Cover image for Cisco Cookbook

Book description

While several publishers (including O'Reilly) supply excellent documentation of router features, the trick is knowing when, why, and how to use these features There are often many different ways to solve any given networking problem using Cisco devices, and some solutions are clearly more effective than others. The pressing question for a network engineer is which of the many potential solutions is the most appropriate for a particular situation. Once you have decided to use a particular feature, how should you implement it? Unfortunately, the documentation describing a particular command or feature frequently does very little to answer either of these questions. Everybody who has worked with Cisco routers for any length of time has had to ask their friends and co-workers for example router configuration files that show how to solve a common problem. A good working configuration example can often save huge amounts of time and frustration when implementing a feature that you've never used before. The Cisco Cookbook gathers hundreds of example router configurations all in one place. As the name suggests, Cisco Cookbook is organized as a series of recipes. Each recipe begins with a problem statement that describes a common situation that you might face. After each problem statement is a brief solution that shows a sample router configuration or script that you can use to resolve this particular problem. A discussion section then describes the solution, how it works, and when you should or should not use it. The chapters are organized by the feature or protocol discussed. If you are looking for information on a particular feature such as NAT, NTP or SNMP, you can turn to that chapter and find a variety of related recipes. Most chapters list basic problems first, and any unusual or complicated situations last. The Cisco Cookbook will quickly become your "go to" resource for researching and solving complex router configuration issues, saving you time and making your network more efficient. It covers:

