Cisco IOS Cookbook

Read more

List of contents

Preface;
What's New in This Edition;
Organization;
What's in This Book;
Conventions Used in This Book;
Using Code Examples;
We'd Like Your Feedback!;
Safari® Enabled;
Acknowledgments;
Chapter 1: Router Configuration and File Management;
Introduction;
Configuring the Router via TFTP;
Saving Router Configuration to Server;
Booting the Router Using a Remote Configuration File;
Storing Configuration Files Larger Than NVRAM;
Clearing the Startup Configuration;
Loading a New IOS Image;
Booting a Different IOS Image;
Booting over the Network;
Copying an IOS Image to a Server;
Copying an IOS Image Through the Console;
Deleting Files from Flash;
Partitioning Flash;
Using the Router as a TFTP Server;
Using FTP from the Router;
Generating Large Numbers of Router Configurations;
Changing the Configurations of Many Routers at Once;
Extracting Hardware Inventory Information;
Backing Up Router Configurations;
Warm Reload;
Warm Upgrade;
Configuration Archiving;
Locking Configuration Access;
Chapter 2: Router Management;
Introduction;
Creating Command Aliases;
Managing the Router's ARP Cache;
Tuning Router Buffers;
Auto Tuning Buffers;
Using the Cisco Discovery Protocol;
Disabling the Cisco Discovery Protocol;
Using the Small Servers;
Enabling HTTP Access to a Router;
Enabling Secure HTTP (HTTPS) Access to a Router;
Using Static Hostname Tables;
Enabling Domain Name Services;
Disabling Domain Name Lookups;
Specifying a Router Reload Time;
Scheduling of Router Commands;
Displaying Historical CPU Values;
Creating Exception Dump Files;
Generating a Report of Interface Information;
Generating a Report of Routing Table Information;
Generating a Report of ARP Table Information;
Generating a Server Host Table File;
Chapter 3: User Access and Privilege Levels;
Introduction;
Setting Up User IDs;
Encrypting Passwords;
Using Better Password-Encryption Techniques;
Removing Passwords from a Router Configuration File;
Deciphering Cisco's Weak Password Encryption;
Displaying Active Users;
Sending Messages to Other Users;
Changing the Number of VTYs;
Changing VTY Timeouts;
Restricting VTY Access by Protocol;
Enabling Absolute Timeouts on VTY Lines;
Implementing Banners;
Disabling Banners on a Port;
Disabling Router Lines;
Reserving a VTY Port for Administrative Access;
Restricting Inbound Telnet Access;
Logging Telnet Access;
Setting the Source Address for Telnet;
Automating the Login Sequence;
Using SSH for Secure Access;
Changing Privilege Level of IOS Commands;
Defining Per User Privileges;
Defining Per Port Privileges;
Chapter 4: TACACS+;
Introduction;
Authenticating Login IDs from a Central System;
Restricting Command Access;
Losing Access to the TACACS+ Server;
Disabling TACACS+ Authentication on a Particular Line;
Capturing User Keystrokes;
Logging System Events;
Setting the IP Source Address for TACACS+ Messages;
Sample Server Configuration Files;
Chapter 5: IP Routing;
Introduction;
Finding an IP Route;
Finding Types of IP Routes;
Converting Different Mask Formats;
Using Static Routing;
Floating Static Routes;
Using Policy-Based Routing to Route Based on Source Address;
Using Policy-Based Routing to Route Based on Application Type;
Examining Policy-Based Routing;
Changing Administrative Distances;
Routing Over Multiple Paths with Equal Costs;
Static Routes That Track Interfaces or Other Routes;
Keeping Statistics on Routing Table Changes;
Chapter 6: RIP;
Introduction;
Configuring RIP Version 1;
Filtering Routes with RIP;
Redistributing Static Routes into RIP;
Redistributing Routes Using Route Maps;
Creating a Default Route in RIP;
Disabling RIP on an Interface;
Default Passive Interface;
Unicast Updates for RIP;
Applying Offsets to Routes;
Adjusting Timers;
Configuring Interpacket Delay;
