Single-Topology Ipv6 Support; Multitopology Ipv6 For Is-Is; Is-Is Authentication - Cisco ASR 9000 Series Configuration Manual

Single-Topology IPv6 Support

Single-Topology IPv6 Support
Single-topology IPv6 support on Cisco IOS XR software software allows IS-IS for IPv6 to be configured on
interfaces along with an IPv4 network protocol. All interfaces must be configured with the identical set of
network protocols, and all routers in the IS-IS area (for Level 1 routing) or the domain (for Level 2 routing)
must support the identical set of network layer protocols on all interfaces.
In single-topology mode, IPv6 topologies work with both narrow and wide metric styles in IPv4 unicast
topology. During single-topology operation, one shortest path first (SPF) computation for each level is used
to compute both IPv4 and IPv6 routes. Using a single SPF is possible because both IPv4 IS-IS and IPv6 IS-IS
routing protocols share a common link topology.

Multitopology IPv6 for IS-IS

Multitopology IPv6 for IS-IS assumes that multitopology support is required as soon as it detects interfaces
configured for both IPv6 and IPv4 within the IS-IS stanza.
Because multitopology is the default behavior in the software, you must explicitly configure IPv6 to use the
same topology as IPv4 to enable single-topology IPv6. Configure the single-topology command in IPv6 router
address family configuration submode of the IS-IS router stanza.
The following example shows multitopology IS-IS being configured in IPv6.
router isis isp
net 49.0000.0000.0001.00
interface POS0/3/0/0
!
interface POS0/3/0/0
ipv6 address 2001::1/64

IS-IS Authentication

Authentication is available to limit the establishment of adjacencies by using the hello-password command,
and to limit the exchange of LSPs by using the lsp-password command.
IS-IS supports plain-text authentication, which does not provide security against unauthorized users. Plain-text
authentication allows you to configure a password to prevent unauthorized networking devices from forming
adjacencies with the router. The password is exchanged as plain text and is potentially visible to an agent able
to view the IS-IS packets.
When an HMAC-MD5 password is configured, the password is never sent over the network and is instead
used to calculate a cryptographic checksum to ensure the integrity of the exchanged data.
IS-IS stores a configured password using simple encryption. However, the plain-text form of the password is
used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible to a process that
can view IS-IS packets. The passwords can be entered in plain text (clear) or encrypted form.
To set the domain password, configure the lsp-password command for Level 2; to set the area password,
configure the lsp-password command for Level 1.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.1.x
278
address-family ipv6 unicast
metric-style wide level 1
exit
Implementing IS-IS
OL-30423-03