
address 2008:4498::5/126;
}
}
}
fe-0/0/1 {
unit 12 {
description To_R1-Fe-0/0/0.12;
vlan-id 12;
family inet {
address 172.27.0.2/30;
}
family inet6 {
address 2008:4498::2/126;
}
}
}
lo0 {
unit 2 {
family inet {
address 172.27.255.2/32;
}
}
}
}
}
R3 {
interfaces {
fe-0/0/0 {
unit 34 {
description To_R4-Fe-0/0/1.34;
vlan-id 34;
family inet {
address 172.27.0.17/30;
}
family inet6 {
address 2008:4498::13/126;
}
}
unit 35 {
description To_R5-Fe-0/0/1.35;
vlan-id 35;
family inet {
address 172.27.0.26/30;
}
family inet6 {
address 2008:4498::1a/126;
}
}
unit 335 {
description To_DC3_R5-Fe-0/0/1.335;
vlan-id 335;
family inet {
address 172.27.0.103/28;
}
}
}
fe-0/0/1 {
unit 13 {
description To_R1-Fe-0/0/0.13;
vlan-id 13;
family inet {
address 172.27.0.13/30;
}
family inet6 {
address 2008:4498::d/126;
}
}
}
lo0 {
unit 3 {
family inet {
address 172.27.255.3/32;
}
}
}
}
}
R4 {
interfaces {
fe-0/0/0 {
unit 45 {
description To_R5-Fe-0/0/1.45;
vlan-id 45;
family inet {
address 172.27.0.21/30;
}
family inet6 {
address 2008:4498::15/126;
}
}
}
fe-0/0/1 {
unit 14 {
description To_R1-Fe-0/0/0.14;
vlan-id 14;
family inet {
address 172.27.0.9/30;
}
family inet6 {
address 2008:4498::9/126;
}
}
unit 21 {
description To_DC1-2_R2-Fe-0/0/0.21;
vlan-id 21;
family inet {
address 172.20.21.204/28;
}
}
unit 24 {
description To_R2-Fe-0/0/0.24;
vlan-id 24;
family inet {
address 172.27.0.6/30;
}
family inet6 {
address 2008:4498::6/126;
}
}
unit 34 {
description To_R3-Fe-0/0/0.34;
vlan-id 34;
family inet {
address 172.27.0.18/30;
}
family inet6 {
address 2008:4498::12/126;
}
}
}
lo0 {
unit 4 {
family inet {
address 172.27.255.4/32;
}
}
}
}
}
R5 {
interfaces {
fe-0/0/0 {
unit 20 {
description To_T2-Fe-0/0/1.20;
vlan-id 20;
family inet {
address 172.27.0.57/30;
}
family inet6 {
address 2008:4498::39/126;
}
}
}
fe-0/0/1 {
unit 35 {
description To_R3-Fe-0/0/0.35;
vlan-id 35;
family inet {
address 172.27.0.25/30;
}
family inet6 {
address 2008:4498::19/126;
}
}
unit 45 {
description To_R4-Fe-0/0/0.45;
vlan-id 45;
family inet {
address 172.27.0.22/30;
}
family inet6 {
address 2008:4498::16/126;
}
}
unit 335 {
description To_DC3_R3-Fe-0/0/0.335;
vlan-id 335;
family inet {
address 172.27.0.105/28;
}
}
}
lo0 {
unit 5 {
family inet {
address 172.27.255.5/32;
}
}
}
}
}
T1 {
interfaces {
fe-0/0/1 {
unit 10 {
description To_R2-Fe-0/0/0.10;
vlan-id 10;
family inet {
address 172.27.0.38/30;
}
family inet6 {
address 2008:4498::26/126;
}
}
}
}
}
T2 {
interfaces {
fe-0/0/1 {
unit 20 {
description To_R5-Fe-0/0/0.20;
vlan-id 20;
family inet {
address 172.27.0.58/30;
}
family inet6 {
address 2008:4498::3a/126;
}
}
}
}
}
}
interfaces {
fe-0/0/0 {
vlan-tagging;
}
fe-0/0/1 {
vlan-tagging;
}
fe-0/0/2 {
vlan-tagging;
}
fe-0/0/3 {
vlan-tagging;
}
fxp0 {
description To_SW1_Fa1/0/23;
unit 0 {
family inet {
address 192.168.100.221/26;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.100.200;
}
}
JNCIE@M7i>
By completing this lab, you will perform the following tasks:
Task 1: Routers R1, R2, R3, R4, and R5 must be configured to participate in your IS-IS domain. Each router’s system ID must be based on its loopback address. Configure each router to support only one IS-IS adjacency per router pairing. Loss of R3 or R4 must not isolate any internal router. Configure the IS-IS areas and levels as shown in the “Lab 2: IS-IS Implementation” diagram.
Task 2: The loopback addresses of R1 and R2 must not appear in the routing table of R5. However, loopback address to loopback address reachability from all internal routers is required.
Task 3: The routes associated with the link between R2 and T1, and the routes associated with the link between R5 and T2 must appear as internal IS-IS routes within your network. However, the IPv6 routes from these links must not appear in R1’s routing table but must appear in R2’s routing table. The [edit routing-options] hierarchy level on R1 cannot be altered to accomplish this task.
Task 4: Configure R1 to receive RIP routes from C1. Then configure R1 to send a summary route to C1 only when R2’s loopback address is present in R1’s routing table. This summary route should represent your internal IPv4 address space. The routes received from C1 must be present in area 49.0001 as IS-IS external routes. These individual routes must not appear in the routing table of R5. However, you must ensure that R5 can reach these destinations.
Task 5: Configure R3 and R5 to receive OSPF routes from DC3. Create the most specific summary route possible that represents these routes and redistribute the summary route into IS-IS. This summary route must appear on R4 with a metric that is greater than 300. However, it must appear on R1 and R2 with a metric that is less than 74.
Task 6: The 10.100.100.0/24 prefix is being used to reach destinations behind DC1 through static routing on R2 and R4. Redistribute this prefix into IS-IS. Ensure R2 is the primary path and R4 is the backup path for this prefix for R1. Ensure R4 is the primary path and R2 is the backup path for this prefix for R5.
Task 7: Configure all interfaces participating in a Level 2 adjacency to monitor the adjacencies using sub-second link failure detection. If the local router is the DR for a Level 1 broadcast segment, the interface involved must have an IS-IS hold-time value of 2 seconds.
Task 8: Configure the routers in both areas to authenticate hello PDUs using the unencrypted password of Juniper. Configure the routers in Area 49.0001 to authenticate LSPs using the encrypted password of JuniperRocks. No routing disruption can occur between R3 and R4 during this process.
Task 9: All IS-IS LSPs should be valid for 1 hour.
OK, Buy a cup of coffee, Let's start
Task 1: Routers R1, R2, R3, R4, and R5 must be configured to participate in your IS-IS domain. Each router’s system ID must be based on its loopback address. Configure each router to support only one IS-IS adjacency per router pairing. Loss of R3 or R4 must not isolate any internal router. Configure the IS-IS areas and levels as shown in the “Lab 2: IS-IS Implementation” diagram.
