Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bizzarre ISIS routing issue


I have 5 Sites, each with local lan and 2 routers (one connects to upstream site over WAN link, one to downstream site over a WAN link) thus: L1-S1R2-W1/2-S2R1-L2-S2R2-W2/3-S3R1-L3-S3R2-W3/4-S4R1-L4-S4R2-W4/5-S5R1-L5-S5R2-W5/1-S1R1-L1

Essentilally forming a ring if you bend the ends of the depiction around and join the L1s together...

Routing is ISIS. Under normal conditions, routes to a LAN subnet directly connected to site S1 (LAN L1) look like this...


S2R1-115/30 via w1/2 (i.e. left)

S2R2-115/40 via L2 (i.e. left)

S3R1-115/60 via w2/3 (i.e. left)

S3R2-115/70 via L3 (i.e. left)

S4R1-115/70 via L4 (i.e. right)

S4R2-115/60 via w4/5 (i.e. right)

S5R1-115/40 via L5 (i.e. right)

S5R2-115/30 via w5/1 (i.e. right)


So, from the point of view of the layout as depicted above, half the routes point "left", and half point "right". So far, so good. Now, if I shut the L1 interface on S1R2, I am expecting all of the routes to the L1 subnet to point "right", as clearly the access to that subnet in the "left" direction is hosed. But, of course, that isn't what happens, and I can't understand why. What I end up with is this:

S1R2-115/150 via w1/2 (i.e. right) - correct

S2R1-115/130 via L2 (i.e. right) - correct

S2R2-115/120 via w2/3 (i.e. right) - correct

S3R1-115/60 via w2/3 (i.e. left) - what?

S3R2-115/70 via L3 (i.e. left) - No!!!

S4R1-115/70 via L4 (i.e. right) - correct

S4R2-115/60 via w4/5 (i.e. right) - correct

S5R1-115/40 via L5 (i.e. right) - correct

S5R2-115/30 via w5/1 (i.e. right) - correct


As you can see, for some reason the routers at S3 simply refuse to re-route the subnet and it remains pointing "left" whereas devices 'more left' of that site are correctly routing it to the right. Distances metrics 'more left' of S3 are as one would expect, but on the S3 routers themselves they are incorrect - as we are incrementing 10 on the local LAN and 20 across the WAN, I'd expect the routing to be "115/100 via L3" for S3R1 and "115/90 via w3/4" for S3R2... Now of course S2 and S3 are cut off from the L1 subnet.

As an aside, if I shut the WAN interface in S1R2 instead of the LAN, the routes to the L1 subnet do all point "right" as expected

I'm not overly experienced with ISIS so I can't fathom why this is happening. can anyone shed any light on the matter?



Cisco Employee

Re: Bizzarre ISIS routing issue


Can you change the network type to point-to-point on the LAN segments and see if it solves the issue.


Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
New Member

Re: Bizzarre ISIS routing issue


That is certainly a fine idea, and I suspect it would then work correctly. I have done some further testing over the weekend and found a couple of interesting things leading me to believe that the problem lies on the link between W2/3 S2 and S3. Firstly, if we GRE tunnel this link, everything starts working as it should. Secondly, if we switch off network type point-to-point on the link interfaces, the routers don't even see each other as neighbours anymore (whereas on every other link in the circuit the neighbor relationships remain after the change). It would seem that the W2/3 link is not passing certain (non point-to-point network generated) LSPs correctly and thus the S3 routers still believe that the L1 routes exist. We have already had issues with the service provider equipment on the circuits not being entirely "ISIS capable" and it appears that despite their claim that all the equipment has now been upgraded, something spurious on this link remains. We have raised this with the ISP and currently need to leave the configs as-is whilst they investigate.

Moving the LAN segments to point-to-point is a fine idea and should make for a decent workaround (better than GRE anyway!) should the ISP drag their feet on this, although luckily we still have plenty of time before the circuits are due to carry live data.

Many thanks for the input