Cisco IOS Cookbook, 2nd Edition View Larger Image | Kevin Dooley, Ian Brown
O'Reilly Media, Paperback, 2nd edition, Published December 2006, 1000 pages, ISBN 0596527225 | List Price: $59.99
Our Price: $37.50
You Save: $22.49 (37% Off)
| | | Availability: In-Stock |
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Network Warrior; Gary A. Donahue, $27.95, 38% Off!
- Active Directory Cookbook, 2nd Edition; Robbie Allen, et al, $31.50, 37% Off!
- Cisco IOS in a Nutshell, 2nd Edition; James Boney, $25.50, 36% Off!
- 2007 Microsoft Office System Step by Step, 2nd Edition; Joyce Cox, et al, $25.50, 36% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Never has something cried out for a cookbook quite as much as Cisco's Internetwork
Operating System (IOS). IOS is powerful and flexible, but also confusing and
daunting. Most tasks can be accomplished in several different ways. And you
don't want to spend precious time figuring out which way is best when you're
trying to solve a problem quickly.
That's what this cookbook is for. Fortunately, most router configuration tasks
can be broken down into several more or less independent steps: you configure
an interface, you configure a routing protocol, you set up backup links, you
implement packet filters and other access control mechanisms. What you really
need is a set of recipes that show you how to perform the most common tasks,
so you can quickly come up with a good configuration for your site. And you
need to know that these solutions work: you don't want to find yourself implementing
a backup link at 2 A.M. because your main link is down and the backup link you
set up when you installed the router wasn't quite right.
Thoroughly revised and expanded, Cisco IOS Cookbook, 2nd Edition adds sections
on MPLS, Security, IPv6, and IP Mobility and presents solutions to the most
common configuration problems, including:
* Configuring interfaces of many types, from serial to ATM and Frame Relay
* Configuring all of the common IP routing protocols (RIP, EIGRP, OSPF, and
BGP)
* Configuring authentication
* Configuring other services, including DHCP and NTP
* Setting up backup links, and using HSRP to configure backup routers
* Managing the router, including SNMP and other solutions
* Using access lists to control the traffic through the router
If you work with Cisco routers, you need a book like this to help you solve
problems quickly and effectively. Even if you're experienced, the solutions
and extensive explanations will give you new ideas and insights into router
configuration. And if you're not experienced--if you've just been given responsibility
for managing a network with Cisco routers--this book could be a job-saver.
Table of Contents
Preface
1. Router Configuration and File Management
1.1 Configuring the Router via TFTP
1.2 Saving Router Configuration to Server
1.3 Booting the Router Using a Remote Configuration File
1.4 Storing Configuration Files Larger Than NVRAM
1.5 Clearing the Startup Configuration
1.6 Loading a New IOS Image
1.7 Booting a Different IOS Image
1.8 Booting over the Network
1.9 Copying an IOS Image to a Server
1.10 Copying an IOS Image Through the Console
1.11 Deleting Files from Flash
1.12 Partitioning Flash
1.13 Using the Router as a TFTP Server
1.14 Using FTP from the Router
1.15 Generating Large Numbers of Router Configurations
1.16 Changing the Configurations of Many Routers at Once
1.17 Extracting Hardware Inventory Information
1.18 Backing Up Router Configurations
1.19 Warm Reload
1.20 Warm Upgrade
1.21 Configuration Archiving