Note:
1. Routers with leve 1 an level 2 adjacencies, apply area ID of level 1. So, R3 & R4 loopback interface must be set in Level 1
R1:
set logical-systems R1 interfaces fe-0/0/0 unit 12 description To_R2-Fe-0/0/1.12
set logical-systems R1 interfaces fe-0/0/0 unit 12 family iso
set logical-systems R1 interfaces fe-0/0/0 unit 13 description To_R3-Fe-0/0/1.13
set logical-systems R1 interfaces fe-0/0/0 unit 13 family iso
set logical-systems R1 interfaces fe-0/0/0 unit 14 description To_R4-Fe-0/0/1.14
set logical-systems R1 interfaces fe-0/0/0 unit 14 family iso
set logical-systems R1 interfaces lo0 unit 1 family iso address 49.0001.1720.2725.5001.00
set logical-systems R1 protocols isis level 2 disable
R2:
set logical-systems R2 interfaces fe-0/0/0 unit 24 description To_R4-Fe-0/0/1.24
set logical-systems R2 interfaces fe-0/0/0 unit 24 family iso
set logical-systems R2 interfaces fe-0/0/1 unit 12 description To_R1-Fe-0/0/0.12
set logical-systems R2 interfaces fe-0/0/1 unit 12 family iso
set logical-systems R2 interfaces lo0 unit 2 family iso address 49.0001.1720.2725.5002.00
set logical-systems R2 protocols isis level 2 disable
R3:
set logical-systems R3 interfaces fe-0/0/0 unit 34 description To_R4-Fe-0/0/1.34
set logical-systems R3 interfaces fe-0/0/0 unit 34 family iso
set logical-systems R3 interfaces fe-0/0/0 unit 35 description To_R5-Fe-0/0/1.35
set logical-systems R3 interfaces fe-0/0/0 unit 35 family iso
set logical-systems R3 interfaces fe-0/0/1 unit 13 description To_R1-Fe-0/0/0.13
set logical-systems R3 interfaces fe-0/0/1 unit 13 family iso
set logical-systems R3 interfaces lo0 unit 3 family iso address 49.0001.1720.2525.5003.00
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 1 disable
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 1 disable
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 2 disable
set logical-systems R3 protocols isis interface lo0.3 level 1 disable
R4:
set logical-systems R4 interfaces fe-0/0/0 unit 45 description To_R5-Fe-0/0/1.45
set logical-systems R4 interfaces fe-0/0/0 unit 45 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 14 description To_R1-Fe-0/0/0.14
set logical-systems R4 interfaces fe-0/0/1 unit 14 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 24 description To_R2-Fe-0/0/0.24
set logical-systems R4 interfaces fe-0/0/1 unit 24 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 34 description To_R3-Fe-0/0/0.34
set logical-systems R4 interfaces fe-0/0/1 unit 34 family iso
set logical-systems R4 interfaces lo0 unit 4 family iso address 49.0001.1720.2725.5004.00
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 1 disable
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 2 disable
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 2 disable
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 1 disable
set logical-systems R4 protocols isis interface lo0.4 level 1 disable
R5:
set logical-systems R5 interfaces fe-0/0/1 unit 35 description To_R3-Fe-0/0/0.35
set logical-systems R5 interfaces fe-0/0/1 unit 35 family iso
set logical-systems R5 interfaces fe-0/0/1 unit 45 description To_R4-Fe-0/0/0.45
set logical-systems R5 interfaces fe-0/0/1 unit 45 family iso
set logical-systems R5 interfaces lo0 unit 5 family iso address 49.0002.1720.2725.5005.00
set logical-systems R5 protocols isis level 1 disable
Verification:
JNCIE@M7i:R1# run show isis adjacency
Interface System L State Hold (secs) SNPA
fe-0/0/0.12 M7i-R2 1 Up 1 0:12:1e:13:10:1
fe-0/0/0.13 M7i-R3 1 Up 1 0:12:1e:13:10:1
fe-0/0/0.14 M7i-R4 1 Up 1 0:12:1e:13:10:1
JNCIE@M7i:R2# run show isis adjacency
Interface System L State Hold (secs) SNPA
fe-0/0/0.24 M7i-R4 1 Up 1 0:12:1e:13:10:1
fe-0/0/1.12 M7i-R1 1 Up 5 0:12:1e:13:10:0
JNCIE@M7i:R3# run show isis adjacency
Interface System L State Hold (secs) SNPA
fe-0/0/0.34 M7i-R4 2 Up 7 0:12:1e:13:10:1
fe-0/0/0.35 M7i-R5 2 Up 8 0:12:1e:13:10:1
fe-0/0/1.13 M7i-R1 1 Up 5 0:12:1e:13:10:0
JNCIE@M7i:R4# run show isis adjacency
Interface System L State Hold (secs) SNPA
fe-0/0/0.45 M7i-R5 2 Up 7 0:12:1e:13:10:1
fe-0/0/1.14 M7i-R1 1 Up 5 0:12:1e:13:10:0
fe-0/0/1.24 M7i-R2 1 Up 4 0:12:1e:13:10:0
fe-0/0/1.34 M7i-R3 2 Up 20 0:12:1e:13:10:0
JNCIE@M7i:R5# run show isis adjacency
Interface System L State Hold (secs) SNPA
fe-0/0/1.35 M7i-R3 2 Up 25 0:12:1e:13:10:0
fe-0/0/1.45 M7i-R4 2 Up 20 0:12:1e:13:10:0
Task 2: The loopback addresses of R1 and R2 must not appear in the routing table of R5. However, loopback address to loopback address reachability from all internal routers is required.
Note:
1.I create a aggreate route in R3 & R4.
2.I deny Loopback first (policy should have "fome level 1" and "to level 2") and then permit aggregate route.
3.Using command (load merge terminal relative) can save time.
R3:
set logical-systems R3 routing-options aggregate route 172.27.255.0/30
#
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from level 1
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from route-filter 172.27.255.0/30 orlonger
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 to level 2
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 then reject
#
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary from protocol aggregate
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary from route-filter 172.27.255.0/30 exact
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary to level 2
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary then accept
#
set logical-systems R3 protocols isis export leak-routes
R4:
set logical-systems R4 routing-options aggregate route 172.27.255.0/30
#
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from level 1
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from route-filter 172.27.255.0/30 orlonger
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 to level 2
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 then reject
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary from protocol aggregate
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary from route-filter 172.27.255.0/30 exact
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary to level 2
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary then accept
#
set logical-systems R4 protocols isis export leak-routes
Verification:
JNCIE@M7i:R3# run show route 172.27.255/30
inet.0: 34 destinations, 35 routes (34 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.27.255.0/30 *[Aggregate/130] 00:47:10
Reject
172.27.255.1/32 *[IS-IS/15] 00:44:44, metric 10
> to 172.27.0.14 via fe-0/0/1.13
172.27.255.2/32 *[IS-IS/15] 00:44:32, metric 20
> to 172.27.0.14 via fe-0/0/1.13
172.27.255.3/32 *[Direct/0] 00:47:09
> via lo0.3
JNCIE@M7i:R4# run show route 172.27.255/30
inet.0: 27 destinations, 28 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.27.255.0/30 *[Aggregate/130] 00:47:17
Reject
172.27.255.1/32 *[IS-IS/15] 00:44:51, metric 10
> to 172.27.0.10 via fe-0/0/1.14
172.27.255.2/32 *[IS-IS/15] 00:44:51, metric 10
> to 172.27.0.5 via fe-0/0/1.24
172.27.255.3/32 *[IS-IS/18] 00:44:44, metric 10
> to 172.27.0.17 via fe-0/0/1.34
JNCIE@M7i:R5# run show route 172.27.255/30
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.27.255.0/30 *[IS-IS/18] 00:44:55, metric 20
to 172.27.0.26 via fe-0/0/1.35
> to 172.27.0.21 via fe-0/0/1.45
172.27.255.3/32 *[IS-IS/18] 00:44:55, metric 10
> to 172.27.0.26 via fe-0/0/1.35
Task 3: The routes associated with the link between R2 and T1, and the routes associated with the link between R5 and T2 must appear as internal IS-IS routes within your network. However, the IPv6 routes from these links must not appear in R1’s routing table but must appear in R2’s routing table. The [edit routing-options] hierarchy level on R1 cannot be altered to accomplish this task.
