Cisco IOS Cookbook, 2/e (Paperback)
暫譯: Cisco IOS 食譜, 第2版 (平裝本)

Description

Never has something cried out for a cookbook quite as much as Cisco's Internetwork Operating System (IOS). IOS is powerful and flexible, but also confusing and daunting. Most tasks can be accomplished in several different ways. And you don't want to spend precious time figuring out which way is best when you're trying to solve a problem quickly.

That's what this cookbook is for. Fortunately, most router configuration tasks can be broken down into several more or less independent steps: you configure an interface, you configure a routing protocol, you set up backup links, you implement packet filters and other access control mechanisms. What you really need is a set of recipes that show you how to perform the most common tasks, so you can quickly come up with a good configuration for your site. And you need to know that these solutions work: you don't want to find yourself implementing a backup link at 2 A.M. because your main link is down and the backup link you set up when you installed the router wasn't quite right.

Thoroughly revised and expanded, Cisco IOS Cookbook, 2nd Edition, adds sections on MPLS, Security, IPv6, and IP Mobility, and presents solutions to the most common configuration problems, including:

• Configuring interfaces of many types, from serial to ATM and Frame Relay
• Configuring all of the common IP routing protocols (RIP, EIGRP, OSPF, and BGP)
• Configuring authentication
• Configuring other services, including DHCP and NTP
• Setting up backup links, and using HSRP to configure backup routers
• Managing the router, including SNMP and other solutions
• Using access lists to control the traffic through the router

If you work with Cisco routers, you need a book like this to help you solve problems quickly and effectively. Even if you're experienced, the solutions and extensive explanations will give you new ideas and insights into router configuration. And if you're not experienced--if you've just been given responsibility for managing a network with Cisco routers--this book could be a job-saver.

 