1.22 Locking Configuration Access
2. Router Management
2.1 Creating Command Aliases
2.2 Managing the Router's ARP Cache
2.3 Tuning Router Buffers
2.4 Auto Tuning Buffers
2.5 Using the Cisco Discovery Protocol
2.6 Disabling the Cisco Discovery Protocol
2.7 Using the Small Servers
2.8 Enabling HTTP Access to a Router
2.9 Enabling Secure HTTP (HTTPS) Access to a Router
2.10 Using Static Hostname Tables
2.11 Enabling Domain Name Services
2.12 Disabling Domain Name Lookups
2.13 Specifying a Router Reload Time
2.14 Scheduling of Router Commands
2.15 Displaying Historical CPU Values
2.16 Creating Exception Dump Files
2.17 Generating a Report of Interface Information
2.18 Generating a Report of Routing Table Information
2.19 Generating a Report of ARP Table Information
2.20 Generating a Server Host Table File
3. User Access and Privilege Levels
3.1 Setting Up User IDs
3.2 Encrypting Passwords
3.3 Using Better Password-Encryption Techniques
3.4 Removing Passwords from a Router Configuration File
3.5 Deciphering Cisco's Weak Password Encryption
3.6 Displaying Active Users
3.7 Sending Messages to Other Users
3.8 Changing the Number of VTYs
3.9 Changing VTY Timeouts
3.10 Restricting VTY Access by Protocol
3.11 Enabling Absolute Timeouts on VTY Lines
3.12 Implementing Banners
3.13 Disabling Banners on a Port
3.14 Disabling Router Lines
3.15 Reserving a VTY Port for Administrative Access
3.16 Restricting Inbound Telnet Access
3.17 Logging Telnet Access
3.18 Setting the Source Address for Telnet
3.19 Automating the Login Sequence
3.20 Using SSH for Secure Access
3.21 Changing Privilege Level of IOS Commands
3.22 Defining Per User Privileges
3.23 Defining Per Port Privileges
4. TACACS+
4.1 Authenticating Login IDs from a Central System
4.2 Restricting Command Access
4.3 Losing Access to the TACACS+ Server
4.4 Disabling TACACS+ Authentication on a Particular Line
4.5 Capturing User Keystrokes
4.6 Logging System Events
4.7 Setting the IP Source Address for TACACS+ Messages
4.8 Sample Server Configuration Files
5. IP Routing
5.1 Finding an IP Route
5.2 Finding Types of IP Routes
5.3 Converting Different Mask Formats
5.4 Using Static Routing
5.5 Floating Static Routes
5.6 Using Policy-Based Routing to Route Based on Source
Address
5.7 Using Policy-Based Routing to Route Based on Application
Type
5.8 Examining Policy-Based Routing
5.9 Changing Administrative Distances
5.10 Routing Over Multiple Paths with Equal Costs
5.11 Static Routes That Track Interfaces or Other Routes
5.12 Keeping Statistics on Routing Table Changes
6. RIP
6.1 Configuring RIP Version 1
6.2 Filtering Routes with RIP
6.3 Redistributing Static Routes into RIP
6.4 Redistributing Routes Using Route Maps
6.5 Creating a Default Route in RIP
6.6 Disabling RIP on an Interface
6.7 Default Passive Interface
6.8 Unicast Updates for RIP
6.9 Applying Offsets to Routes
6.10 Adjusting Timers
6.11 Configuring Interpacket Delay
6.12 Enabling Nonperiodic Updates
6.13 Increasing the RIP Input Queue
6.14 Configuring RIP Version 2
6.15 Enabling RIP Authentication
6.16 RIP Route Summarization
6.17 Route Tagging
7. EIGRP
7.1 Configuring EIGRP
7.2 Filtering Routes with EIGRP
7.3 Redistributing Routes into EIGRP
7.4 Redistributing Routes into EIGRP Using Route Maps
7.5 Disabling EIGRP on an Interface
7.6 Adjusting EIGRP Metrics
7.7 Adjusting Timers
7.8 Enabling EIGRP Authentication
7.9 EIGRP Route Summarization
7.10 Logging EIGRP Neighbor State Changes
7.11 Limiting EIGRP's Bandwidth Utilization
7.12 EIGRP Stub Routing
7.13 Route Tagging
7.14 Viewing EIGRP Status
8. OSPF
8.1 Configuring OSPF
