
[IS-IS](/is-is) is a [link-state](/routing-link-state-routing-protocols) [routing protocol](/routing-dynamic-routing-protocols), and thus it can perform route filtering only between areas.  The logic behind this is much the same as that for [OSPF](/ospf-route-filtering), another well-known link-state routing protocol.  

For these protocols, the LSDB must be the same for all routers within a particular area, thus filtering advertisements between routers in the same area violates this requirement.

Another option is to selectively prevent routes from being installed in the local [routing table](/routing-table).  For OSPF this can be done using [distribute list filtering](/ospf-distribute-list-filtering).  Similarly for IS-IS, this can be achieved using [route maps](/route-map) along with prefix-lists or [access lists](/acl).  This will not prevent the propagation of updates between routers, thus not violating the requirement of link-state routing protocols, but will only influence what routes the local routing table installs.

An example of such a configuration using ACLs can be found below:

1. **Define an Access List**:
   
   This list specifies the routes you wish to match.

   ```
   access-list 10 permit 10.1.1.0 0.0.0.255
   ```

2. **Define a Route Map**:

   A route map references the access list and defines the action to take (permit or deny) for the matched routes.

   ```
   route-map ISIS-FILTER permit 10
      match ip address prefix-list PFX-LIST
      set metric +10
   ```

   In this example, routes matching the prefix list will have their metric increased by 10.

3. **Apply the Route Map to IS-IS**:

   Now, apply the route map to the IS-IS process. Depending on your goal, you can apply it for [redistributed routes](/routing-redistribution-and-the-routing-table) or directly on the interface for incoming or outgoing routes.

   - For redistributed routes:
     ```
     router isis
        redistribute static route-map ISIS-FILTER
     ```

   - For routes from a specific interface (for example, applying a filter to routes learned on an interface):
     ```
     interface GigabitEthernet0/1
        ip router isis
        isis distribute-list route-map ISIS-FILTER in
     ```

[Remember](/bgp-attributes-route-map-direction) that the `in` keyword filters routes being installed in the local routing table, while the `out` keyword would affect routes being advertised out the interface.

Manipulating routes this way is a powerful tool, but it can be complex and can cause unintended routing behaviors if not configured carefully. Always test your configurations in a lab or simulated environment before applying them to a production network.

Links:

https://forum.networklessons.com/t/is-is-filtering/1784/7?u=lagapides

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-15-mt-book/isis-inbound-filtering.html.xml

IS-IS - route filtering

IPSec

IPsec - does it support multicast

IPv4 - Internal Host Loopback Address Range

IPv4 - ToS Byte definition

IPv4 - classful addressing

IPv4 - classless addressing

IPv4 - header protocol field

IPv4 - no subnet mask information in the IP header

IPv4 - subnet mask

IPv4 Link-local address range

IPv4 Private IP address ranges

IPv4 Subnetting invalid entry causing network address of zero

IPv4 header length field

IPv4 network and broadcast addresses

IPv4 point to point addresses

IPv4

IPv6 - ACLs, RAs, and RSes

IPv6 - DHCPv6

IPv6 - IPv4-mapped IPv6 address

IPv6 - NDP Neighbor Discovery Process

IPv6 - NDP preferred and valid lifetimes

IPv6 - Network and Interface Identifiers

IPv6 - RA suppression command

IPv6 - SLAAC

IPv6 - Site Local addresses

IPv6 - Solicited Node Multicast Address

IPv6 - Unique Local addresses

IPv6 - Valid and Preferred Addresses

IPv6 - destination guard

IPv6 - ipv6 nd prefix command

IPv6 - loopback address

IPv6 - prefix length

IPv6 - understanding how to enable IPv6 functionality and routing on an IOS device

IPv6 EIGRP static neighbors

IPv6 EUI-64 host address configuration method

IPv6 Neighbor Discovery Protocol Extensions

IPv6 RA Guard

IPv6 computing a global unicast address

IPv6 first hop security features on CML

IPv6 global unicast address

IPv6 link-local address

IPv6 minimum and maximum prefix lengths

IPv6 mobility features

IPv6 simplicity and complexity of various prefix values

IPv6 stateless DHCP active clients equals zero

IPv6 transition technologies

IPv6

IS-IS - DIS and Pseudonode

IS-IS - attached bit

IS-IS - up-down bit

IS-IS multitopology support

IS-IS

ISDN

ISIS circuit-type command

ISP Peering

ISPs, tiers, transiting, and the Internet

Importance of self-study for CCIE or CCDE

Interface - configuring a range of interfaces

Interface - no carrier counter

Interface - show interfaces counters explained

Interface - unknown protocol drops

Interface speed and bandwidth

Interior Gateway Protocol (IGP)

Internet Exchange Point (IXP)

Internet Service Provider (ISP)

Intrusion prevention system (IPS)

Kron task scheduler

L2TPv3 over IPSec

L2TPv3

LACP

LAG - Multi-Chassis LAG

LFA - Topology Independent LFA

LFA, remote LFA, and how they work together in OSPF

LISP - map request and reply process

LISP - what is it

LISP and overlapping address spaces

LISP debug traffic between two EIDs

LISP host mobility use cases

LISP where EID-to-RLOC mappings originate

LISP

Logging buffered command

Loop-Free Alternate (LFA) Fast Reroute (FRR)

Loop-Free Alternate (LFA) and remote LFA

Loops in layers 2 and 3

MAC Access List EtherType

MAC Access List

MAC address flapping

MAC address of all zeros

MAC address table - multiple entries of the same MAC address

MAC address table - show command on Nexus device

MAC address table populated using source address field

MAC address table static multicast entry

MAC address table

MAC address

MPLS - BGP customer prefixes do not appear in the LFIB

MPLS - Connecting IPv6 sites over an IPv4 backbone

MPLS - Disabling IPv4 address family in BGP for VPNv4

MPLS - Ethernet over MPLS (EoMPLS)