Preface

1. Router Configuration and File Management

      1.1 Configuring the Router via TFTP

      1.2 Saving Router Configuration to Server

      1.3 Booting the Router Using a Remote Configuration File

      1.4 Storing Configuration Files Larger Than NVRAM

      1.5 Clearing the Startup Configuration

      1.6 Loading a New IOS Image

      1.7 Booting a Different IOS Image

      1.8 Booting over the Network

      1.9 Copying an IOS Image to a Server

      1.10 Copying an IOS Image Through the Console

      1.11 Deleting Files from Flash

      1.12 Partitioning Flash

      1.13 Using the Router as a TFTP Server

      1.14 Using FTP from the Router

      1.15 Generating Large Numbers of Router Configurations

      1.16 Changing the Configurations of Many Routers at Once

      1.17 Extracting Hardware Inventory Information

      1.18 Backing Up Router Configurations

      1.19 Warm Reload

      1.20 Warm Upgrade

      1.21 Configuration Archiving

      1.22 Locking Configuration Access

2. Router Management

      2.1 Creating Command Aliases

      2.2 Managing the Router's ARP Cache

      2.3 Tuning Router Buffers

      2.4 Auto Tuning Buffers

      2.5 Using the Cisco Discovery Protocol

      2.6 Disabling the Cisco Discovery Protocol

      2.7 Using the Small Servers

      2.8 Enabling HTTP Access to a Router

      2.9 Enabling Secure HTTP (HTTPS) Access to a Router

      2.10 Using Static Hostname Tables

      2.11 Enabling Domain Name Services

      2.12 Disabling Domain Name Lookups

      2.13 Specifying a Router Reload Time

      2.14 Scheduling of Router Commands

      2.15 Displaying Historical CPU Values

      2.16 Creating Exception Dump Files

      2.17 Generating a Report of Interface Information

      2.18 Generating a Report of Routing Table Information

      2.19 Generating a Report of ARP Table Information

      2.20 Generating a Server Host Table File

3. User Access and Privilege Levels

      3.1 Setting Up User IDs

      3.2 Encrypting Passwords

      3.3 Using Better Password-Encryption Techniques

      3.4 Removing Passwords from a Router Configuration File

      3.5 Deciphering Cisco's Weak Password Encryption

      3.6 Displaying Active Users

      3.7 Sending Messages to Other Users

      3.8 Changing the Number of VTYs

      3.9 Changing VTY Timeouts

      3.10 Restricting VTY Access by Protocol

      3.11 Enabling Absolute Timeouts on VTY Lines

      3.12 Implementing Banners

      3.13 Disabling Banners on a Port

      3.14 Disabling Router Lines

      3.15 Reserving a VTY Port for Administrative Access

      3.16 Restricting Inbound Telnet Access

      3.17 Logging Telnet Access

      3.18 Setting the Source Address for Telnet

      3.19 Automating the Login Sequence

      3.20 Using SSH for Secure Access

      3.21 Changing Privilege Level of IOS Commands

      3.22  Defining Per User Privileges

      3.23 Defining Per Port Privileges

4. TACACS+

      4.1 Authenticating Login IDs from a Central System

      4.2 Restricting Command Access

      4.3 Losing Access to the TACACS+ Server

      4.4 Disabling TACACS+ Authentication on a Particular Line
      4.5 Capturing User Keystrokes

      4.6 Logging System Events

      4.7 Setting the IP Source Address for TACACS+ Messages

      4.8 Sample Server Configuration Files

5. IP Routing

      5.1 Finding an IP Route

      5.2 Finding Types of IP Routes

      5.3 Converting Different Mask Formats

      5.4 Using Static Routing

      5.5 Floating Static Routes

      5.6 Using Policy-Based Routing to Route Based on Source Address

      5.7 Using Policy-Based Routing to Route Based on Application Type

      5.8 Examining Policy-Based Routing

      5.9 Changing Administrative Distances

      5.10 Routing Over Multiple Paths with Equal Costs

      5.11 Static Routes That Track Interfaces or Other Routes

      5.12 Keeping Statistics on Routing Table Changes

6. RIP

      6.1 Configuring RIP Version 1

      6.2 Filtering Routes with RIP

      6.3 Redistributing Static Routes into RIP

      6.4 Redistributing Routes Using Route Maps

      6.5 Creating a Default Route in RIP

      6.6 Disabling RIP on an Interface

      6.7 Default Passive Interface

      6.8 Unicast Updates for RIP

      6.9 Applying Offsets to Routes

      6.10 Adjusting Timers

      6.11 Configuring Interpacket Delay

      6.12 Enabling Nonperiodic Updates

      6.13 Increasing the RIP Input Queue

      6.14 Configuring RIP Version 2

      6.15 Enabling RIP Authentication

      6.16 RIP Route Summarization

      6.17 Route Tagging