8.2 Filtering Routes in OSPF
8.3 Adjusting OSPF Costs
8.4 Creating a Default Route in OSPF
8.5 Redistributing Static Routes into OSPF
8.6 Redistributing External Routes into OSPF
8.7 Manipulating DR Selection
8.8 Setting the OSPF RID
8.9 Enabling OSPF Authentication
8.10 Selecting the Appropriate Area Types
8.11 Using OSPF on Dial Interfaces
8.12 Summarizing Routes in OSPF
8.13 Disabling OSPF on Certain Interfaces
8.14 Changing the Network Type on an Interface
8.15 OSPF Route Tagging
8.16 Logging OSPF Adjacency Changes
8.17 Adjusting OSPF Timers
8.18 Reducing OSPF Traffic in Stable Networks
8.19 OSPF Virtual Links
8.20 Viewing OSPF Status with Domain Names
8.21 Debugging OSPF
9. BGP
9.1 Configuring BGP
9.2 Using eBGP Multihop
9.3 Adjusting the Next-Hop Attribute
9.4 Connecting to Two ISPs
9.5 Connecting to Two ISPs with Redundant Routers
9.6 Restricting Networks Advertised to a BGP Peer
9.7 Adjusting Local Preference Values
9.8 Load-Balancing
9.9 Removing Private ASNs from the AS Path
9.10 Filtering BGP Routes Based on AS Paths
9.11 Reducing the Size of the Received Routing Table
9.12 Summarizing Outbound Routing Information
9.13 Prepending ASNs to the AS Path
9.14 Redistributing Routes with BGP
9.15 Using Peer Groups
9.16 Authenticating BGP Peers
9.17 Using BGP Communities
9.18 Using BGP Route Reflectors
9.19 Putting It All Together
10. Frame Relay
10.1 Setting Up Frame Relay with Point-to-Point Subinterfaces
10.2 Adjusting LMI Options
10.3 Setting Up Frame Relay with Map Statements
10.4 Using Multipoint Subinterfaces
10.5 Configuring Frame Relay SVCs
10.6 Simulating a Frame Relay Cloud
10.7 Compressing Frame Relay Data on a Subinterface
10.8 Compressing Frame Relay Data with Maps
10.9 PPP over Frame Relay
10.10 Viewing Frame Relay Status Information
11. Handling Queuing and Congestion
11.1 Fast Switching and CEF
11.2 Setting the DSCP or TOS Field
11.3 Using Priority Queuing
11.4 Using Custom Queuing
11.5 Using Custom Queues with Priority Queues
11.6 Using Weighted Fair Queuing
11.7 Using Class-Based Weighted Fair Queuing
11.8 Using NBAR Classification
11.9 Controlling Congestion with WRED
11.10 Using RSVP
11.11 Manual RSVP Reservations
11.12 Aggregating RSVP Reservations
11.13 Using Generic Traffic Shaping
11.14 Using Frame-Relay Traffic Shaping
11.15 Using Committed Access Rate
11.16 Implementing Standards-Based Per-Hop Behavior
11.17 AutoQoS
11.18 Viewing Queue Parameters
12. Tunnels and VPNs
12.1 Creating a Tunnel
12.2 Tunneling Foreign Protocols in IP
12.3 Tunneling with Dynamic Routing Protocols
12.4 Viewing Tunnel Status
12.5 Creating an Encrypted Router-to-Router VPN in a GRE
Tunnel
12.6 Creating an Encrypted VPN Between the LAN Interfaces
of Two Routers
12.7 Generating RSA Keys
12.8 Creating a Router-to-Router VPN with RSA Keys
12.9 Creating a VPN Between a Workstation and a Router
12.10 Creating an SSL VPN
12.11 Checking IPSec Protocol Status
13. Dial Backup
13.1 Automating Dial Backup
13.2 Using Dialer Interfaces
13.3 Using an Async Modem on the AUX Port
13.4 Using Backup Interfaces
13.5 Using Dialer Watch
13.6 Using Virtual Templates
13.7 Ensuring Proper Disconnection
13.8 View Dial Backup Status
13.9 Debugging Dial Backup
14. NTP and Time
14.1 Time-Stamping Router Logs
14.2 Setting the Time
14.3 Setting the Time Zone
14.4 Adjusting for Daylight Saving Time
14.5 Synchronizing the Time on All Routers (NTP)
14.6 Configuring NTP Redundancy
14.7 Setting the Router As the NTP Master for the Network
14.8 Changing NTP Synchronization Periods
14.9 Using NTP to Send Periodic Broadcast Time Updates
