Cisco IOS Cookbook, 2nd Edition

Larger Cover

By Kevin Dooley, Ian Brown

Publisher: O'Reilly Media

Released: December 2006

Pages: 1248

Never has something cried out for a cookbook quite as much as Cisco's Internetwork Operating System (IOS). IOS is powerful and flexible, but also confusing and daunting. Most tasks can be accomplished in several different ways. And you don't want to spend precious time figuring out which way is best when you're trying to solve a problem quickly.

That's what this cookbook is for. Fortunately, most router configuration tasks can be broken down into several more or less independent steps: you configure an interface, you configure a routing protocol, you set up backup links, you implement packet filters and other access control mechanisms. What you really need is a set of recipes that show you how to perform the most common tasks, so you can quickly come up with a good configuration for your site. And you need to know that these solutions work: you don't want to find yourself implementing a backup link at 2 A.M. because your main link is down and the backup link you set up when you installed the router wasn't quite right.

Thoroughly revised and expanded, Cisco IOS Cookbook, 2nd Edition, adds sections on MPLS, Security, IPv6, and IP Mobility, and presents solutions to the most common configuration problems, including:

Configuring interfaces of many types, from serial to ATM and Frame Relay
Configuring all of the common IP routing protocols (RIP, EIGRP, OSPF, and BGP)
Configuring authentication
Configuring other services, including DHCP and NTP
Setting up backup links, and using HSRP to configure backup routers
Managing the router, including SNMP and other solutions
Using access lists to control the traffic through the router

If you work with Cisco routers, you need a book like this to help you solve problems quickly and effectively. Even if you're experienced, the solutions and extensive explanations will give you new ideas and insights into router configuration. And if you're not experienced--if you've just been given responsibility for managing a network with Cisco routers--this book could be a job-saver.