Note:
1.Passive mode: Advertise the direct interface addresses on an interface or into a level on the interface without actually running IS-IS on that interface or level.
R2:
set logical-systems R2 protocols isis interface fe-0/0/0.10 passive
R5:
set logical-systems R5 protocols isis interface fe-0/0/0.20 passive
R3:
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from level 2
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from route-filter 172.27.0.56/30 exact
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int to level 1
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int then accept
#
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from level 2
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from route-filter 2008:4498::38/126 exact
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int to level 1
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int then accept
R4:
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from level 2
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from route-filter 172.27.0.56/30 exact
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int to level 1
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int then accept
#
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from level 2
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from route-filter 2008:4498::38/126 exact
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int to level 1
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int then accept
R1:
set logical-systems R1 protocols isis no-ipv6-routing
Verification:
R1, R2 & R5:
run show route protocol isis
Task 4: Configure R1 to receive RIP routes from C1. Then configure R1 to send a summary route to C1 only when R2’s loopback address is present in R1’s routing table. This summary route should represent your internal IPv4 address space. The routes received from C1 must be present in area 49.0001 as IS-IS external routes. These individual routes must not appear in the routing table of R5. However, you must ensure that R5 can reach these destinations.
Note:
1. We can use generate + policy to finish this "R1 to send a summary route to C1 only when R2’s loopback address is present in R1’s routing table" task.
R1:
set logical-systems R1 routing-options generate route 172.27.0.0/16 policy isis-present
#
set logical-systems R1 policy-options policy-statement isis-present term isis from protocol isis
set logical-systems R1 policy-options policy-statement isis-present term isis from route-filter 172.27.255.2/32 exact
set logical-systems R1 policy-options policy-statement isis-present term isis then accept
set logical-systems R1 policy-options policy-statement isis-present term no-other-routes then reject
#
set logical-systems R1 policy-options policy-statement rip-out term gen-ip from protocol aggregate
set logical-systems R1 policy-options policy-statement rip-out term gen-ip from route-filter 172.27.0.0/16 exact
set logical-systems R1 policy-options policy-statement rip-out term gen-ip then accept
#
set logical-systems R1 protocols rip group rip-c1 export rip-out
set logical-systems R1 protocols rip group rip-c1 neighbor fe-0/0/0.30
#
set logical-systems R1 policy-options policy-statement isis-out term rip-isis from protocol rip
set logical-systems R1 policy-options policy-statement isis-out term rip-isis then accept
#
set logical-systems R1 protocols isis export isis-out
R3:
set logical-systems R3 routing-options aggregate route 172.16.16.0/21
#
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext from protocol aggregate
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext from route-filter 172.16.16.0/21 exact
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext to level 2
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext then accept
R4:
set logical-systems R4 routing-options aggregate route 172.16.16.0/21
#
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext from protocol aggregate
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext from route-filter 172.16.16.0/21 exact
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext to level 2
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext then accept
Verification:
JNCIE@M7i:R1# run show route 172.16.16/21
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.16.0/29 *[RIP/100] 01:53:21, metric 2, tag 0
> to 172.27.0.30 via fe-0/0/0.30
172.16.20.0/24 *[RIP/100] 01:53:21, metric 2, tag 0
> to 172.27.0.30 via fe-0/0/0.30
172.16.21.0/24 *[RIP/100] 01:53:21, metric 2, tag 0
> to 172.27.0.30 via fe-0/0/0.30
JNCIE@M7i:R1# run show route advertising-protocol rip 172.27.0.29
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.27.0.0/16 *[Aggregate/130] 01:56:40
> to 172.27.0.2 via fe-0/0/0.12
JNCIE@M7i:R5# run show route 172.16.16/21
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.16.0/21 *[IS-IS/18] 01:54:08, metric 20
> to 172.27.0.26 via fe-0/0/1.35
to 172.27.0.21 via fe-0/0/1.45
JNCIE@M7i:R5# run ping 172.16.16.1 detail count 2
PING 172.16.16.1 (172.16.16.1): 56 data bytes
64 bytes from 172.27.0.30 via fe-0/0/1.35: icmp_seq=0 ttl=60 time=1.839 ms
64 bytes from 172.27.0.30 via fe-0/0/1.35: icmp_seq=1 ttl=60 time=1.554 ms
--- 172.16.16.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.554/1.696/1.839/0.143 ms
Task 5: Configure R3 and R5 to receive OSPF routes from DC3. Create the most specific summary route possible that represents these routes and redistribute the summary route into IS-IS. This summary route must appear on R4 with a metric that is greater than 300. However, it must appear on R1 and R2 with a metric that is less than 74.
R3:
set logical-systems R3 protocols ospf area 0.0.0.0 interface fe-0/0/0.335
#
set logical-systems R3 routing-options aggregate route 10.22.0.0/21
#
set logical-systems R3 policy-options policy-statement ospf-isis term agg from route-filter 10.22.0.0/21 exact
#In Lab guide show example, there is not "to level 2" command. However, without this command, the route will be inject to level 1.
set logical-systems R3 policy-options policy-statement ospf-isis term agg to level 2
set logical-systems R3 policy-options policy-statement ospf-isis term agg then metric 301
set logical-systems R3 policy-options policy-statement ospf-isis term agg then accept
#
set logical-systems R3 protocols isis export ospf-isis
#
set logical-systems R3 protocols isis level 2 wide-metrics-only
R5:
set logical-systems R5 protocols ospf area 0.0.0.0 interface fe-0/0/1.335
#
set logical-systems R5 routing-options aggregate route 10.22.0.0/21
#
set logical-systems R5 policy-options policy-statement ospf-isis term agg from route-filter 10.22.0.0/21 exact
set logical-systems R5 policy-options policy-statement ospf-isis term agg then metric 301
set logical-systems R5 policy-options policy-statement ospf-isis term agg then accept
#
set logical-systems R5 protocols isis export ospf-isis
#
set logical-systems R5 protocols isis level 2 wide-metrics-only
R4:
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext from route-filter 10.22.0.0/21 exact
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext to level 1
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext then accept
#
set logical-systems R4 protocols isis level 2 wide-metrics-only
Verification:
R1:
JNCIE@M7i:R1# run show route 10.22/21
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.22.0.0/21 *[IS-IS/18] 02:26:39, metric 73
> to 172.27.0.9 via fe-0/0/0.14
R2:
JNCIE@M7i:R2# run show route 10.22/21
inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.22.0.0/21 *[IS-IS/18] 02:26:42, metric 73
> to 172.27.0.6 via fe-0/0/0.24
R4:
JNCIE@M7i:R4# run show route 10.22/21
inet.0: 27 destinations, 28 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.22.0.0/21 *[IS-IS/18] 02:26:45, metric 311
> to 172.27.0.22 via fe-0/0/0.45
Task 6: The 10.100.100.0/24 prefix is being used to reach destinations behind DC1 through static routing on R2 and R4. Redistribute this prefix into IS-IS. Ensure R2 is the primary path and R4 is the backup path for this prefix for R1. Ensure R4 is the primary path and R2 is the backup path for this prefix for R5.