Enabling Nonperiodic Updates;
Increasing the RIP Input Queue;
Configuring RIP Version 2;
Enabling RIP Authentication;
RIP Route Summarization;
Route Tagging;
Chapter 7: EIGRP;
Introduction;
Configuring EIGRP;
Filtering Routes with EIGRP;
Redistributing Routes into EIGRP;
Redistributing Routes into EIGRP Using Route Maps;
Disabling EIGRP on an Interface;
Adjusting EIGRP Metrics;
Adjusting Timers;
Enabling EIGRP Authentication;
EIGRP Route Summarization;
Logging EIGRP Neighbor State Changes;
Limiting EIGRP's Bandwidth Utilization;
EIGRP Stub Routing;
Route Tagging;
Viewing EIGRP Status;
Chapter 8: OSPF;
Introduction;
Configuring OSPF;
Filtering Routes in OSPF;
Adjusting OSPF Costs;
Creating a Default Route in OSPF;
Redistributing Static Routes into OSPF;
Redistributing External Routes into OSPF;
Manipulating DR Selection;
Setting the OSPF RID;
Enabling OSPF Authentication;
Selecting the Appropriate Area Types;
Using OSPF on Dial Interfaces;
Summarizing Routes in OSPF;
Disabling OSPF on Certain Interfaces;
Changing the Network Type on an Interface;
OSPF Route Tagging;
Logging OSPF Adjacency Changes;
Adjusting OSPF Timers;
Reducing OSPF Traffic in Stable Networks;
OSPF Virtual Links;
Viewing OSPF Status with Domain Names;
Debugging OSPF;
Chapter 9: BGP;
Introduction;
Configuring BGP;
Using eBGP Multihop;
Adjusting the Next-Hop Attribute;
Connecting to Two ISPs;
Connecting to Two ISPs with Redundant Routers;
Restricting Networks Advertised to a BGP Peer;
Adjusting Local Preference Values;
Load-Balancing;
Removing Private ASNs from the AS Path;
Filtering BGP Routes Based on AS Paths;
Reducing the Size of the Received Routing Table;
Summarizing Outbound Routing Information;
Prepending ASNs to the AS Path;
Redistributing Routes with BGP;
Using Peer Groups;
Authenticating BGP Peers;
Using BGP Communities;
Using BGP Route Reflectors;
Putting It All Together;
Chapter 10: Frame Relay;
Introduction;
Setting Up Frame Relay with Point-to-Point Subinterfaces;
Adjusting LMI Options;
Setting Up Frame Relay with Map Statements;
Using Multipoint Subinterfaces;
Configuring Frame Relay SVCs;
Simulating a Frame Relay Cloud;
Compressing Frame Relay Data on a Subinterface;
Compressing Frame Relay Data with Maps;
PPP over Frame Relay;
Viewing Frame Relay Status Information;
Chapter 11: Handling Queuing and Congestion;
Introduction;
Fast Switching and CEF;
Setting the DSCP or TOS Field;
Using Priority Queuing;
Using Custom Queuing;
Using Custom Queues with Priority Queues;
Using Weighted Fair Queuing;
Using Class-Based Weighted Fair Queuing;
Using NBAR Classification;
Controlling Congestion with WRED;
Using RSVP;
Manual RSVP Reservations;
Aggregating RSVP Reservations;
Using Generic Traffic Shaping;
Using Frame-Relay Traffic Shaping;
Using Committed Access Rate;
Implementing Standards-Based Per-Hop Behavior;
AutoQoS;
Viewing Queue Parameters;
Chapter 12: Tunnels and VPNs;
Introduction;
Creating a Tunnel;
Tunneling Foreign Protocols in IP;
Tunneling with Dynamic Routing Protocols;
Viewing Tunnel Status;
Creating an Encrypted Router-to-Router VPN in a GRE Tunnel;
Creating an Encrypted VPN Between the LAN Interfaces of Two Routers;
Generating RSA Keys;
Creating a Router-to-Router VPN with RSA Keys;
Creating a VPN Between a Workstation and a Router;
Creating an SSL VPN;
Checking IPSec Protocol Status;
Chapter 13: Dial Backup;
Introduction;
Automating Dial Backup;
Using Dialer Interfaces;
Using an Async Modem on the AUX Port;
Using Backup Interfaces;
Using Dialer Watch;
Using Virtual Templates;
Ensuring Proper Disconnection;
View Dial Backup Status;
Debugging Dial Backup;
Chapter 14: NTP and Time;
Introduction;
Time-Stamping Router Logs;
Setting the Time;
Setting the Time Zone;
Adjusting for Daylight Saving Time;
Synchronizing the Time on All Routers (NTP);