  • Router Configuration and File Management

  • Router Management

  • User Access and Privilege Levels

  • TACACS+

  • IP Routing

  • RIP

  • EIGRP

  • OSPF

  • BGP

  • Frame Relay

  • Queueing and Congestion

  • Tunnels and VPNs

  • Dial Backup

  • NTP and Time

  • DLSw

  • Router Interfaces and Media

  • Simple Network Management Protocol

  • Logging

  • Access Lists

  • DHCP

  • NAT

  • Hot Standby Router Protocol

  • IP Multicast

Table of Contents

  1. Special Upgrade Offer
  2. A Note Regarding Supplemental Files
  3. Preface
    1. Organization
    2. What’s in This Book
    3. Conventions
    4. Comments and Questions
    5. Acknowledgments
  4. 1. Router Configuration and File Management
    1. 1.0. Introduction
    2. 1.1. Configuring the Router via TFTP
    3. 1.2. Saving Router Configuration to Server
    4. 1.3. Booting the Router Using a Remote Configuration File
    5. 1.4. Storing Configuration Files Larger than NVRAM
    6. 1.5. Clearing the Startup Configuration
    7. 1.6. Loading a New IOS Image
    8. 1.7. Booting a Different IOS Image
    9. 1.8. Booting Over the Network
    10. 1.9. Copying an IOS Image to a Server
    11. 1.10. Copying an IOS Image Through the Console
    12. 1.11. Deleting Files from Flash
    13. 1.12. Partitioning Flash
    14. 1.13. Using the Router as a TFTP Server
    15. 1.14. Using FTP from the Router
    16. 1.15. Generating Large Numbers of Router Configurations
    17. 1.16. Changing the Configurations of Many Routers at Once
    18. 1.17. Extracting Hardware Inventory Information
    19. 1.18. Backing Up Router Configurations
  5. 2. Router Management
    1. 2.0. Introduction
    2. 2.1. Creating Command Aliases
    3. 2.2. Managing the Router’s ARP Cache
    4. 2.3. Tuning Router Buffers
    5. 2.4. Using the Cisco Discovery Protocol
    6. 2.5. Disabling the Cisco Discovery Protocol
    7. 2.6. Using the Small Servers
    8. 2.7. Enabling HTTP Access to a Router
    9. 2.8. Using Static Hostname Tables
    10. 2.9. Enabling Domain Name Service
    11. 2.10. Disabling Domain Name Lookups
    12. 2.11. Specifying a Router Reload Time
    13. 2.12. Creating Exception Dump Files
    14. 2.13. Generating a Report of Interface Information
    15. 2.14. Generating a Report of Routing Table Information
    16. 2.15. Generating a Report of ARP Table Information
    17. 2.16. Generating a Server Host Table File
  6. 3. User Access and Privilege Levels
    1. 3.0. Introduction
    2. 3.1. Setting Up User IDs
    3. 3.2. Encrypting Passwords
    4. 3.3. Using Better Encryption Techniques
    5. 3.4. Removing Passwords from a Router Configuration File
    6. 3.5. Deciphering Cisco’s Weak Password Encryption
    7. 3.6. Displaying Active Users
    8. 3.7. Sending Messages to Other Users
    9. 3.8. Changing the Number of VTYs
    10. 3.9. Changing VTY Timeouts
    11. 3.10. Restricting VTY Access by Protocol
    12. 3.11. Enabling Absolute Timeouts on VTY Lines
    13. 3.12. Implementing Banners
    14. 3.13. Disabling Banners on a Port
    15. 3.14. Disabling Router Lines
    16. 3.15. Reserving a VTY Port for Administrative Access
    17. 3.16. Restricting Inbound Telnet Access
    18. 3.17. Logging Telnet Access
    19. 3.18. Setting the Source Address for Telnet
    20. 3.19. Automating the Login Sequence
    21. 3.20. Using SSH for Secure Access
    22. 3.21. Changing the Privilege Level of IOS Commands
    23. 3.22. Defining Per-User Privileges
    24. 3.23. Defining Per-Port Privileges
  7. 4. TACACS+
    1. 4.0. Introduction
    2. 4.1. Authenticating Login IDs from a Central System
    3. 4.2. Restricting Command Access
    4. 4.3. Losing Access to the TACACS+ Server
    5. 4.4. Disabling TACACS+ Authentication on a Particular Line
    6. 4.5. Capturing User Keystrokes
    7. 4.6. Logging System Events
    8. 4.7. Setting the IP Source Address for TACACS+ Messages
    9. 4.8. Obtaining Free TACACS+ Server Software
    10. 4.9. Sample Server Configuration Files
  8. 5. IP Routing
    1. 5.0. Introduction
    2. 5.1. Finding an IP Route
    3. 5.2. Finding Types of IP Routes
    4. 5.3. Converting Different Mask Formats
    5. 5.4. Using Static Routing
    6. 5.5. Floating Static Routes