7. EIGRP

      7.1 Configuring EIGRP

      7.2 Filtering Routes with EIGRP

      7.3 Redistributing Routes into EIGRP

      7.4 Redistributing Routes into EIGRP Using Route Maps

      7.5 Disabling EIGRP on an Interface

      7.6 Adjusting EIGRP Metrics

      7.7 Adjusting Timers

      7.8 Enabling EIGRP Authentication

      7.9 EIGRP Route Summarization

      7.10 Logging EIGRP Neighbor State Changes

      7.11 Limiting EIGRP's Bandwidth Utilization

      7.12 EIGRP Stub Routing

      7.13 Route Tagging

      7.14 Viewing EIGRP Status

8. OSPF

      8.1 Configuring OSPF

      8.2 Filtering Routes in OSPF

      8.3 Adjusting OSPF Costs

      8.4 Creating a Default Route in OSPF

      8.5 Redistributing Static Routes into OSPF

      8.6 Redistributing External Routes into OSPF

      8.7 Manipulating DR Selection

      8.8 Setting the OSPF RID

      8.9 Enabling OSPF Authentication

      8.10 Selecting the Appropriate Area Types

      8.11 Using OSPF on Dial Interfaces

      8.12 Summarizing Routes in OSPF

      8.13 Disabling OSPF on Certain Interfaces

      8.14 Changing the Network Type on an Interface

      8.15 OSPF Route Tagging

      8.16 Logging OSPF Adjacency Changes

      8.17 Adjusting OSPF Timers

      8.18 Reducing OSPF Traffic in Stable Networks

      8.19 OSPF Virtual Links

      8.20 Viewing OSPF Status with Domain Names

      8.21 Debugging OSPF

9. BGP

      9.1 Configuring BGP

      9.2 Using eBGP Multihop

      9.3 Adjusting the Next-Hop Attribute

      9.4 Connecting to Two ISPs

      9.5 Connecting to Two ISPs with Redundant Routers

      9.6 Restricting Networks Advertised to a BGP Peer

      9.7 Adjusting Local Preference Values

      9.8 Load-Balancing

      9.9 Removing Private ASNs from the AS Path

      9.10 Filtering BGP Routes Based on AS Paths

      9.11 Reducing the Size of the Received Routing Table

      9.12 Summarizing Outbound Routing Information

      9.13 Prepending ASNs to the AS Path

      9.14 Redistributing Routes with BGP

      9.15 Using Peer Groups

      9.16 Authenticating BGP Peers

      9.17 Using BGP Communities

      9.18 Using BGP Route Reflectors

      9.19 Putting It All Together

10. Frame Relay

      10.1 Setting Up Frame Relay with Point-to-Point Subinterfaces

      10.2 Adjusting LMI Options

      10.3 Setting Up Frame Relay with Map Statements

      10.4 Using Multipoint Subinterfaces

      10.5 Configuring Frame Relay SVCs

      10.6 Simulating a Frame Relay Cloud

      10.7 Compressing Frame Relay Data on a Subinterface

      10.8 Compressing Frame Relay Data with Maps

      10.9 PPP over Frame Relay

      10.10 Viewing Frame Relay Status Information

11. Handling Queuing and Congestion

      11.1 Fast Switching and CEF

      11.2 Setting the DSCP or TOS Field

      11.3 Using Priority Queuing

      11.4 Using Custom Queuing

      11.5 Using Custom Queues with Priority Queues

      11.6 Using Weighted Fair Queuing

      11.7 Using Class-Based Weighted Fair Queuing

      11.8 Using NBAR Classification

      11.9 Controlling Congestion with WRED

      11.10 Using RSVP

      11.11 Manual RSVP Reservations

      11.12 Aggregating RSVP Reservations

      11.13 Using Generic Traffic Shaping

      11.14 Using Frame-Relay Traffic Shaping

      11.15 Using Committed Access Rate

      11.16 Implementing Standards-Based Per-Hop Behavior

      11.17 AutoQoS

      11.18 Viewing Queue Parameters

12. Tunnels and VPNs

      12.1 Creating a Tunnel

      12.2 Tunneling Foreign Protocols in IP

      12.3 Tunneling with Dynamic Routing Protocols

      12.4 Viewing Tunnel Status

      12.5 Creating an Encrypted Router-to-Router VPN in a GRE Tunnel

      12.6 Creating an Encrypted VPN Between the LAN Interfaces   of Two Routers

      12.7 Generating RSA Keys

      12.8 Creating a Router-to-Router VPN with RSA Keys

      12.9 Creating a VPN Between a Workstation and a Router

      12.10 Creating an SSL VPN

      12.11 Checking IPSec Protocol Status

13. Dial Backup

      13.1 Automating Dial Backup

      13.2 Using Dialer Interfaces

      13.3 Using an Async Modem on the AUX Port

      13.4 Using Backup Interfaces

      13.5 Using Dialer Watch

      13.6 Using Virtual Templates

      13.7 Ensuring Proper Disconnection

      13.8 View Dial Backup Status

      13.9 Debugging Dial Backup

14. NTP and Time

      14.1 Time-Stamping Router Logs

      14.2 Setting the Time

      14.3 Setting the Time Zone

      14.4 Adjusting for Daylight Saving Time

      14.5 Synchronizing the Time on All Routers (NTP)

      14.6 Configuring NTP Redundancy