Configuring NTP Redundancy;
Setting the Router As the NTP Master for the Network;
Changing NTP Synchronization Periods;
Using NTP to Send Periodic Broadcast Time Updates;
Using NTP to Send Periodic Multicast Time Updates;
Enabling and Disabling NTP Per Interface;
NTP Authentication;
Limiting the Number of Peers;
Restricting Peers;
Setting the Clock Period;
Checking the NTP Status;
Debugging NTP;
NTP Logging;
Extended Daylight Saving Time;
NTP Server Configuration;
Chapter 15: DLSw;
Introduction;
Simple Bridging;
Configuring DLSw;
Using DLSw to Bridge Between Ethernet and Token Ring;
Converting Ethernet and Token Ring MAC Addresses;
Configuring SDLC;
Configuring SDLC for Multidrop Connections;
Using STUN;
Using BSTUN;
Controlling DLSw Packet Fragmentation;
Tagging DLSw Packets for QoS;
Supporting SNA Priorities;
DLSw+ Redundancy and Fault Tolerance;
Viewing DLSw Status Information;
Viewing SDLC Status Information;
Debugging DSLw;
Chapter 16: Router Interfaces and Media;
Introduction;
Viewing Interface Status;
Configuring Serial Interfaces;
Using an Internal T1 CSU/DSU;
Using an Internal ISDN PRI Module;
Using an Internal 56 Kbps CSU/DSU;
Configuring an Async Serial Interface;
Configuring ATM Subinterfaces;
Setting Payload Scrambling on an ATM Circuit;
Classical IP Over ATM;
Configuring Ethernet Interface Features;
Configuring Token Ring Interface Features;
Connecting VLAN Trunks with ISL;
Connecting VLAN Trunks with 802.1Q;
LPD Printer Support;
Chapter 17: Simple Network Management Protocol;
Introduction;
Configuring SNMP;
Extracting Router Information via SNMP Tools;
Recording Important Router Information for SNMP Access;
Using SNMP to Extract Inventory Information from a List of Routers;
Using Access Lists to Protect SNMP Access;
Logging Unauthorized SNMP Attempts;
Limiting MIB Access;
Using SNMP to Modify a Router's Running Configuration;
Using SNMP to Copy a New IOS Image;
Using SNMP to Perform Mass Configuration Changes;
Preventing Unauthorized Configuration Modifications;
Making Interface Table Numbers Permanent;
Enabling SNMP Traps and Informs;
Sending Syslog Messages As SNMP Traps and Informs;
Setting SNMP Packet Size;
Setting SNMP Queue Size;
Setting SNMP Timeout Values;
Disabling Link Up/Down Traps per Interface;
Setting the IP Source Address for SNMP Traps;
Using RMON to Send Traps;
Enabling SNMPv3;
Strong SNMPv3 Encryption;
Using SAA;
Chapter 18: Logging;
Introduction;
Enabling Local Router Logging;
Setting the Log Size;
Clearing the Router's Log;
Sending Log Messages to Your Screen;
Using a Remote Log Server;
Enabling Syslog on a Unix Server;
Changing the Default Log Facility;
Restricting What Log Messages Are Sent to the Server;
Setting the IP Source Address for Syslog Messages;
Logging Router Syslog Messages in Different Files;
Maintaining Syslog Files on the Server;
Testing the Syslog Sever Configuration;
Preventing the Most Common Messages from Being Logged;
Rate-Limiting Syslog Traffic;
Enabling Error Log Counting;
XML-Formatted Log Messages;
Modifying Log Messages;
Chapter 19: Access-Lists;
Introduction;
Filtering by Source or Destination IP Address;
Adding a Comment to an ACL;
Filtering by Application;
Filtering Based on TCP Header Flags;
Restricting TCP Session Direction;
Filtering Multiport Applications;
Filtering Based on DSCP and TOS;
Logging When an Access-List Is Used;
Logging TCP Sessions;
Analyzing ACL Log Entries;
Using Named and Reflexive Access-Lists;
Dealing with Passive Mode FTP;
Using Time-Based Access-Lists;
Filtering Based on Noncontiguous Ports;
Advanced Access-List Editing;
Filtering IPv6;
Chapter 20: DHCP;
Introduction;
Using IP Helper Addresses for DHCP;
Limiting the Impact of IP Helper Addresses;
Using DHCP to Dynamically Configure Router IP Addresses;