Chapter 1 Router Configuration and File Management
1. Introduction
2. Configuring the Router via TFTP
3. Saving Router Configuration to Server
4. Booting the Router Using a Remote Configuration File
5. Storing Configuration Files Larger Than NVRAM
6. Clearing the Startup Configuration
7. Loading a New IOS Image
8. Booting a Different IOS Image
9. Booting over the Network
10. Copying an IOS Image to a Server
11. Copying an IOS Image Through the Console
12. Deleting Files from Flash
13. Partitioning Flash
14. Using the Router as a TFTP Server
15. Using FTP from the Router
16. Generating Large Numbers of Router Configurations
17. Changing the Configurations of Many Routers at Once
18. Extracting Hardware Inventory Information
19. Backing Up Router Configurations
20. Warm Reload
21. Warm Upgrade
22. Configuration Archiving
23. Locking Configuration Access
Chapter 2 Router Management
1. Introduction
2. Creating Command Aliases
3. Managing the Router’s ARP Cache
4. Tuning Router Buffers
5. Auto Tuning Buffers
6. Using the Cisco Discovery Protocol
7. Disabling the Cisco Discovery Protocol
8. Using the Small Servers
9. Enabling HTTP Access to a Router
10. Enabling Secure HTTP (HTTPS) Access to a Router
11. Using Static Hostname Tables
12. Enabling Domain Name Services
13. Disabling Domain Name Lookups
14. Specifying a Router Reload Time
15. Scheduling of Router Commands
16. Displaying Historical CPU Values
17. Creating Exception Dump Files
18. Generating a Report of Interface Information
19. Generating a Report of Routing Table Information
20. Generating a Report of ARP Table Information
21. Generating a Server Host Table File
Chapter 3 User Access and Privilege Levels
1. Introduction
2. Setting Up User IDs
3. Encrypting Passwords
4. Using Better Password-Encryption Techniques
5. Removing Passwords from a Router Configuration File
6. Deciphering Cisco’s Weak Password Encryption
7. Displaying Active Users
8. Sending Messages to Other Users
9. Changing the Number of VTYs
10. Changing VTY Timeouts
11. Restricting VTY Access by Protocol
12. Enabling Absolute Timeouts on VTY Lines
13. Implementing Banners
14. Disabling Banners on a Port
15. Disabling Router Lines
16. Reserving a VTY Port for Administrative Access
17. Restricting Inbound Telnet Access
18. Logging Telnet Access
19. Setting the Source Address for Telnet
20. Automating the Login Sequence
21. Using SSH for Secure Access
22. Changing Privilege Level of IOS Commands
23. Defining Per User Privileges
24. Defining Per Port Privileges
Chapter 4 TACACS+
1. Introduction
2. Authenticating Login IDs from a Central System
3. Restricting Command Access
4. Losing Access to the TACACS+ Server
5. Disabling TACACS+ Authentication on a Particular Line
6. Capturing User Keystrokes
7. Logging System Events
8. Setting the IP Source Address for TACACS+ Messages
9. Sample Server Configuration Files
Chapter 5 IP Routing
1. Introduction
2. Finding an IP Route
3. Finding Types of IP Routes
4. Converting Different Mask Formats
5. Using Static Routing
6. Floating Static Routes
7. Using Policy-Based Routing to Route Based on Source Address
8. Using Policy-Based Routing to Route Based on Application Type
9. Examining Policy-Based Routing
10. Changing Administrative Distances
11. Routing Over Multiple Paths with Equal Costs
12. Static Routes That Track Interfaces or Other Routes
13. Keeping Statistics on Routing Table Changes
Chapter 6 RIP
1. Introduction
2. Configuring RIP Version 1
3. Filtering Routes with RIP
4. Redistributing Static Routes into RIP
5. Redistributing Routes Using Route Maps
6. Creating a Default Route in RIP
7. Disabling RIP on an Interface
8. Default Passive Interface
9. Unicast Updates for RIP
10. Applying Offsets to Routes
11. Adjusting Timers
12. Configuring Interpacket Delay
13. Enabling Nonperiodic Updates
14. Increasing the RIP Input Queue
15. Configuring RIP Version 2
16. Enabling RIP Authentication