Note:
1. R2 uses static route + policy(Tag 102) inject DC1-2 route into level 1.
2. R4 uses static route + policy 1(Tag 104 & metric 63 ) to inject DC1-2 route into level 1. Using policy 2(Tag 104) inject DC1-2 route into level 2.
4. R3 uses policy (Tag 102 & metric 100) inject DC1-2 route into level 2.
R2:
set logical-systems R2 routing-options static route 10.100.100.0/24 next-hop 172.20.21.201
#
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix from protocol static
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix from route-filter 10.100.100.0/24 exact
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix then tag 102
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix then accept
#
set logical-systems R2 protocols isis export static-isis
R4:
set logical-systems R4 routing-options static route 10.100.100.0/24 next-hop 172.20.21.201
#
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 from protocol static
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 from route-filter 10.100.100.0/24 exact
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 to level 1
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then metric 63
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then tag 104
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then accept
#
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 from protocol static
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 from route-filter 10.100.100.0/24 exact
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 to level 2
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 then tag 104
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 then accept
R3:
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from level 1
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from tag 102
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from route-filter 10.100.100.0/24 exact
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 to level 2
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 then metric 100
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 then accept
Verification:
R1:
JNCIE@M7i:R1# run show route 10.100.100/24
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.100.100.0/24 *[IS-IS/160] 02:44:30, metric 10, tag 102
> to 172.27.0.2 via fe-0/0/0.12
JNCIE@M7i:R5# run show route 10.100.100/24
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.100.100.0/24 *[IS-IS/18] 02:45:36, metric 10, tag 104
> to 172.27.0.21 via fe-0/0/1.45
Task 7: Configure all interfaces participating in a Level 2 adjacency to monitor the adjacencies using sub-second link failure detection. If the local router is the DR for a Level 1 broadcast segment, the interface involved must have an IS-IS hold-time value of 2 seconds.
Note:
1. BFD minimum-interval *3 the must be < 1 second (1000ms)
2. IS-IS hello-inerval and hold-time values (Non-DR * 1/3 = DR)
R3:
set logical-systems R3 protocols isis interface fe-0/0/0.34 bfd-liveness-detection minimum-interval 300
set logical-systems R3 protocols isis interface fe-0/0/0.35 bfd-liveness-detection minimum-interval 300
R4:
set logical-systems R4 protocols isis interface fe-0/0/1.34 bfd-liveness-detection minimum-interval 300
set logical-systems R4 protocols isis interface fe-0/0/0.45 bfd-liveness-detection minimum-interval 300
R5:
set logical-systems R5 protocols isis interface all bfd-liveness-detection minimum-interval 300
R1:
set logical-systems R1 protocols isis interface all level 1 hold-time 6
R2:
set logical-systems R2 protocols isis interface all level 1 hold-time 6
R3:
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hold-time 6
R4:
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hold-time 6
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hold-time 6
Verification:
JNCIE@M7i:R3# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
172.27.0.25 Up fe-0/0/0.35 0.900 0.300 3
172.27.0.18 Up fe-0/0/0.34 0.900 0.300 3
2 sessions, 2 clients
Cumulative transmit rate 6.7 pps, cumulative receive rate 6.7 pps
JNCIE@M7i:R4# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
172.27.0.22 Up fe-0/0/0.45 0.900 0.300 3
172.27.0.17 Up fe-0/0/1.34 0.900 0.300 3
2 sessions, 2 clients
Cumulative transmit rate 6.7 pps, cumulative receive rate 6.7 pps
JNCIE@M7i:R5# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
172.27.0.21 Up fe-0/0/1.45 0.900 0.300 3
172.27.0.26 Up fe-0/0/1.35 0.900 0.300 3
2 sessions, 2 clients
Cumulative transmit rate 6.7 pps, cumulative receive rate 6.7 pps
R1, R2, R3, R4:
JNCIE@M7i:R1# run show isis interface detail
IS-IS interface database:
fe-0/0/0.12
Index: 112, State: 0x6, Circuit id: 0x1, Circuit type: 1
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 1 64 10 2.000 6 M7i-R2.02 (not us)
fe-0/0/0.13
Index: 113, State: 0x6, Circuit id: 0x1, Circuit type: 1
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 1 64 10 2.000 6 M7i-R3.02 (not us)
fe-0/0/0.14
Index: 114, State: 0x6, Circuit id: 0x1, Circuit type: 1
LSP interval: 100 ms, CSNP interval: 10 s
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 1 64 10 2.000 6 M7i-R4.02 (not us)
lo0.1
Index: 75, State: 0x6, Circuit id: 0x1, Circuit type: 0
LSP interval: 100 ms, CSNP interval: disabled
Adjacency advertisement: Advertise
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 0 64 0 Passive
2 0 64 0 Passive
Task 8: Configure the routers in both areas to authenticate hello PDUs using the unencrypted password of Juniper. Configure the routers in Area 49.0001 to authenticate LSPs using the encrypted password of JuniperRocks. No routing disruption can occur between R3 and R4 during this process.
Note:
1. There are 2 ways for authentication hello PDU only.
1a. Setting "authentication-type" & "authentication-key" in protocols isis interface xx level
1b. Setting "hello-authentication-type" & "hello-authentication-key" in protocols isis interface level
2. For LSP authentication (Hello, link-state, and sequence number), setup "authentication-type" & "authentication-key" in protocols isis level xx level
3. Using "no-authentication-check" can generate authenticated packets and check the authentication on received packets, but do not reject packets that cannot be authenticated.
