level (Global IS-IS)
Syntax
level level-number {
authentication-key key;
authentication-key-chain (Protocols IS-IS) key-chain-name;
authentication-type type;
disable;
external-preference preference;
no-authentication-check;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;
purge-originator {
empty|self;
}
wide-metrics-only;
}
Hierarchy Level
[edit logical-systems
logical-system-name protocols
isis],
[edit logical-systems
logical-system-name routing-instances
routing-instance-name protocols
isis],
[edit routing-instances
routing-instance-name protocols
isis]
Release Information
Statement introduced before Junos OS Release 7.4.
Description
Configure the global-level properties.
You can administratively divide a single AS into smaller groups
called areas. You configure each routing device interface to be in
an area. Any interface can be in any area. The area address applies
to the entire routing device. You cannot specify one interface to
be in one area and another interface in a different area. To route
between areas, you must have two adjacent Level 2 routers that
communicate with each other.
Level 1 routers can only route within their IS-IS area.
To send traffic outside their area, Level 1 routers must send
packets to the nearest intra-area Level 2 router. A routing device
can be a Level 1 router, a Level 2 router, or both. You
specify the router level on a per-interface basis, and a routing device
becomes adjacent to other routing devices on the same level on that
link only.
You can configure one Level 1 routing process and one Level 2
routing process on each interface, and you can configure the two levels
differently.
Options
level-number—The IS-IS device level number, which can be 1 or 2.
The default is for the device to operate as both a Level 1 and 2 device.
authentication-key key—Authentication key (password). Neighboring devices
use the password to verify the authenticity of packets sent from this
interface. For the key to work, you also must include the authentication-type statement. All devices must use the same password. If you are using
the Junos OS IS-IS software with another implementation of IS-IS,
the other implementation must be configured to use the same password
for the domain, the area, and all interfaces adjacent to the Juniper
Networks device.
NoteIf you do not include this statement and the authentication-type statement, IS-IS authentication is disabled.
CautionA simple password for authentication is truncated if
it exceeds 254 characters.
authentication-key-chain key-chain-name—Apply and enable an authentication key-chain
to the routing device. The variable key-chain-name is the authentication key-chain name. It can be up to 126 characters.
Characters can include any ASCII strings. If you include spaces, enclose
all characters in quotation marks (“ ”).
authentication-type authentication —Enable authentication and specify the
authentication scheme for IS-IS. If you enable authentication, you
must specify a password by including the authentication-key statement. If you do not include this statement and the authentication-key statement, IS-IS authentication is disabled. Following are the valid
values for authentication:
md5—Use HMAC authentication in combination
with MD5. HMAC-MD5 authentication is defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.
simple—Use a simple password for authentication.
The password is included in the transmitted packet, making this method
of authentication relatively insecure.
Note Juniper Networks does not recommend using the simple authentication method, because it is not as secure as MD5.
disable—Disable IS-IS
on the routing device, on an interface, or on a level. Enabling IS-IS
on an interface (by including the interface statement at
the [edit protocols isis] or the [edit routing-instances routing-instance-name protocols isis] hierarchy
level), disabling it (by including the disable statement),
and not actually having IS-IS run on an interface (by including the passive statement) are mutually exclusive states. IS-IS is
enabled for Level 1 and Level 2 routers on all interfaces
on which family iso is enabled.
external-preference preference—Configure the preference of external routes.
The value for preference can be 0 through 4,294,967,295 (232 – 1). The default is 15 (for Level 1
internal routes), 18 (for Level 2 internal routes), 160 (for
Level 1 external routes), 165 (for Level 2 external routes).
no-authentication-check—Generate authenticated packets and check the authentication on received
packets, but do not reject packets that cannot be authenticated.
no-csnp-authentication—Suppress authentication check on complete sequence number PDU (CSNP)
packets.
no-hello-authentication—Suppress authentication check on complete sequence number hello packets.
no-psnp-authentication—Suppress authentication check on partial sequence number PDU (PSNP)
packets.
preference preference—Configure the preference of internal routes. Route
preferences (also known as administrative distances) are used to select
which route is installed in the forwarding table when several protocols
calculate routes to the same destination. The route with the lowest
preference value is selected. To change the preference values, include
the preference statement (for internal routes) or the external-preference statement. The value for preference can be 0 through 4,294,967,295 (232 – 1). The default is 15 (for Level 1 internal
routes), 18 (for Level 2 internal routes), 160 (for Level 1
external routes), 165 (for Level 2 external routes).
purge-originator (empty | self)—Enable purge originator identification (POI) by adding
the type, length and value (TLV) with the Intermediate System (IS)
identification to the LSPs that do not contain POI information. If
an IS generates a purge, Junos adds this TLV with the system ID of
the IS to the purge. If an IS receives a purge that does not include
this TLV, it adds this TLV with both its own system ID and the system
ID of the IS from which it received the purge. This allows the IS
that receives this purge to log the system ID of the originator, or
the upstream source of the purge and makes it easier to locate the
origin of the purge.
wide-metrics-only—Configure
IS-IS to generate metric values greater than 63 on a per IS-IS
level basis. Normally, IS-IS metrics can have values up to 63,
and IS-IS generates two type, length, and value (TLV) tuples, one
for an IS-IS adjacency and the second for an IP prefix. To allow IS-IS
to support traffic engineering, a second pair of TLVs has been added
to IS-IS, one for IP prefixes and the second for IS-IS adjacency and
traffic engineering information. With these TLVs, IS-IS metrics can
have values up to 16,777,215 (224 – 1).
To configure IS-IS to generate only the new pair of TLVs and
thus to allow the wider range of metric values, include the wide-metrics-only statement.
NoteBy default, Junos OS supports the sending and receiving
of wide metrics. Junos OS allows a maximum metric value of 63
and generates both pairs of TLVs.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
routing—To view this statement in the
configuration.
routing-control—To add this statement to the configuration.