17. RIP Route Summarization
18. Route Tagging
Chapter 7 EIGRP
1. Introduction
2. Configuring EIGRP
3. Filtering Routes with EIGRP
4. Redistributing Routes into EIGRP
5. Redistributing Routes into EIGRP Using Route Maps
6. Disabling EIGRP on an Interface
7. Adjusting EIGRP Metrics
8. Adjusting Timers
9. Enabling EIGRP Authentication
10. EIGRP Route Summarization
11. Logging EIGRP Neighbor State Changes
12. Limiting EIGRP’s Bandwidth Utilization
13. EIGRP Stub Routing
14. Route Tagging
15. Viewing EIGRP Status
Chapter 8 OSPF
1. Introduction
2. Configuring OSPF
3. Filtering Routes in OSPF
4. Adjusting OSPF Costs
5. Creating a Default Route in OSPF
6. Redistributing Static Routes into OSPF
7. Redistributing External Routes into OSPF
8. Manipulating DR Selection
9. Setting the OSPF RID
10. Enabling OSPF Authentication
11. Selecting the Appropriate Area Types
12. Using OSPF on Dial Interfaces
13. Summarizing Routes in OSPF
14. Disabling OSPF on Certain Interfaces
15. Changing the Network Type on an Interface
16. OSPF Route Tagging
17. Logging OSPF Adjacency Changes
18. Adjusting OSPF Timers
19. Reducing OSPF Traffic in Stable Networks
20. OSPF Virtual Links
21. Viewing OSPF Status with Domain Names
22. Debugging OSPF
Chapter 9 BGP
1. Introduction
2. Configuring BGP
3. Using eBGP Multihop
4. Adjusting the Next-Hop Attribute
5. Connecting to Two ISPs
6. Connecting to Two ISPs with Redundant Routers
7. Restricting Networks Advertised to a BGP Peer
8. Adjusting Local Preference Values
9. Load-Balancing
10. Removing Private ASNs from the AS Path
11. Filtering BGP Routes Based on AS Paths
12. Reducing the Size of the Received Routing Table
13. Summarizing Outbound Routing Information
14. Prepending ASNs to the AS Path
15. Redistributing Routes with BGP
16. Using Peer Groups
17. Authenticating BGP Peers
18. Using BGP Communities
19. Using BGP Route Reflectors
20. Putting It All Together
Chapter 10 Frame Relay
1. Introduction
2. Setting Up Frame Relay with Point-to-Point Subinterfaces
3. Adjusting LMI Options
4. Setting Up Frame Relay with Map Statements
5. Using Multipoint Subinterfaces
6. Configuring Frame Relay SVCs
7. Simulating a Frame Relay Cloud
8. Compressing Frame Relay Data on a Subinterface
9. Compressing Frame Relay Data with Maps
10. PPP over Frame Relay
11. Viewing Frame Relay Status Information
Chapter 11 Handling Queuing and Congestion
1. Introduction
2. Fast Switching and CEF
3. Setting the DSCP or TOS Field
4. Using Priority Queuing
5. Using Custom Queuing
6. Using Custom Queues with Priority Queues
7. Using Weighted Fair Queuing
8. Using Class-Based Weighted Fair Queuing
9. Using NBAR Classification
10. Controlling Congestion with WRED
11. Using RSVP
12. Manual RSVP Reservations
13. Aggregating RSVP Reservations
14. Using Generic Traffic Shaping
15. Using Frame-Relay Traffic Shaping
16. Using Committed Access Rate
17. Implementing Standards-Based Per-Hop Behavior
18. AutoQoS
19. Viewing Queue Parameters
Chapter 12 Tunnels and VPNs
1. Introduction
2. Creating a Tunnel
3. Tunneling Foreign Protocols in IP
4. Tunneling with Dynamic Routing Protocols
5. Viewing Tunnel Status
6. Creating an Encrypted Router-to-Router VPN in a GRE Tunnel
7. Creating an Encrypted VPN Between the LAN Interfaces of Two Routers
8. Generating RSA Keys
9. Creating a Router-to-Router VPN with RSA Keys
10. Creating a VPN Between a Workstation and a Router
11. Creating an SSL VPN
12. Checking IPSec Protocol Status
Chapter 13 Dial Backup
1. Introduction
2. Automating Dial Backup
3. Using Dialer Interfaces
4. Using an Async Modem on the AUX Port
5. Using Backup Interfaces
6. Using Dialer Watch
7. Using Virtual Templates
8. Ensuring Proper Disconnection
9. View Dial Backup Status
10. Debugging Dial Backup
Chapter 14 NTP and Time
1. Introduction
2. Time-Stamping Router Logs
3. Setting the Time
4. Setting the Time Zone
5. Adjusting for Daylight Saving Time