R1:
set logical-systems R1 protocols isis interface all level 1 hello-authentication-key Juniper
set logical-systems R1 protocols isis interface all level 1 hello-authentication-type simple
R2:
set logical-systems R2 protocols isis interface all level 1 hello-authentication-key Juniper
set logical-systems R2 protocols isis interface all level 1 hello-authentication-type simple
R3:
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 2 hello-authentication-key Juniper
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 2 hello-authentication-type simple
#
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 2 hello-authentication-key Juniper
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 2 hello-authentication-type simple
#
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hello-authentication-key Juniper
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hello-authentication-type simple
R4:
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 2 hello-authentication-key Juniper
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 2 hello-authentication-type simple
#
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hello-authentication-key Juniper
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hello-authentication-type simple
#
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hello-authentication-key Juniper
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hello-authentication-type simple
#
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 2 hello-authentication-key Juniper
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 2 hello-authentication-type simple
R5:
set logical-systems R5 protocols isis interface all level 2 hello-authentication-key Juniper
set logical-systems R5 protocols isis interface all level 2 hello-authentication-type simple
R1:
set logical-systems R1 protocols isis level 1 authentication-key JuniperRocks
set logical-systems R1 protocols isis level 1 authentication-type md5
R2:
set logical-systems R2 protocols isis level 1 authentication-key JuniperRocks
set logical-systems R2 protocols isis level 1 authentication-type md5
R3:
set logical-systems R3 protocols isis level 1 authentication-key JuniperRocks
set logical-systems R3 protocols isis level 1 authentication-type md5
R4:
set logical-systems R4 protocols isis level 1 authentication-key JuniperRocks
set logical-systems R4 protocols isis level 1 authentication-type md5
R3:
set logical-systems R3 protocols isis no-authentication-check
R4:
set logical-systems R3 protocols isis no-authentication-check
Verification:
R1:
JNCIE@M7i:R1# run show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/0.12 1 Simple MD5 MD5
fe-0/0/0.13 1 Simple MD5 MD5
fe-0/0/0.14 1 Simple MD5 MD5
L1 LSP Authentication: MD5
R2:
JNCIE@M7i:R2# run show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/0.24 1 Simple MD5 MD5
fe-0/0/1.12 1 Simple MD5 MD5
L1 LSP Authentication: MD5
R3:
JNCIE@M7i:R3# run show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/0.34 2 Simple None None
fe-0/0/0.35 2 Simple None None
fe-0/0/1.13 1 Simple MD5 MD5
L1 LSP Authentication: MD5
L2 LSP Authentication: None
R4:
JNCIE@M7i:R4# run show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/0.45 2 Simple None None
fe-0/0/1.14 1 Simple MD5 MD5
fe-0/0/1.24 1 Simple MD5 MD5
fe-0/0/1.34 2 Simple None None
L1 LSP Authentication: MD5
L2 LSP Authentication: None
R5:
JNCIE@M7i:R5# run show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth
fe-0/0/1.35 2 Simple None None
fe-0/0/1.45 2 Simple None None
L2 LSP Authentication: None
Task 9: All IS-IS LSPs should be valid for 1 hour.
Note:
1. By default, LSP valid is 20 mins
R1 - R5:
set logical-systems R1 protocols isis lsp-lifetime 3600
Verification:
R1 - R5:
# run show isis overview
JNCIE@M7i:R1# run show isis overview
Instance: master
Router ID: 172.27.255.1
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 3600 <===== Check point
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
IPv4 is enabled
Traffic engineering: enabled
Restart: Disabled
Helper mode: Enabled
Level 1
Internal route preference: 15
External route preference: 160
Wide metrics are enabled, Narrow metrics are enabled
Level 2
Internal route preference: 18
External route preference: 165
Wide metrics are enabled, Narrow metrics are enabled
[edit]
JNCIE@M7i:R1#
Final configuration:
JNCIE@M7i# show | display set
set version 12.3R6.6
set system host-name M7i
set system time-zone Asia/Taipei
set system root-authentication encrypted-password "$1$xHrLYWb1$t7zaprV7gI28TCVhVXknd0"
set system name-server 168.95.1.1
set system name-server 8.8.8.8
set system login user JNCIE uid 2001
set system login user JNCIE class super-user
set system login user JNCIE authentication encrypted-password "$1$CFRZNtzp$xpn4xLgXQrBom0tstx93H/"
set system services telnet
set system ntp boot-server 211.22.103.158
set system ntp server 211.22.103.158 prefer
set system ntp server 140.112.2.189
set logical-systems C interfaces fe-0/0/1 unit 30 description To_R1-Fe-0/0/0.30
set logical-systems C interfaces fe-0/0/1 unit 30 vlan-id 30
set logical-systems C interfaces fe-0/0/1 unit 30 family inet address 172.27.0.30/30
set logical-systems C protocols rip group RIP export RIP-OUT
set logical-systems C protocols rip group RIP neighbor fe-0/0/1.30
set logical-systems C policy-options policy-statement RIP-OUT term 1 from protocol static
set logical-systems C policy-options policy-statement RIP-OUT term 1 then accept
set logical-systems C routing-options static route 172.16.16.0/29 receive
set logical-systems C routing-options static route 172.16.20.0/24 receive
set logical-systems C routing-options static route 172.16.21.0/24 receive
set logical-systems DC1 interfaces fe-0/0/2 unit 21 description To_DC2_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21
set logical-systems DC1 interfaces fe-0/0/2 unit 21 vlan-id 21
set logical-systems DC1 interfaces fe-0/0/2 unit 21 family inet address 172.20.21.201/28
set logical-systems DC2 interfaces fe-0/0/3 unit 21 description To_DC1_R2-Fe-0/0/0.21_R4-Fe-0/0/1.21
set logical-systems DC2 interfaces fe-0/0/3 unit 21 vlan-id 21
set logical-systems DC2 interfaces fe-0/0/3 unit 21 family inet address 172.20.21.200/28
set logical-systems DC3 interfaces fe-0/0/2 unit 335 description To_R3-Fe-0/0/0.335_R5-Fe-0/0/1.335
set logical-systems DC3 interfaces fe-0/0/2 unit 335 vlan-id 335
set logical-systems DC3 interfaces fe-0/0/2 unit 335 family inet address 172.27.0.101/28
set logical-systems DC3 protocols ospf export OSPF-OUT
set logical-systems DC3 protocols ospf area 0.0.0.0 interface fe-0/0/2.335
set logical-systems DC3 policy-options policy-statement OSPF-OUT term 1 from protocol static
set logical-systems DC3 policy-options policy-statement OSPF-OUT term 1 then accept
set logical-systems DC3 routing-options static route 10.22.1.0/24 receive
set logical-systems DC3 routing-options static route 10.22.2.0/24 receive
set logical-systems DC3 routing-options static route 10.22.3.0/24 receive
set logical-systems DC3 routing-options static route 10.22.4.0/24 receive
set logical-systems DC3 routing-options static route 10.22.5.0/24 receive
set logical-systems DC3 routing-options static route 10.22.6.0/24 receive
set logical-systems DC3 routing-options static route 10.22.7.0/24 receive
set logical-systems R1 interfaces fe-0/0/0 unit 12 description To_R2-Fe-0/0/1.12
set logical-systems R1 interfaces fe-0/0/0 unit 12 vlan-id 12
set logical-systems R1 interfaces fe-0/0/0 unit 12 family inet address 172.27.0.1/30