    7. 5.6. Using Policy-Based Routing to Route Based on Source Address
    8. 5.7. Using Policy-Based Routing to Route Based on Application Type
    9. 5.8. Examining Policy-Based Routing
    10. 5.9. Changing Administrative Distances
    11. 5.10. Routing Over Multiple Paths with Equal Costs
  9. 6. RIP
    1. 6.0. Introduction
    2. 6.1. Configuring RIP Version 1
    3. 6.2. Filtering Routes with RIP
    4. 6.3. Redistributing Static Routes into RIP
    5. 6.4. Redistributing Routes Using Route Maps
    6. 6.5. Creating a Default Route in RIP
    7. 6.6. Disabling RIP on an Interface
    8. 6.7. Unicast Updates for RIP
    9. 6.8. Applying Offsets to Routes
    10. 6.9. Adjusting Timers
    11. 6.10. Configuring Interpacket Delay
    12. 6.11. Enabling Triggered Updates
    13. 6.12. Increasing the RIP Input Queue
    14. 6.13. Configuring RIP Version 2
    15. 6.14. Enabling RIP Authentication
    16. 6.15. RIP Route Summarization
    17. 6.16. Route Tagging
  10. 7. EIGRP
    1. 7.0. Introduction
    2. 7.1. Configuring EIGRP
    3. 7.2. Filtering Routes with EIGRP
    4. 7.3. Redistributing Routes into EIGRP
    5. 7.4. Redistributing Routes into EIGRP Using Route Maps
    6. 7.5. Creating a Default Route in EIGRP
    7. 7.6. Disabling EIGRP on an Interface
    8. 7.7. EIGRP Route Summarization
    9. 7.8. Adjusting EIGRP Metrics
    10. 7.9. Adjusting Timers
    11. 7.10. Enabling EIGRP Authentication
    12. 7.11. Logging EIGRP Neighbor State Changes
    13. 7.12. Limiting EIGRP’s Bandwidth Utilization
    14. 7.13. EIGRP Stub Routing
    15. 7.14. Route Tagging
    16. 7.15. Viewing EIGRP Status
  11. 8. OSPF
    1. 8.0. Introduction
    2. 8.1. Configuring OSPF
    3. 8.2. Filtering Routes in OSPF
    4. 8.3. Adjusting OSPF Costs
    5. 8.4. Creating a Default Route in OSPF
    6. 8.5. Redistributing Static Routes into OSPF
    7. 8.6. Redistributing External Routes into OSPF
    8. 8.7. Manipulating DR Selection
    9. 8.8. Setting the OSPF RID
    10. 8.9. Enabling OSPF Authentication
    11. 8.10. Selecting the Appropriate Area Types
    12. 8.11. Summarizing Routes in OSPF
    13. 8.12. Disabling OSPF on Certain Interfaces
    14. 8.13. OSPF Route Tagging
    15. 8.14. Logging OSPF Adjacency Changes
    16. 8.15. Adjusting OSPF Timers
    17. 8.16. Viewing OSPF Status with Domain Names
    18. 8.17. Debugging OSPF
  12. 9. BGP
    1. 9.0. Introduction
    2. 9.1. Configuring BGP
    3. 9.2. Using eBGP Multihop
    4. 9.3. Adjusting the Next-Hop Attribute
    5. 9.4. Connecting to Two ISPs
    6. 9.5. Connecting to Two ISPs with Redundant Routers
    7. 9.6. Restricting Networks Advertised to a BGP Peer
    8. 9.7. Adjusting Local Preference Values
    9. 9.8. Load Balancing
    10. 9.9. Removing Private ASNs from the AS Path
    11. 9.10. Filtering BGP Routes Based on AS Paths
    12. 9.11. Reducing the Size of the Received Routing Table
    13. 9.12. Summarizing Outbound Routing Information
    14. 9.13. Prepending ASNs to the AS Path
    15. 9.14. Redistributing Routes with BGP
    16. 9.15. Using Peer Groups
    17. 9.16. Authenticating BGP Peers
    18. 9.17. Putting It All Together
  13. 10. Frame Relay
    1. 10.0. Introduction
    2. 10.1. Setting Up Frame Relay with Point-to-Point Subinterfaces
    3. 10.2. Adjusting LMI Options
    4. 10.3. Setting Up Frame Relay with Map Statements
    5. 10.4. Using Multipoint Subinterfaces
    6. 10.5. Configuring Frame Relay SVCs
    7. 10.6. Simulating a Frame Relay Cloud
    8. 10.7. Compressing Frame Relay Data on a Subinterface
    9. 10.8. Compressing Frame Relay Data with Maps
    10. 10.9. Viewing Frame Relay Status Information
  14. 11. Queueing and Congestion
    1. 11.0. Introduction
    2. 11.1. Fast Switching and CEF
    3. 11.2. Setting the DSCP or TOS Field
    4. 11.3. Using Priority Queueing
    5. 11.4. Using Custom Queueing
    6. 11.5. Using Custom Queues with Priority Queues
    7. 11.6. Using Weighted Fair Queueing
    8. 11.7. Using Class-Based Weighted Fair Queueing
    9. 11.8. Controlling Congestion with WRED
    10. 11.9. Using RSVP
    11. 11.10. Using Generic Traffic Shaping
    12. 11.11. Using Frame-Relay Traffic Shaping
    13. 11.12. Using Committed Access Rate
    14. 11.13. Implementing Standards-Based Per-Hop Behavior