6. Synchronizing the Time on All Routers (NTP)
7. Configuring NTP Redundancy
8. Setting the Router As the NTP Master for the Network
9. Changing NTP Synchronization Periods
10. Using NTP to Send Periodic Broadcast Time Updates
11. Using NTP to Send Periodic Multicast Time Updates
12. Enabling and Disabling NTP Per Interface
13. NTP Authentication
14. Limiting the Number of Peers
15. Restricting Peers
16. Setting the Clock Period
17. Checking the NTP Status
18. Debugging NTP
19. NTP Logging
20. Extended Daylight Saving Time
21. NTP Server Configuration
Chapter 15 DLSw
1. Introduction
2. Simple Bridging
3. Configuring DLSw
4. Using DLSw to Bridge Between Ethernet and Token Ring
5. Converting Ethernet and Token Ring MAC Addresses
6. Configuring SDLC
7. Configuring SDLC for Multidrop Connections
8. Using STUN
9. Using BSTUN
10. Controlling DLSw Packet Fragmentation
11. Tagging DLSw Packets for QoS
12. Supporting SNA Priorities
13. DLSw+ Redundancy and Fault Tolerance
14. Viewing DLSw Status Information
15. Viewing SDLC Status Information
16. Debugging DSLw
Chapter 16 Router Interfaces and Media
1. Introduction
2. Viewing Interface Status
3. Configuring Serial Interfaces
4. Using an Internal T1 CSU/DSU
5. Using an Internal ISDN PRI Module
6. Using an Internal 56 Kbps CSU/DSU
7. Configuring an Async Serial Interface
8. Configuring ATM Subinterfaces
9. Setting Payload Scrambling on an ATM Circuit
10. Classical IP Over ATM
11. Configuring Ethernet Interface Features
12. Configuring Token Ring Interface Features
13. Connecting VLAN Trunks with ISL
14. Connecting VLAN Trunks with 802.1Q
15. LPD Printer Support
Chapter 17 Simple Network Management Protocol
1. Introduction
2. Configuring SNMP
3. Extracting Router Information via SNMP Tools
4. Recording Important Router Information for SNMP Access
5. Using SNMP to Extract Inventory Information from a List of Routers
6. Using Access Lists to Protect SNMP Access
7. Logging Unauthorized SNMP Attempts
8. Limiting MIB Access
9. Using SNMP to Modify a Router’s Running Configuration
10. Using SNMP to Copy a New IOS Image
11. Using SNMP to Perform Mass Configuration Changes
12. Preventing Unauthorized Configuration Modifications
13. Making Interface Table Numbers Permanent
14. Enabling SNMP Traps and Informs
15. Sending Syslog Messages As SNMP Traps and Informs
16. Setting SNMP Packet Size
17. Setting SNMP Queue Size
18. Setting SNMP Timeout Values
19. Disabling Link Up/Down Traps per Interface
20. Setting the IP Source Address for SNMP Traps
21. Using RMON to Send Traps
22. Enabling SNMPv3
23. Strong SNMPv3 Encryption
24. Using SAA
Chapter 18 Logging
1. Introduction
2. Enabling Local Router Logging
3. Setting the Log Size
4. Clearing the Router’s Log
5. Sending Log Messages to Your Screen
6. Using a Remote Log Server
7. Enabling Syslog on a Unix Server
8. Changing the Default Log Facility
9. Restricting What Log Messages Are Sent to the Server
10. Setting the IP Source Address for Syslog Messages
11. Logging Router Syslog Messages in Different Files
12. Maintaining Syslog Files on the Server
13. Testing the Syslog Sever Configuration
14. Preventing the Most Common Messages from Being Logged
15. Rate-Limiting Syslog Traffic
16. Enabling Error Log Counting
17. XML-Formatted Log Messages
18. Modifying Log Messages
Chapter 19 Access-Lists
1. Introduction
2. Filtering by Source or Destination IP Address
3. Adding a Comment to an ACL
4. Filtering by Application
5. Filtering Based on TCP Header Flags
6. Restricting TCP Session Direction
7. Filtering Multiport Applications
8. Filtering Based on DSCP and TOS
9. Logging When an Access-List Is Used
10. Logging TCP Sessions
11. Analyzing ACL Log Entries
12. Using Named and Reflexive Access-Lists
13. Dealing with Passive Mode FTP
14. Using Time-Based Access-Lists
15. Filtering Based on Noncontiguous Ports
16. Advanced Access-List Editing
17. Filtering IPv6