set logical-systems R1 interfaces fe-0/0/0 unit 12 family iso
set logical-systems R1 interfaces fe-0/0/0 unit 12 family inet6 address 2008:4498::1/126
set logical-systems R1 interfaces fe-0/0/0 unit 13 description To_R3-Fe-0/0/1.13
set logical-systems R1 interfaces fe-0/0/0 unit 13 vlan-id 13
set logical-systems R1 interfaces fe-0/0/0 unit 13 family inet address 172.27.0.14/30
set logical-systems R1 interfaces fe-0/0/0 unit 13 family iso
set logical-systems R1 interfaces fe-0/0/0 unit 13 family inet6 address 2008:4498::e/126
set logical-systems R1 interfaces fe-0/0/0 unit 14 description To_R4-Fe-0/0/1.14
set logical-systems R1 interfaces fe-0/0/0 unit 14 vlan-id 14
set logical-systems R1 interfaces fe-0/0/0 unit 14 family inet address 172.27.0.10/30
set logical-systems R1 interfaces fe-0/0/0 unit 14 family iso
set logical-systems R1 interfaces fe-0/0/0 unit 14 family inet6 address 2008:4498::a/126
set logical-systems R1 interfaces fe-0/0/0 unit 30 description To_C-Fe-0/0/1.30
set logical-systems R1 interfaces fe-0/0/0 unit 30 vlan-id 30
set logical-systems R1 interfaces fe-0/0/0 unit 30 family inet address 172.27.0.29/30
set logical-systems R1 interfaces lo0 unit 1 family inet address 172.27.255.1/32
set logical-systems R1 interfaces lo0 unit 1 family iso address 49.0001.1720.2725.5001.00
set logical-systems R1 protocols isis export isis-out
set logical-systems R1 protocols isis lsp-lifetime 3600
set logical-systems R1 protocols isis no-ipv6-routing
set logical-systems R1 protocols isis level 2 disable
set logical-systems R1 protocols isis level 1 authentication-key "$9$yf3eMLdb2GDkxNDk.P3nylKW7dji.5T3oJnC"
set logical-systems R1 protocols isis level 1 authentication-type md5
set logical-systems R1 protocols isis interface all level 1 hello-authentication-key "$9$wx2oZHqfn/tUj/tuOcSwYg"
set logical-systems R1 protocols isis interface all level 1 hello-authentication-type simple
set logical-systems R1 protocols isis interface all level 1 hold-time 6
set logical-systems R1 protocols rip group rip-c1 export rip-out
set logical-systems R1 protocols rip group rip-c1 neighbor fe-0/0/0.30
set logical-systems R1 policy-options policy-statement isis-out term rip-isis from protocol rip
set logical-systems R1 policy-options policy-statement isis-out term rip-isis then accept
set logical-systems R1 policy-options policy-statement isis-present term isis from protocol isis
set logical-systems R1 policy-options policy-statement isis-present term isis from route-filter 172.27.255.2/32 exact
set logical-systems R1 policy-options policy-statement isis-present term isis then accept
set logical-systems R1 policy-options policy-statement isis-present term no-other-routes then reject
set logical-systems R1 policy-options policy-statement rip-out term gen-ip from protocol aggregate
set logical-systems R1 policy-options policy-statement rip-out term gen-ip from route-filter 172.27.0.0/16 exact
set logical-systems R1 policy-options policy-statement rip-out term gen-ip then accept
set logical-systems R1 routing-options generate route 172.27.0.0/16 policy isis-present
set logical-systems R2 interfaces fe-0/0/0 unit 10 description To_T1-Fe-0/0/1.10
set logical-systems R2 interfaces fe-0/0/0 unit 10 vlan-id 10
set logical-systems R2 interfaces fe-0/0/0 unit 10 family inet address 172.27.0.37/30
set logical-systems R2 interfaces fe-0/0/0 unit 10 family inet6 address 2008:4498::25/126
set logical-systems R2 interfaces fe-0/0/0 unit 21 description To_DC1-2_R4-Fe-0/0/1.21
set logical-systems R2 interfaces fe-0/0/0 unit 21 vlan-id 21
set logical-systems R2 interfaces fe-0/0/0 unit 21 family inet address 172.20.21.202/28
set logical-systems R2 interfaces fe-0/0/0 unit 24 description To_R4-Fe-0/0/1.24
set logical-systems R2 interfaces fe-0/0/0 unit 24 vlan-id 24
set logical-systems R2 interfaces fe-0/0/0 unit 24 family inet address 172.27.0.5/30
set logical-systems R2 interfaces fe-0/0/0 unit 24 family iso
set logical-systems R2 interfaces fe-0/0/0 unit 24 family inet6 address 2008:4498::5/126
set logical-systems R2 interfaces fe-0/0/1 unit 12 description To_R1-Fe-0/0/0.12
set logical-systems R2 interfaces fe-0/0/1 unit 12 vlan-id 12
set logical-systems R2 interfaces fe-0/0/1 unit 12 family inet address 172.27.0.2/30
set logical-systems R2 interfaces fe-0/0/1 unit 12 family iso
set logical-systems R2 interfaces fe-0/0/1 unit 12 family inet6 address 2008:4498::2/126
set logical-systems R2 interfaces lo0 unit 2 family inet address 172.27.255.2/32
set logical-systems R2 interfaces lo0 unit 2 family iso address 49.0001.1720.2725.5002.00
set logical-systems R2 protocols isis export static-isis
set logical-systems R2 protocols isis lsp-lifetime 3600
set logical-systems R2 protocols isis level 2 disable
set logical-systems R2 protocols isis level 1 authentication-key "$9$7Tdw2ZUH5Qn4aQn/CB17-VsoZzF/tpB.P1h"
set logical-systems R2 protocols isis level 1 authentication-type md5
set logical-systems R2 protocols isis interface fe-0/0/0.10 passive
set logical-systems R2 protocols isis interface all level 1 hello-authentication-key "$9$V9sgajHmFnCZUnCtuEhVwY"
set logical-systems R2 protocols isis interface all level 1 hello-authentication-type simple
set logical-systems R2 protocols isis interface all level 1 hold-time 6
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix from protocol static
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix from route-filter 10.100.100.0/24 exact
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix then tag 102
set logical-systems R2 policy-options policy-statement static-isis term DC1-prefix then accept
set logical-systems R2 routing-options static route 10.100.100.0/24 next-hop 172.20.21.201
set logical-systems R3 interfaces fe-0/0/0 unit 34 description To_R4-Fe-0/0/1.34
set logical-systems R3 interfaces fe-0/0/0 unit 34 vlan-id 34
set logical-systems R3 interfaces fe-0/0/0 unit 34 family inet address 172.27.0.17/30
set logical-systems R3 interfaces fe-0/0/0 unit 34 family iso
set logical-systems R3 interfaces fe-0/0/0 unit 34 family inet6 address 2008:4498::13/126
set logical-systems R3 interfaces fe-0/0/0 unit 35 description To_R5-Fe-0/0/1.35
set logical-systems R3 interfaces fe-0/0/0 unit 35 vlan-id 35
set logical-systems R3 interfaces fe-0/0/0 unit 35 family inet address 172.27.0.26/30
set logical-systems R3 interfaces fe-0/0/0 unit 35 family iso
set logical-systems R3 interfaces fe-0/0/0 unit 35 family inet6 address 2008:4498::1a/126
set logical-systems R3 interfaces fe-0/0/0 unit 335 description To_DC3_R5-Fe-0/0/1.335
set logical-systems R3 interfaces fe-0/0/0 unit 335 vlan-id 335
set logical-systems R3 interfaces fe-0/0/0 unit 335 family inet address 172.27.0.103/28
set logical-systems R3 interfaces fe-0/0/1 unit 13 description To_R1-Fe-0/0/0.13
set logical-systems R3 interfaces fe-0/0/1 unit 13 vlan-id 13
set logical-systems R3 interfaces fe-0/0/1 unit 13 family inet address 172.27.0.13/30
set logical-systems R3 interfaces fe-0/0/1 unit 13 family iso
set logical-systems R3 interfaces fe-0/0/1 unit 13 family inet6 address 2008:4498::d/126
set logical-systems R3 interfaces lo0 unit 3 family inet address 172.27.255.3/32
set logical-systems R3 interfaces lo0 unit 3 family iso address 49.0001.1720.2525.5003.00
set logical-systems R3 protocols isis export leak-routes
set logical-systems R3 protocols isis export ospf-isis
set logical-systems R3 protocols isis lsp-lifetime 3600
set logical-systems R3 protocols isis no-authentication-check
