The isis lsp seq-overflow auto-recover disable command prevents an IS-IS system from changing its system ID when it receives a locally generated LSP with the maximum sequence number (0xFFFFFFFF).
The undo isis lsp seq-overflow auto-recover disable command restores the default configuration.
By default, an IS-IS system changes its system ID when it receives a locally generated LSP with the maximum sequence number.
Usage Scenario
On an IS-IS network, if a device receives a locally generated LSP with the sequence number greater than that of the corresponding LSP stored locally, the device adds 1 to the sequence number of the received LSP and floods it. An attacker may send an IS-IS LSP with the maximum sequence number (0xFFFFFFFF) and the system ID of a target device. Upon receipt of the LSP, the target device considers it a locally generated LSP because it carries the local system ID and adds 1 to the sequence number because the sequence number is greater than that of the corresponding LSP stored locally. Consequently, the sequence number exceeds the maximum number, causing the target device to enter the hibernation state. The state can last 18 hours and 1 minute, affecting network operation. To prevent this problem, an IS-IS system changes its system ID when it receives a locally generated LSP with the sequence number of 0xFFFFFFFF. However, if the IS-IS system has changed its system ID for three times within 24 hours when it receives one more such an LSP, it directly enters the hibernation state.
The preceding function also applies to CSNPs and PSNPs.
By default, an IS-IS system changes its system ID when it receives a locally generated LSP with the maximum sequence number. To disable this function, run the isis lsp seq-overflow auto-recover disable command.