Chapter 20 DHCP
1. Introduction
2. Using IP Helper Addresses for DHCP
3. Limiting the Impact of IP Helper Addresses
4. Using DHCP to Dynamically Configure Router IP Addresses
5. Dynamically Allocating Client IP Addresses via DHCP
6. Defining DHCP Configuration Options
7. Defining DHCP Lease Periods
8. Allocating Static IP Addresses with DHCP
9. Configuring a DHCP Database Client
10. Configuring Multiple DHCP Servers per Subnet
11. DHCP Static Mapping
12. DHCP-Secured IP Address Assignment
13. Showing DHCP Status
14. Debugging DHCP
Chapter 21 NAT
1. Introduction
2. Configuring Basic NAT Functionality
3. Allocating External Addresses Dynamically
4. Allocating External Addresses Statically
5. Translating Some Addresses Statically and Others Dynamically
6. Using Route Maps to Refine Static Translation Rules
7. Translating in Both Directions Simultaneously
8. Rewriting the Network Prefix
9. Using NAT for Server Load Distribution
10. Stateful NAT Failover
11. Adjusting NAT Timers
12. Changing TCP Ports for FTP
13. Checking NAT Status
14. Debugging NAT
Chapter 22 First Hop Redundancy Protocols
1. Introduction
2. Configuring Basic HSRP Functionality
3. Using HSRP Preempt
4. Making HSRP React to Problems on Other Interfaces
5. Load-Balancing with HSRP
6. Redirecting ICMP with HSRP
7. Manipulating HSRP Timers
8. Using HSRP on Token Ring
9. HSRP SNMP Support
10. Increasing HSRP Security
11. Showing HSRP State Information
12. Debugging HSRP
13. HSRP Version 2
14. VRRP
15. Gateway Load-Balancing Protocol
Chapter 23 IP Multicast
1. Introduction
2. Configuring Basic Multicast Functionality with PIM-DM
3. Routing Multicast Traffic with PIM-SM and BSR
4. Routing Multicast Traffic with PIM-SM and Auto-RP
5. Filtering PIM Neighbors
6. Configuring Routing for a Low-Frequency Multicast Application
7. Multicast over Frame Relay or ATM WANs
8. Configuring CGMP
9. Using IGMP Version 3
10. Static Multicast Routes and Group Memberships
11. Routing Multicast Traffic with MOSPF
12. Routing Multicast Traffic with DVMRP
13. DVMRP Tunnels
14. Configuring Bidirectional PIM
15. Controlling Multicast Scope with TTL
16. Controlling Multicast Scope with Administratively Scoped Addressing
17. Exchanging Multicast Routing Information with MBGP
18. Using MSDP to Discover External Sources
19. Configuring Anycast RP
20. Converting Broadcasts to Multicasts
21. Showing Multicast Status
22. Debugging Multicast Routing
Chapter 24 IP Mobility
1. Introduction
2. Local Area Mobility
3. Home Agent Configuration
4. Foreign Agent Configuration
5. Making a Router a Mobile Node
6. Reverse-Tunnel Forwarding
7. Using HSRP for Home Agent Redundancy
Chapter 25 IPv6
1. Introduction
2. Automatically Generating IPv6 Addresses for an Interface
3. Manually Configuring IPv6 Addresses on an Interface
4. Configuring DHCP for IPv6
5. Dynamic Routing with RIP
6. Modifying the Default RIP Parameters
7. IPv6 Route Filtering and Metric Manipulation in RIP
8. Using OSPF for IPv6
9. IPv6 Route Filtering and Metric Manipulation in OSPF
10. Route Redistribution
11. Dynamic Routing with MBGP
12. Tunneling IPv6 Through an Existing IPv4 Network
13. Translating Between IPv6 and IPv4
Chapter 26 MPLS
1. Introduction
2. Configuring a Basic MPLS P Router
3. Configuring a Basic MPLS PE Router
4. Configuring Basic MPLS CE Routers
5. Configuring MPLS over ATM
6. PE-CE Communication via RIP
7. PE-CE Communication via OSPF
8. PE-CE Communication via EIGRP
9. PE-CE Communication via BGP
10. QoS over MPLS
11. MPLS Traffic Engineering with Autoroute
12. Multicast Over MPLS
13. Your Service Provider Doesn’t Do What You Want
Chapter 27 Security
1. Introduction
2. Using AutoSecure
3. Using Context-Based Access-Lists
4. Transparent Cisco IOS Firewall
5. Stopping Denial of Service Attacks
6. Inspecting Applications on Different Port Numbers
7. Intrusion Detection and Prevention
8. Login Password Retry Lockout
9. Authentication Proxy