      14.7 Setting the Router As the NTP Master for the Network

      14.8 Changing NTP Synchronization Periods

      14.9 Using NTP to Send Periodic Broadcast Time Updates

      14.10 Using NTP to Send Periodic Multicast Time Updates

      14.11 Enabling and Disabling NTP Per Interface

      14.12 NTP Authentication

      14.13 Limiting the Number of Peers

      14.14 Restricting Peers

      14.15 Setting the Clock Period

      14.16 Checking the NTP Status

      14.17 Debugging NTP

      14.18 NTP Logging

      14.19 Extended Daylight Saving Time

      14.20 NTP Server Configuration

15. DLSw

      15.1 Simple Bridging

      15.2 Configuring DLSw

      15.3 Using DLSw to Bridge Between Ethernet and Token Ring

      15.4 Converting Ethernet and Token Ring MAC Addresses

      15.5 Configuring SDLC

      15.6 Configuring SDLC for Multidrop Connections

      15.7 Using STUN

      15.8 Using BSTUN

      15.9 Controlling DLSw Packet Fragmentation

      15.10 Tagging DLSw Packets for QoS

      15.11 Supporting SNA Priorities

      15.12 DLSw+ Redundancy and Fault Tolerance

      15.13 Viewing DLSw Status Information

      15.14 Viewing SDLC Status Information

      15.15 Debugging DSLw

16. Router Interfaces and Media

      16.1 Viewing Interface Status

      16.2 Configuring Serial Interfaces

      16.3 Using an Internal T1 CSU/DSU

      16.4 Using an Internal ISDN PRI Module

      16.5 Using an Internal 56 Kbps CSU/DSU

      16.6 Configuring an Async Serial Interface

      16.7 Configuring ATM Subinterfaces

      16.8 Setting Payload Scrambling on an ATM Circuit

      16.9 Classical IP Over ATM

      16.10 Configuring Ethernet Interface Features

      16.11 Configuring Token Ring Interface Features

      16.12 Connecting VLAN Trunks with ISL

      16.13 Connecting VLAN Trunks with 802.1Q

      16.14 LPD Printer Support

17. Simple Network Management Protocol

      17.1 Configuring SNMP

      17.2 Extracting Router Information via SNMP Tools

      17.3 Recording Important Router Information for SNMP Access

      17.4 Using SNMP to Extract Inventory Information   from a List of Routers

      17.5 Using Access Lists to Protect SNMP Access

      17.6 Logging Unauthorized SNMP Attempts

      17.7 Limiting MIB Access

      17.8 Using SNMP to Modify a Router's Running Configuration

      17.9 Using SNMP to Copy a New IOS Image

      17.10 Using SNMP to Perform Mass Configuration Changes

      17.11 Preventing Unauthorized Configuration Modifications

      17.12 Making Interface Table Numbers Permanent

      17.13 Enabling SNMP Traps and Informs

      17.14 Sending Syslog Messages As SNMP Traps and Informs

      17.15 Setting SNMP Packet Size

      17.16 Setting SNMP Queue Size

      17.17 Setting SNMP Timeout Values

      17.18 Disabling Link Up/Down Traps per Interface

      17.19 Setting the IP Source Address for SNMP Traps

      17.20 Using RMON to Send Traps

      17.21 Enabling SNMPv3

      17.22 Strong SNMPv3 Encryption

      17.23 Using SAA

18. Logging

      18.1 Enabling Local Router Logging

      18.2 Setting the Log Size

      18.3 Clearing the Router's Log

      18.4 Sending Log Messages to Your Screen

      18.5 Using a Remote Log Server

      18.6 Enabling Syslog on a Unix Server

      18.7 Changing the Default Log Facility

      18.8 Restricting What Log Messages Are Sent to the Server

      18.9 Setting the IP Source Address for Syslog Messages

      18.10 Logging Router Syslog Messages in Different Files

      18.11 Maintaining Syslog Files on the Server

      18.12 Testing the Syslog Sever Configuration

      18.13 Preventing the Most Common Messages from Being Logged

      18.14 Rate-Limiting Syslog Traffic

      18.15 Enabling Error Log Counting

      18.16 XML-Formatted Log Messages

      18.17 Modifying Log Messages

19. Access-Lists

      19.1 Filtering by Source or Destination IP Address

      19.2 Adding a Comment to an ACL

      19.3 Filtering by Application

      19.4 Filtering Based on TCP Header Flags

      19.5 Restricting TCP Session Direction

      19.6 Filtering Multiport Applications

      19.7 Filtering Based on DSCP and TOS

      19.8 Logging When an Access-List Is Used

      19.9 Logging TCP Sessions

      19.10 Analyzing ACL Log Entries

      19.11 Using Named and Reflexive Access-Lists

      19.12 Dealing with Passive Mode FTP

      19.13 Using Time-Based Access-Lists

      19.14 Filtering Based on Noncontiguous Ports

      19.15 Advanced Access-List Editing

      19.16 Filtering IPv6

20. DHCP

      20.1 Using IP Helper Addresses for DHCP