    15. 11.14. Viewing Queue Parameters
  15. 12. Tunnels and VPNs
    1. 12.0. Introduction
    2. 12.1. Creating a Tunnel
    3. 12.2. Tunneling Foreign Protocols in IP
    4. 12.3. Tunneling with Dynamic Routing Protocols
    5. 12.4. Viewing Tunnel Status
    6. 12.5. Creating an Encrypted Router-to-Router VPN
    7. 12.6. Generating RSA Keys
    8. 12.7. Creating a Router-to-Router VPN with RSA Keys
    9. 12.8. Creating a VPN Between a Workstation and a Router
    10. 12.9. Check IPSec Protocol Status
  16. 13. Dial Backup
    1. 13.0. Introduction
    2. 13.1. Automating Dial Backup
    3. 13.2. Using Dialer Interfaces
    4. 13.3. Using an Async Modem on the AUX Port
    5. 13.4. Using Backup Interfaces
    6. 13.5. Using Dialer Watch
    7. 13.6. Ensuring Proper Disconnection
    8. 13.7. View Dial Backup Status
    9. 13.8. Debugging Dial Backup
  17. 14. NTP and Time
    1. 14.0. Introduction
    2. 14.1. Timestamping Router Logs
    3. 14.2. Setting the Time
    4. 14.3. Setting the Time Zone
    5. 14.4. Adjusting for Daylight Saving Time
    6. 14.5. Synchronizing the Time on All Routers (NTP)
    7. 14.6. Configuring NTP Redundancy
    8. 14.7. Setting the Router as the NTP Master for the Network
    9. 14.8. Changing NTP Synchronization Periods
    10. 14.9. Using NTP to Send Periodic Broadcast Time Updates
    11. 14.10. Using NTP to Send Periodic Multicast Time Updates
    12. 14.11. Enabling and Disabling NTP Per Interface
    13. 14.12. NTP Authentication
    14. 14.13. Limiting the Number of Peers
    15. 14.14. Restricting Peers
    16. 14.15. Setting the Clock Period
    17. 14.16. Checking the NTP Status
    18. 14.17. Debugging NTP
  18. 15. DLSw
    1. 15.0. Introduction
    2. 15.1. Configuring DLSw
    3. 15.2. Using DLSw to Bridge Between Ethernet and Token Ring
    4. 15.3. Converting Ethernet and Token Ring MAC Addresses
    5. 15.4. Configuring SDLC
    6. 15.5. Configuring SDLC for Multidrop Connections
    7. 15.6. Using STUN
    8. 15.7. Using BSTUN
    9. 15.8. Controlling DLSw Packet Fragmentation
    10. 15.9. Tagging DLSw Packets for QoS
    11. 15.10. Supporting SNA Priorities
    12. 15.11. DLSw+ Redundancy and Fault Tolerance
    13. 15.12. Viewing DLSw Status Information
    14. 15.13. Viewing SDLC Status Information
    15. 15.14. Debugging DSLw
  19. 16. Router Interfaces and Media
    1. 16.0. Introduction
    2. 16.1. Viewing Interface Status
    3. 16.2. Configuring Serial Interfaces
    4. 16.3. Using an Internal T1 CSU/DSU
    5. 16.4. Using an Internal ISDN PRI Module
    6. 16.5. Using an Internal 56Kbps CSU/DSU
    7. 16.6. Configuring an Async Serial Interface
    8. 16.7. Configuring ATM Subinterfaces
    9. 16.8. Setting Payload Scrambling on an ATM Circuit
    10. 16.9. Configuring Ethernet Interface Features
    11. 16.10. Configuring Token Ring Interface Features
    12. 16.11. Connecting VLAN Trunks With ISL
    13. 16.12. Connecting VLAN Trunks with 802.1Q
  20. 17. Simple Network Management Protocol
    1. 17.0. Introduction
    2. 17.1. Configuring SNMP
    3. 17.2. Extracting Router Information via SNMP Tools
    4. 17.3. Recording Important Router Information for SNMP Access
    5. 17.4. Extracting Inventory Information from a List of Routers with SNMP
    6. 17.5. Using Access Lists to Protect SNMP Access
    7. 17.6. Logging Unauthorized SNMP Attempts
    8. 17.7. Limiting MIB Access
    9. 17.8. Using SNMP to Modify a Router’s Running Configuration
    10. 17.9. Using SNMP to Copy a New IOS Image
    11. 17.10. Using SNMP to Perform Mass Configuration Changes
    12. 17.11. Preventing Unauthorized Configuration Modifications
    13. 17.12. Making Interface Table Numbers Permanent
    14. 17.13. Enabling SNMP Traps and Informs
    15. 17.14. Sending syslog Messages as SNMP Traps and Informs
    16. 17.15. Setting SNMP Packet Size
    17. 17.16. Setting SNMP Queue Size
    18. 17.17. Setting SNMP Timeout Values
    19. 17.18. Disabling Link Up/Down Traps per Interface
    20. 17.19. Setting the IP Source Address for SNMP Traps
    21. 17.20. Using RMON to Send Traps
    22. 17.21. Enabling SNMPv3
    23. 17.22. Using SAA
  21. 18. Logging
    1. 18.0. Introduction
    2. 18.1. Enabling Local Router Logging
    3. 18.2. Setting the Log Size