set logical-systems R3 protocols isis level 2 wide-metrics-only
set logical-systems R3 protocols isis level 1 authentication-key "$9$j1km5n/tIEyQFEylKx7jHqPznhclMWx0B7V"
set logical-systems R3 protocols isis level 1 authentication-type md5
set logical-systems R3 protocols isis interface fe-0/0/0.34 bfd-liveness-detection minimum-interval 300
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 1 disable
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 2 hello-authentication-key "$9$phYBOIhevLVwgSrwgoJHkp0B"
set logical-systems R3 protocols isis interface fe-0/0/0.34 level 2 hello-authentication-type simple
set logical-systems R3 protocols isis interface fe-0/0/0.35 bfd-liveness-detection minimum-interval 300
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 1 disable
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 2 hello-authentication-key "$9$DFH.f36A1RSTzRSreXxDik"
set logical-systems R3 protocols isis interface fe-0/0/0.35 level 2 hello-authentication-type simple
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 2 disable
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hello-authentication-key "$9$TF6CO1hKMXtuMX7-2gTz3"
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hello-authentication-type simple
set logical-systems R3 protocols isis interface fe-0/0/1.13 level 1 hold-time 6
set logical-systems R3 protocols isis interface lo0.3 level 1 disable
set logical-systems R3 protocols ospf area 0.0.0.0 interface fe-0/0/0.335
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from level 1
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 from route-filter 172.27.255.0/30 orlonger
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 to level 2
set logical-systems R3 policy-options policy-statement leak-routes term block-R1-R2-lo0 then reject
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary from protocol aggregate
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary from route-filter 172.27.255.0/30 exact
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary to level 2
set logical-systems R3 policy-options policy-statement leak-routes term R1-R2-summary then accept
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from level 2
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int from route-filter 172.27.0.56/30 exact
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int to level 1
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPv4-int then accept
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from level 2
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int from route-filter 2008:4498::38/126 exact
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int to level 1
set logical-systems R3 policy-options policy-statement leak-routes term r5-IPV6-int then accept
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext from protocol aggregate
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext from route-filter 172.16.16.0/21 exact
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext to level 2
set logical-systems R3 policy-options policy-statement leak-routes term lvl-1-ext then accept
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from protocol isis
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from level 1
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from tag 102
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 from route-filter 10.100.100.0/24 exact
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 to level 2
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 then metric 100
set logical-systems R3 policy-options policy-statement leak-routes term DC1-lvl-1-to-lvl-2 then accept
set logical-systems R3 policy-options policy-statement ospf-isis term agg from route-filter 10.22.0.0/21 exact
set logical-systems R3 policy-options policy-statement ospf-isis term agg to level 2
set logical-systems R3 policy-options policy-statement ospf-isis term agg then metric 301
set logical-systems R3 policy-options policy-statement ospf-isis term agg then accept
set logical-systems R3 routing-options aggregate route 172.27.255.0/30
set logical-systems R3 routing-options aggregate route 172.16.16.0/21
set logical-systems R3 routing-options aggregate route 10.22.0.0/21
set logical-systems R4 interfaces fe-0/0/0 unit 45 description To_R5-Fe-0/0/1.45
set logical-systems R4 interfaces fe-0/0/0 unit 45 vlan-id 45
set logical-systems R4 interfaces fe-0/0/0 unit 45 family inet address 172.27.0.21/30
set logical-systems R4 interfaces fe-0/0/0 unit 45 family iso
set logical-systems R4 interfaces fe-0/0/0 unit 45 family inet6 address 2008:4498::15/126
set logical-systems R4 interfaces fe-0/0/1 unit 14 description To_R1-Fe-0/0/0.14
set logical-systems R4 interfaces fe-0/0/1 unit 14 vlan-id 14
set logical-systems R4 interfaces fe-0/0/1 unit 14 family inet address 172.27.0.9/30
set logical-systems R4 interfaces fe-0/0/1 unit 14 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 14 family inet6 address 2008:4498::9/126
set logical-systems R4 interfaces fe-0/0/1 unit 21 description To_DC1-2_R2-Fe-0/0/0.21
set logical-systems R4 interfaces fe-0/0/1 unit 21 vlan-id 21
set logical-systems R4 interfaces fe-0/0/1 unit 21 family inet address 172.20.21.204/28
set logical-systems R4 interfaces fe-0/0/1 unit 24 description To_R2-Fe-0/0/0.24
set logical-systems R4 interfaces fe-0/0/1 unit 24 vlan-id 24
set logical-systems R4 interfaces fe-0/0/1 unit 24 family inet address 172.27.0.6/30
set logical-systems R4 interfaces fe-0/0/1 unit 24 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 24 family inet6 address 2008:4498::6/126
set logical-systems R4 interfaces fe-0/0/1 unit 34 description To_R3-Fe-0/0/0.34
set logical-systems R4 interfaces fe-0/0/1 unit 34 vlan-id 34
set logical-systems R4 interfaces fe-0/0/1 unit 34 family inet address 172.27.0.18/30
set logical-systems R4 interfaces fe-0/0/1 unit 34 family iso
set logical-systems R4 interfaces fe-0/0/1 unit 34 family inet6 address 2008:4498::12/126
set logical-systems R4 interfaces lo0 unit 4 family inet address 172.27.255.4/32
set logical-systems R4 interfaces lo0 unit 4 family iso address 49.0001.1720.2725.5004.00
set logical-systems R4 protocols isis export leak-routes
set logical-systems R4 protocols isis lsp-lifetime 3600
set logical-systems R4 protocols isis no-authentication-check
set logical-systems R4 protocols isis level 2 wide-metrics-only
set logical-systems R4 protocols isis level 1 authentication-key "$9$cZkrKWNdsJGiLxGik.zFcylvXNUDkPfzgoF/"
set logical-systems R4 protocols isis level 1 authentication-type md5
set logical-systems R4 protocols isis interface fe-0/0/0.45 bfd-liveness-detection minimum-interval 300
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 1 disable
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 2 hello-authentication-key "$9$wW2oZHqfn/tUj/tuOcSwYg"
set logical-systems R4 protocols isis interface fe-0/0/0.45 level 2 hello-authentication-type simple
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 2 disable
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hello-authentication-key "$9$dRw2oDi.z39JG39ApREdbs"
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hello-authentication-type simple
set logical-systems R4 protocols isis interface fe-0/0/1.14 level 1 hold-time 6
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 2 disable
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hello-authentication-key "$9$ATUcuBRreW-VYhSVYgojiAp0"