      20.2 Limiting the Impact of IP Helper Addresses

      20.3 Using DHCP to Dynamically Configure Router IP Addresses

      20.4 Dynamically Allocating Client IP Addresses via DHCP

      20.5 Defining DHCP Configuration Options

      20.6 Defining DHCP Lease Periods

      20.7 Allocating Static IP Addresses with DHCP

      20.8 Configuring a DHCP Database Client

      20.9 Configuring Multiple DHCP Servers per Subnet

      20.10 DHCP Static Mapping

      20.11 DHCP-Secured IP Address Assignment

      20.12 Showing DHCP Status

      20.13 Debugging DHCP

21. NAT

      21.1 Configuring Basic NAT Functionality

      21.2 Allocating External Addresses Dynamically

      21.3 Allocating External Addresses Statically

      21.4 Translating Some Addresses Statically and Others Dynamically

      21.5 Using Route Maps to Refine Static Translation Rules

      21.6 Translating in Both Directions Simultaneously

      21.7 Rewriting the Network Prefix

      21.8 Using NAT for Server Load Distribution

      21.9 Stateful NAT Failover

      21.10 Adjusting NAT Timers

      21.11 Changing TCP Ports for FTP

      21.12 Checking NAT Status

      21.13 Debugging NAT

22. First Hop Redundancy Protocols

      22.1 Configuring Basic HSRP Functionality

      22.2 Using HSRP Preempt

      22.3 Making HSRP React to Problems on Other Interfaces

      22.4 Load-Balancing with HSRP

      22.5 Redirecting ICMP with HSRP

      22.6 Manipulating HSRP Timers

      22.7 Using HSRP on Token Ring

      22.8 HSRP SNMP Support

      22.9 Increasing HSRP Security

      22.10 Showing HSRP State Information

      22.11 Debugging HSRP

      22.12 HSRP Version 2

      22.13 VRRP

      22.14 Gateway Load-Balancing Protocol

23. IP Multicast

      23.1 Configuring Basic Multicast Functionality with PIM-DM

      23.2 Routing Multicast Traffic with PIM-SM and BSR

      23.3 Routing Multicast Traffic with PIM-SM and Auto-RP

      23.4 Filtering PIM Neighbors

      23.5 Configuring Routing for a Low-Frequency Multicast Application

      23.6 Multicast over Frame Relay or ATM WANs

      23.7 Configuring CGMP

      23.8 Using IGMP Version 3

      23.9 Static Multicast Routes and Group Memberships

      23.10 Routing Multicast Traffic with MOSPF

      23.11 Routing Multicast Traffic with DVMRP

      23.12 DVMRP Tunnels

      23.13 Configuring Bidirectional PIM

      23.14 Controlling Multicast Scope with TTL

      23.15 Controlling Multicast Scope with Administratively Scoped Addressing
      23.16 Exchanging Multicast Routing Information with MBGP

      23.17 Using MSDP to Discover External Sources

      23.18 Configuring Anycast RP

      23.19 Converting Broadcasts to Multicasts

      23.20 Showing Multicast Status

      23.21 Debugging Multicast Routing

24. IP Mobility

      24.1 Local Area Mobility

      24.2 Home Agent Configuration

      24.3 Foreign Agent Configuration

      24.4 Making a Router a Mobile Node

      24.5 Reverse-Tunnel Forwarding

      24.6 Using HSRP for Home Agent Redundancy

25. IPv6

      25.1 Automatically Generating IPv6 Addresses for an Interface

      25.2 Manually Configuring IPv6 Addresses on an Interface

      25.3 Configuring DHCP for IPv6

      25.4 Dynamic Routing with RIP

      25.5 Modifying the Default RIP Parameters

      25.6 IPv6 Route Filtering and Metric Manipulation in RIP

      25.7 Using OSPF for IPv6

      25.8 IPv6 Route Filtering and Metric Manipulation in OSPF

      25.9 Route Redistribution

      25.10 Dynamic Routing with MBGP

      25.11 Tunneling IPv6 Through an Existing IPv4 Network

      25.12 Translating Between IPv6 and IPv4

26. MPLS

      26.1 Configuring a Basic MPLS P Router

      26.2 Configuring a Basic MPLS PE Router

      26.3 Configuring Basic MPLS CE Routers

      26.4 Configuring MPLS over ATM

      26.5 PE-CE Communication via RIP

      26.6 PE-CE Communication via OSPF

      26.7 PE-CE Communication via EIGRP

      26.8 PE-CE Communication via BGP

      26.9 QoS over MPLS

      26.10 MPLS Traffic Engineering with Autoroute

      26.11 Multicast Over MPLS

      26.12 Your Service Provider Doesn't Do What You Want

27. Security

      27.1 Using AutoSecure

      27.2 Using Context-Based Access-Lists

      27.3 Transparent Cisco IOS Firewall

      27.4 Stopping Denial of Service Attacks

      27.5 Inspecting Applications on Different Port Numbers

      27.6 Intrusion Detection and Prevention

      27.7 Login Password Retry Lockout

      27.8 Authentication Proxy

A. External Software Packages

B. IP Precedence, TOS, and DSCP Classifications

Index