From: Kenneth Wygand (KWygand@customonline.com)
Date: Fri Apr 23 2004 - 15:19:38 GMT-3
Tim,
You are correct. One thing I would like to ask though is that you've
mentioned one thing several times. When redistributing, you've
mentioned you can just specify "match interface" to choose which
interfaces to redistribute. I've never done this before, always opting
to the "match ip address" statement instead.
Your method (match interface) seems more logical and easier to work
with. Eliminating even a single variable, such as correlating the
interface with IP address, can save valuable headaches during lab time.
My question is this: Is there anytime "match interface" will not work
when redistributing connected interfaces? Or is this simply a matter of
preference and either one should work for any application?
I just don't want to introduce additional complications or "gotchas" I
haven't seen before by changing my strategy two days before my lab. But
if there are no well-known gotchas, I might resort due to this its
simplicity.
Any advice is appreciated. :)
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
Custom Computer Specialists, Inc.
"The only unattainable goal is the one not attempted."
-Anonymous
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Friday, April 23, 2004 2:00 PM
To: R&S Groupstudy; Kenneth Wygand; Ahmed Mustafa;
ccielab@groupstudy.com
Subject: Re: Passive interfaces in ISIS
Guys,
I think there's one more thing that has to be kept in mind from the
point of
view of the lab.
If ISIS is on the lab, no doubt there will be a requirement for route
redistribution. So, here's the thing to remember:
Regardless of which method is used to have a local interface included as
part of ISIS, when you do redist of ISIS into another protocol, by
default,
directly connected interfaces are NOT redist. Therefore, in addition to
"redist isis <options>, you must also have a redist conn route-map where
the
route-map specifies which directly connected interfaces s/b included in
the
redist.
I haven't tested this recently, so if I'm mistaken, please correct me.
Tim
----- Original Message -----
From: "R&S Groupstudy" <rsg@synergy-networking.co.uk>
To: "Kenneth Wygand" <KWygand@customonline.com>; "Ahmed Mustafa"
<ahmed.mustafa@sbcglobal.net>; <ccielab@groupstudy.com>
Sent: Friday, April 23, 2004 9:35 AM
Subject: RE: Passive interfaces in ISIS
> Kenneth,
>
> I don't think this is correct.
> If you've a loopback interface on a router - and you want this IP
subnet
to
> be advertised to other routers you can do one of the following.
> 1. Interface command, ip router isis
> or
> 2. router isis, passive-interface loopback X.
>
> Both of these methods advertise the directly connected subnet of the
> loopback interface.
>
> The reason method 2 works I think, is because of the history of isis
and
> it's relationship with OSI CLNS.
> With OSI networks, you address not the interface, but the router.
> In order for ISIS to work with IP, we need to add in the IP
information
into
> the ISIS LSA's. I think the passive interface command links the IP
subnet
> information with the ISIS process at a lower level than it would if
the
> protocol was ospf..
>
> Maybe somebody can improve on this.
>
> Adam
>
> -----Original Message-----
> From: Kenneth Wygand [mailto:KWygand@customonline.com]
> Sent: 23 April 2004 14:09
> To: R&S Groupstudy; Ahmed Mustafa; ccielab@groupstudy.com
> Subject: RE: Passive interfaces in ISIS
>
>
> I don't really understand the point of making an interface "passive"
> under IS-IS. I thought IS-IS does _not_ advertise directly connected
> routes natively without the redistribute connected command? So if you
> are going to make the interface "passive" so hellos and routing
updates
> are not sent out that interface, and enabling the interface in the
IS-IS
> process does not advertise the directly connected network into the
> process, what is the difference between enabling IS-IS on a "passive"
> interface or instead just not enabling IS-IS on that interface?
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
> Network+, A+
> Custom Computer Specialists, Inc.
> "The only unattainable goal is the one not attempted."
> -Anonymous
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> R&S Groupstudy
> Sent: Friday, April 23, 2004 4:07 AM
> To: Ahmed Mustafa; ccielab@groupstudy.com
> Subject: RE: Passive interfaces in ISIS
>
> Passive interfaces depress the transmission of routing protocol
packets.
> When you enables up ip router isis, and passive-interface on router1,
> you
> advertised r1's S1 subnet into the isis routing process. Router 2
should
> therefore have a route to reach S1 in router3. Router 3 however, will
> not
> have a router back to R2 since it does not form an adjacency with
Router
> 1.
> Try adding a static on R3 for R2 S0; R2 should then be able to ping R2
> s1
>
> Adam
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Ahmed Mustafa
> Sent: 23 April 2004 08:53
> To: ccielab@groupstudy.com
> Subject: Passive interfaces in ISIS
>
>
> Passive intereface in ISIS means actually means that advertise the
> network
> internally without sending any hello packets.
>
> I am wondering if Passive interfaces can only be assigned for stub
> networks
> or
> loopback networks.
>
> The thing I tested was little wiered.
>
> I connected my routers such as:
>
>
>
> R2-----------------------------------R1----------------------------
> --R3
>
>
> R1 and R2 are connected via S0 at both ends, and R1 and R3 are
connected
> via
> S1 at both ends.
>
> I tried this configuration:
>
>
> On R1,
>
> I tried this:
>
> First I didn't enable "IP ROUTER ISIS" on R1's either S0 or S1,
>
> router isis
> net 49.0010.0001.0001.0001.00
> passive interface s0------------------------> router didn't like, and
> gave
> the error message something 'INVALID COMMAND IF CLNS ONLY".
>
>
> I then enabled the command "IP ROUTER ISIS" on S1 only.
>
> I tried again to above configuration
>
> router isis
> net 49.0010.0001.0001.0001.00
> passive interface s0------------------------> command was accepted.
>
> I concluded that in order to advertise networks through passive
> interfaces
> one
> of the router's interfaces must be enabled with 'IP ROUTER ISIS"
>
> But again, passive interface will not work on the link between two
> routers.
> It is only meant for stub networks.
>
> Regards,
>
> Ahmed
>
>
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:54 GMT-3