Appendix 1 External Software Packages
1. Perl
2. Expect
3. NET-SNMP
4. PuTTY
5. OpenSSH
6. Ethereal
Appendix 2 IP Precedence, TOS, and DSCP Classifications
1. IP Precedence, TOS, and DSCP Classifications
2. Queueing Algorithms
3. Dropping Packets and Congestion Avoidance
Colophon

Title:

Cisco IOS Cookbook, 2nd Edition

By:

Kevin Dooley, Ian Brown

Publisher:

O'Reilly Media

Formats:

Print
Ebook
Safari Books Online

Print:

December 2006

Ebook:

December 2008

Pages:

1248

Print ISBN:

978-0-596-52722-8

| ISBN 10:

0-596-52722-5

Ebook ISBN:

978-0-596-15864-4

| ISBN 10:

0-596-15864-5

Description

Table of Contents

Product Details

About the Author

Recommended for You

Chapter 1 Router Configuration and File Management

Introduction

Configuring the Router via TFTP

Saving Router Configuration to Server

Booting the Router Using a Remote Configuration File

Storing Configuration Files Larger Than NVRAM

Clearing the Startup Configuration

Loading a New IOS Image

Booting a Different IOS Image

Booting over the Network

Copying an IOS Image to a Server

Copying an IOS Image Through the Console

Deleting Files from Flash

Partitioning Flash

Using the Router as a TFTP Server

Using FTP from the Router

Generating Large Numbers of Router Configurations

Changing the Configurations of Many Routers at Once

Extracting Hardware Inventory Information

Backing Up Router Configurations

Warm Reload

Warm Upgrade

Configuration Archiving

Locking Configuration Access

Chapter 2 Router Management

Introduction

Creating Command Aliases

Managing the Router’s ARP Cache

Tuning Router Buffers

Auto Tuning Buffers

Using the Cisco Discovery Protocol

Disabling the Cisco Discovery Protocol

Using the Small Servers

Enabling HTTP Access to a Router

Enabling Secure HTTP (HTTPS) Access to a Router

Using Static Hostname Tables

Enabling Domain Name Services

Disabling Domain Name Lookups

Specifying a Router Reload Time

Scheduling of Router Commands

Displaying Historical CPU Values

Creating Exception Dump Files

Generating a Report of Interface Information

Generating a Report of Routing Table Information

Generating a Report of ARP Table Information

Generating a Server Host Table File

Chapter 3 User Access and Privilege Levels

Introduction

Setting Up User IDs

Encrypting Passwords

Using Better Password-Encryption Techniques

Removing Passwords from a Router Configuration File

Deciphering Cisco’s Weak Password Encryption

Displaying Active Users

Sending Messages to Other Users

Changing the Number of VTYs

Changing VTY Timeouts

Restricting VTY Access by Protocol

Enabling Absolute Timeouts on VTY Lines

Implementing Banners

Disabling Banners on a Port

Disabling Router Lines

Reserving a VTY Port for Administrative Access

Restricting Inbound Telnet Access

Logging Telnet Access

Setting the Source Address for Telnet

Automating the Login Sequence

Using SSH for Secure Access

Changing Privilege Level of IOS Commands

Defining Per User Privileges

Defining Per Port Privileges

Chapter 4 TACACS+

Introduction

Authenticating Login IDs from a Central System

Restricting Command Access

Losing Access to the TACACS+ Server

Disabling TACACS+ Authentication on a Particular Line

Capturing User Keystrokes

Logging System Events

Setting the IP Source Address for TACACS+ Messages