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hello-authentication-type simple
set logical-systems R4 protocols isis interface fe-0/0/1.24 level 1 hold-time 6
set logical-systems R4 protocols isis interface fe-0/0/1.34 bfd-liveness-detection minimum-interval 300
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 1 disable
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 2 hello-authentication-key "$9$lfbv8xbs4Di.Ndi.P56/lKM"
set logical-systems R4 protocols isis interface fe-0/0/1.34 level 2 hello-authentication-type simple
set logical-systems R4 protocols isis interface lo0.4 level 1 disable
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from level 1
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 from route-filter 172.27.255.0/30 orlonger
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 to level 2
set logical-systems R4 policy-options policy-statement leak-routes term block-R1-R2-lo0 then reject
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary from protocol aggregate
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary from route-filter 172.27.255.0/30 exact
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary to level 2
set logical-systems R4 policy-options policy-statement leak-routes term R1-R2-summary then accept
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from level 2
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int from route-filter 172.27.0.56/30 exact
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int to level 1
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPv4-int then accept
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from level 2
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int from route-filter 2008:4498::38/126 exact
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int to level 1
set logical-systems R4 policy-options policy-statement leak-routes term r5-IPV6-int then accept
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext from protocol aggregate
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext from route-filter 172.16.16.0/21 exact
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext to level 2
set logical-systems R4 policy-options policy-statement leak-routes term lvl-1-ext then accept
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext from protocol isis
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext from route-filter 10.22.0.0/21 exact
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext to level 1
set logical-systems R4 policy-options policy-statement leak-routes term lvl-2-ext then accept
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 from protocol static
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 from route-filter 10.100.100.0/24 exact
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 to level 1
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then metric 63
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then tag 104
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-1 then accept
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 from protocol static
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 from route-filter 10.100.100.0/24 exact
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 to level 2
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 then tag 104
set logical-systems R4 policy-options policy-statement leak-routes term static-DC-lvl-2 then accept
set logical-systems R4 routing-options static route 10.100.100.0/24 next-hop 172.20.21.201
set logical-systems R4 routing-options aggregate route 172.27.255.0/30
set logical-systems R4 routing-options aggregate route 172.16.16.0/21
set logical-systems R5 interfaces fe-0/0/0 unit 20 description To_T2-Fe-0/0/1.20
set logical-systems R5 interfaces fe-0/0/0 unit 20 vlan-id 20
set logical-systems R5 interfaces fe-0/0/0 unit 20 family inet address 172.27.0.57/30
set logical-systems R5 interfaces fe-0/0/0 unit 20 family inet6 address 2008:4498::39/126
set logical-systems R5 interfaces fe-0/0/1 unit 35 description To_R3-Fe-0/0/0.35
set logical-systems R5 interfaces fe-0/0/1 unit 35 vlan-id 35
set logical-systems R5 interfaces fe-0/0/1 unit 35 family inet address 172.27.0.25/30
set logical-systems R5 interfaces fe-0/0/1 unit 35 family iso
set logical-systems R5 interfaces fe-0/0/1 unit 35 family inet6 address 2008:4498::19/126
set logical-systems R5 interfaces fe-0/0/1 unit 45 description To_R4-Fe-0/0/0.45
set logical-systems R5 interfaces fe-0/0/1 unit 45 vlan-id 45
set logical-systems R5 interfaces fe-0/0/1 unit 45 family inet address 172.27.0.22/30
set logical-systems R5 interfaces fe-0/0/1 unit 45 family iso
set logical-systems R5 interfaces fe-0/0/1 unit 45 family inet6 address 2008:4498::16/126
set logical-systems R5 interfaces fe-0/0/1 unit 335 description To_DC3_R3-Fe-0/0/0.335
set logical-systems R5 interfaces fe-0/0/1 unit 335 vlan-id 335
set logical-systems R5 interfaces fe-0/0/1 unit 335 family inet address 172.27.0.105/28
set logical-systems R5 interfaces lo0 unit 5 family inet address 172.27.255.5/32
set logical-systems R5 interfaces lo0 unit 5 family iso address 49.0002.1720.2725.5005.00
set logical-systems R5 protocols isis export ospf-isis
set logical-systems R5 protocols isis lsp-lifetime 3600
set logical-systems R5 protocols isis level 1 disable
set logical-systems R5 protocols isis level 2 wide-metrics-only
set logical-systems R5 protocols isis interface fe-0/0/0.20 passive
set logical-systems R5 protocols isis interface all bfd-liveness-detection minimum-interval 300
set logical-systems R5 protocols isis interface all level 2 hello-authentication-key "$9$xCX-bYJGifT3goT369OBxNd"
set logical-systems R5 protocols isis interface all level 2 hello-authentication-type simple
set logical-systems R5 protocols ospf area 0.0.0.0 interface fe-0/0/1.335
set logical-systems R5 policy-options policy-statement ospf-isis term agg from route-filter 10.22.0.0/21 exact
set logical-systems R5 policy-options policy-statement ospf-isis term agg then metric 301
set logical-systems R5 policy-options policy-statement ospf-isis term agg then accept
set logical-systems R5 routing-options aggregate route 10.22.0.0/21
set logical-systems T1 interfaces fe-0/0/1 unit 10 description To_R2-Fe-0/0/0.10
set logical-systems T1 interfaces fe-0/0/1 unit 10 vlan-id 10
set logical-systems T1 interfaces fe-0/0/1 unit 10 family inet address 172.27.0.38/30
set logical-systems T1 interfaces fe-0/0/1 unit 10 family inet6 address 2008:4498::26/126
set logical-systems T2 interfaces fe-0/0/1 unit 20 description To_R5-Fe-0/0/0.20
set logical-systems T2 interfaces fe-0/0/1 unit 20 vlan-id 20
set logical-systems T2 interfaces fe-0/0/1 unit 20 family inet address 172.27.0.58/30
set logical-systems T2 interfaces fe-0/0/1 unit 20 family inet6 address 2008:4498::3a/126
set interfaces fe-0/0/0 vlan-tagging
set interfaces fe-0/0/1 vlan-tagging
set interfaces fe-0/0/2 vlan-tagging
set interfaces fe-0/0/3 vlan-tagging
set interfaces fxp0 description To_SW1_Fa1/0/23
set interfaces fxp0 unit 0 family inet address 192.168.100.221/26
set routing-options static route 0.0.0.0/0 next-hop 192.168.100.200
[edit]
JNCIE@M7i#
Reference:
JNCIE Service Provider Bootcamp 10.b Detailed Lab Guide Lab2 IS-IS Implementation
JunOS 12.3 IS-IS Configuration Guide
http://www.juniper.net/techpubs/en_US/junos12.3/information-products/pathway-pages/config-guide-routing/config-guide-routing-is-is.html#configuration
最初發表 / 最後更新: 2015.01.23 / 2018.06.01
0 comments:
張貼留言