    4. 18.3. Clearing the Router’s Log
    5. 18.4. Sending Log Messages to Your Screen
    6. 18.5. Using a Remote Log Server
    7. 18.6. Enabling Syslog on a Unix Server
    8. 18.7. Changing the Default Log Facility
    9. 18.8. Restricting What Log Messages Are Sent to the Server
    10. 18.9. Setting the IP Source Address for Syslog Messages
    11. 18.10. Logging Router Syslog Messages in Different Files
    12. 18.11. Maintaining Syslog Files on the Server
    13. 18.12. Testing the Syslog Sever Configuration
    14. 18.13. Preventing the Most Common Messages from Being Logged
    15. 18.14. Rate-Limiting Syslog Traffic
  22. 19. Access Lists
    1. 19.0. Introduction
    2. 19.1. Filtering by Source or Destination IP Address
    3. 19.2. Adding a Comment to an ACL
    4. 19.3. Filtering by Application
    5. 19.4. Filtering Based on TCP Header Flags
    6. 19.5. Restricting TCP Session Direction
    7. 19.6. Filtering Multiport Applications
    8. 19.7. Filtering Based on DSCP and TOS
    9. 19.8. Logging when an Access List Is Used
    10. 19.9. Logging TCP Sessions
    11. 19.10. Analyzing ACL Log Entries
    12. 19.11. Using Named and Reflexive Access Lists
    13. 19.12. Dealing with Passive Mode FTP
    14. 19.13. Using Context-Based Access Lists
  23. 20. DHCP
    1. 20.0. Introduction
    2. 20.1. Using IP Helper Addresses for DHCP
    3. 20.2. Limiting the Impact of IP Helper Addresses
    4. 20.3. Using DHCP to Dynamically Configure Router IP Addresses
    5. 20.4. Dynamically Allocating Client IP Addresses via DHCP
    6. 20.5. Defining DHCP Configuration Options
    7. 20.6. Defining DHCP Lease Periods
    8. 20.7. Allocating Static IP Addresses with DHCP
    9. 20.8. Configuring a DHCP Database Client
    10. 20.9. Configuring Multiple DHCP Servers per Subnet
    11. 20.10. Showing DHCP Status
    12. 20.11. Debugging DHCP
  24. 21. NAT
    1. 21.0. Introduction
    2. 21.1. Configuring Basic NAT Functionality
    3. 21.2. Allocating External Addresses Dynamically
    4. 21.3. Allocating External Addresses Statically
    5. 21.4. Translating Some Addresses Statically and Others Dynamically
    6. 21.5. Translating in Both Directions Simultaneously
    7. 21.6. Rewriting the Network Prefix
    8. 21.7. Adjusting NAT Timers
    9. 21.8. Changing TCP Ports for FTP
    10. 21.9. Checking NAT Status
    11. 21.10. Debugging NAT
  25. 22. Hot Standby Router Protocol
    1. 22.0. Introduction
    2. 22.1. Configuring Basic HSRP Functionality
    3. 22.2. Using HSRP Preempt
    4. 22.3. Making HSRP React to Problems on Other Interfaces
    5. 22.4. Load Balancing with HSRP
    6. 22.5. Redirecting ICMP with HSRP
    7. 22.6. Manipulating HSRP Timers
    8. 22.7. Using HSRP on a Token Ring Network
    9. 22.8. HSRP SNMP Support
    10. 22.9. Increasing HSRP Security
    11. 22.10. Showing HSRP State Information
    12. 22.11. Debugging HSRP
  26. 23. IP Multicast
    1. 23.0. Introduction
    2. 23.1. Configuring Basic Multicast Functionality with PIM-DM
    3. 23.2. Routing Multicast Traffic with PIMSM and BSR
    4. 23.3. Routing Multicast Traffic with PIM-SM and Auto-RP
    5. 23.4. Configuring Routing for a Low Frequency Multicast Application
    6. 23.5. Configuring CGMP
    7. 23.6. Static Multicast Routes and Group Memberships
    8. 23.7. Routing Multicast Traffic with MOSPF
    9. 23.8. Routing Multicast Traffic with DVMRP
    10. 23.9. DVMRP Tunnels
    11. 23.10. Controlling Multicast Scope with TTL
    12. 23.11. Using Administratively Scoped Addressing
    13. 23.12. Exchanging Multicast Routing Information with MBGP
    14. 23.13. Using MSDP to Discover External Sources
    15. 23.14. Converting Broadcasts to Multicasts
    16. 23.15. Showing Multicast Status
    17. 23.16. Debugging Multicast Routing
  27. A. External Software Packages
    1. A.1. Perl
    2. A.2. Expect
    3. A.3. NET-SNMP
    4. A.4. PuTTY
    5. A.5. OpenSSH
    6. A.6. Ethereal
  28. B. IP Precedence, TOS, and DSCP Classifications
    1. B.1. Combining TOS and IP Precedence to Mimic DSCP
    2. B.2. RSVP
    3. B.3. Queueing Algorithms
    4. B.4. Dropping Packets and Congestion Avoidance
  29. Index
  30. About the Authors
  31. Colophon
  32. Special Upgrade Offer
  33. Copyright