Dynamically Allocating Client IP Addresses via DHCP;
Defining DHCP Configuration Options;
Defining DHCP Lease Periods;
Allocating Static IP Addresses with DHCP;
Configuring a DHCP Database Client;
Configuring Multiple DHCP Servers per Subnet;
DHCP Static Mapping;
DHCP-Secured IP Address Assignment;
Showing DHCP Status;
Debugging DHCP;
Chapter 21: NAT;
Introduction;
Configuring Basic NAT Functionality;
Allocating External Addresses Dynamically;
Allocating External Addresses Statically;
Translating Some Addresses Statically and Others Dynamically;
Using Route Maps to Refine Static Translation Rules;
Translating in Both Directions Simultaneously;
Rewriting the Network Prefix;
Using NAT for Server Load Distribution;
Stateful NAT Failover;
Adjusting NAT Timers;
Changing TCP Ports for FTP;
Checking NAT Status;
Debugging NAT;
Chapter 22: First Hop Redundancy Protocols;
Introduction;
Configuring Basic HSRP Functionality;
Using HSRP Preempt;
Making HSRP React to Problems on Other Interfaces;
Load-Balancing with HSRP;
Redirecting ICMP with HSRP;
Manipulating HSRP Timers;
Using HSRP on Token Ring;
HSRP SNMP Support;
Increasing HSRP Security;
Showing HSRP State Information;
Debugging HSRP;
HSRP Version 2;
VRRP;
Gateway Load-Balancing Protocol;
Chapter 23: IP Multicast;
Introduction;
Configuring Basic Multicast Functionality with PIM-DM;
Routing Multicast Traffic with PIM-SM and BSR;
Routing Multicast Traffic with PIM-SM and Auto-RP;
Filtering PIM Neighbors;
Configuring Routing for a Low-Frequency Multicast Application;
Multicast over Frame Relay or ATM WANs;
Configuring CGMP;
Using IGMP Version 3;
Static Multicast Routes and Group Memberships;
Routing Multicast Traffic with MOSPF;
Routing Multicast Traffic with DVMRP;
DVMRP Tunnels;
Configuring Bidirectional PIM;
Controlling Multicast Scope with TTL;
Controlling Multicast Scope with Administratively Scoped Addressing;
Exchanging Multicast Routing Information with MBGP;
Using MSDP to Discover External Sources;
Configuring Anycast RP;
Converting Broadcasts to Multicasts;
Showing Multicast Status;
Debugging Multicast Routing;
Chapter 24: IP Mobility;
Introduction;
Local Area Mobility;
Home Agent Configuration;
Foreign Agent Configuration;
Making a Router a Mobile Node;
Reverse-Tunnel Forwarding;
Using HSRP for Home Agent Redundancy;
Chapter 25: IPv6;
Introduction;
Automatically Generating IPv6 Addresses for an Interface;
Manually Configuring IPv6 Addresses on an Interface;
Configuring DHCP for IPv6;
Dynamic Routing with RIP;
Modifying the Default RIP Parameters;
IPv6 Route Filtering and Metric Manipulation in RIP;
Using OSPF for IPv6;
IPv6 Route Filtering and Metric Manipulation in OSPF;
Route Redistribution;
Dynamic Routing with MBGP;
Tunneling IPv6 Through an Existing IPv4 Network;
Translating Between IPv6 and IPv4;
Chapter 26: MPLS;
Introduction;
Configuring a Basic MPLS P Router;
Configuring a Basic MPLS PE Router;
Configuring Basic MPLS CE Routers;
Configuring MPLS over ATM;
PE-CE Communication via RIP;
PE-CE Communication via OSPF;
PE-CE Communication via EIGRP;
PE-CE Communication via BGP;
QoS over MPLS;
MPLS Traffic Engineering with Autoroute;
Multicast Over MPLS;
Your Service Provider Doesn't Do What You Want;
Chapter 27: Security;
Introduction;
Using AutoSecure;
Using Context-Based Access-Lists;
Transparent Cisco IOS Firewall;
Stopping Denial of Service Attacks;
Inspecting Applications on Different Port Numbers;
Intrusion Detection and Prevention;
Login Password Retry Lockout;
Authentication Proxy;
Appendix 1: External Software Packages;
Perl;
Expect;
NET-SNMP;
PuTTY;
OpenSSH;
Ethereal;
Appendix 2: IP Precedence, TOS, and DSCP Classifications;
IP Precedence, TOS, and DSCP Classifications;
Queueing Algorithms;
Dropping Packets and Congestion Avoidance;
Colophon;