Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

IS-IS is not running over CLNP

A while ago I’ve received an interesting question from someone studying for the CCNP certification: “I know it’s not necessary to configure clns routing if I’m running IS-IS for IP only, but isn’t IS-IS running over CLNS?”

I’ve always “known” that IS-IS uses a separate layer-3 protocol, not CLNP (unlike IP routing protocols that always ride on top of IP), but I wanted to confirm it. I took a few traces, inspected them with Wireshark and tried to figure out what’s going on.

You might be confused by the mixture of CLNS and CLNP acronyms. From the OSI perspective, a protocol (CLNP) is providing a service (CLNS) to upper layers. When a router is configured with clns routing it forwards CLNP datagrams and does not provide a CLNS service to a transport protocol. The IOS configuration syntax is clearly misleading.

It turns out the whole OSI protocol suite uses the same layer-2 protocol ID (unlike IP protocol suite where IP and ARP use different layer-2 ethertypes) and the first byte (NLPID) in the layer-3 header to indicate the actual layer-3 protocol. I was not able to find any table of layer-3 OSI protocol types, so I had to experiment with Wireshark to figure out the values for CLNP, ES-IS and IS-IS (yes, these three are distinct L3 protocols).

You can find all the details (including the comparison of OSI and IP protocol stacks) in the IS-IS in OSI protocol stack article in the CT3 wiki.

This article is part of You've asked for it series.

Please read our Blog Commenting Policy before writing a comment.


  1. Excellent article, the picture goes right to the point. Won’t you add another level for BGP and RIP? ..Thanks!

  2. Hi Ivan,

    You seem to have mistyped IS-IS NLPID value in the table. It should be 0x83 (like in the picture), not 0x82 (which is the same as ES-IS).

    Off-topic: I am not able to post comments from Firefox (3.0.11). I choose to comment as Name/URL, but the comment doesn't show up after pressing the Post Comment button.

    It works from Google's Chrome. I haven't tried from IE.

  3. @Gabriel:
    NLPID: You're absolutely correct. Fixed.

    Firefox: Congratulations, Google. You've managed to break Firefox code as well (IE has problems for months).

  4. Yap Chin Hoong15 March, 2010 09:40

    Hi Ivan, I like your protocol stack diagram on the CT3 wiki. Appreciate your help to answer a few questions:
    1. What does it means with the "0xFE/0xFE" for LLC1? Should it be "0xFE" only instead?
    2. How do you capture the ES-IS packets? I means how do we setup an ES in a lab environment.
    3. Where is CLNS resides in the diagram?

    Appreciate that you can share out the pcap too. Thanks and have a nice day... :-)

  5. Yap Chin Hoong15 March, 2010 09:57

    Hi Ivan, I found the answer for the first question, they are DSAP and SSAP. :)


Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.