14.10 Using NTP to Send Periodic Multicast Time Updates
14.11 Enabling and Disabling NTP Per Interface
14.12 NTP Authentication
14.13 Limiting the Number of Peers
14.14 Restricting Peers
14.15 Setting the Clock Period
14.16 Checking the NTP Status
14.17 Debugging NTP
14.18 NTP Logging
14.19 Extended Daylight Saving Time
14.20 NTP Server Configuration
15. DLSw
15.1 Simple Bridging
15.2 Configuring DLSw
15.3 Using DLSw to Bridge Between Ethernet and Token Ring
15.4 Converting Ethernet and Token Ring MAC Addresses
15.5 Configuring SDLC
15.6 Configuring SDLC for Multidrop Connections
15.7 Using STUN
15.8 Using BSTUN
15.9 Controlling DLSw Packet Fragmentation
15.10 Tagging DLSw Packets for QoS
15.11 Supporting SNA Priorities
15.12 DLSw+ Redundancy and Fault Tolerance
15.13 Viewing DLSw Status Information
15.14 Viewing SDLC Status Information
15.15 Debugging DSLw
16. Router Interfaces and Media
16.1 Viewing Interface Status
16.2 Configuring Serial Interfaces
16.3 Using an Internal T1 CSU/DSU
16.4 Using an Internal ISDN PRI Module
16.5 Using an Internal 56 Kbps CSU/DSU
16.6 Configuring an Async Serial Interface
16.7 Configuring ATM Subinterfaces
16.8 Setting Payload Scrambling on an ATM Circuit
16.9 Classical IP Over ATM
16.10 Configuring Ethernet Interface Features
16.11 Configuring Token Ring Interface Features
16.12 Connecting VLAN Trunks with ISL
16.13 Connecting VLAN Trunks with 802.1Q
16.14 LPD Printer Support
17. Simple Network Management Protocol
17.1 Configuring SNMP
17.2 Extracting Router Information via SNMP Tools
17.3 Recording Important Router Information for SNMP Access
17.4 Using SNMP to Extract Inventory Information from a
List of Routers
17.5 Using Access Lists to Protect SNMP Access
17.6 Logging Unauthorized SNMP Attempts
17.7 Limiting MIB Access
17.8 Using SNMP to Modify a Router's Running Configuration
17.9 Using SNMP to Copy a New IOS Image
17.10 Using SNMP to Perform Mass Configuration Changes
17.11 Preventing Unauthorized Configuration Modifications
17.12 Making Interface Table Numbers Permanent
17.13 Enabling SNMP Traps and Informs
17.14 Sending Syslog Messages As SNMP Traps and Informs
17.15 Setting SNMP Packet Size
17.16 Setting SNMP Queue Size
17.17 Setting SNMP Timeout Values
17.18 Disabling Link Up/Down Traps per Interface
17.19 Setting the IP Source Address for SNMP Traps
17.20 Using RMON to Send Traps
17.21 Enabling SNMPv3
17.22 Strong SNMPv3 Encryption
17.23 Using SAA
18. Logging
18.1 Enabling Local Router Logging
18.2 Setting the Log Size
18.3 Clearing the Router's Log
18.4 Sending Log Messages to Your Screen
18.5 Using a Remote Log Server
18.6 Enabling Syslog on a Unix Server
18.7 Changing the Default Log Facility
18.8 Restricting What Log Messages Are Sent to the Server
18.9 Setting the IP Source Address for Syslog Messages
18.10 Logging Router Syslog Messages in Different Files
18.11 Maintaining Syslog Files on the Server
18.12 Testing the Syslog Sever Configuration
18.13 Preventing the Most Common Messages from Being Logged
18.14 Rate-Limiting Syslog Traffic
18.15 Enabling Error Log Counting
18.16 XML-Formatted Log Messages
18.17 Modifying Log Messages
19. Access-Lists
19.1 Filtering by Source or Destination IP Address
19.2 Adding a Comment to an ACL
19.3 Filtering by Application
19.4 Filtering Based on TCP Header Flags
19.5 Restricting TCP Session Direction
19.6 Filtering Multiport Applications
19.7 Filtering Based on DSCP and TOS
19.8 Logging When an Access-List Is Used
19.9 Logging TCP Sessions
19.10 Analyzing ACL Log Entries
19.11 Using Named and Reflexive Access-Lists
19.12 Dealing with Passive Mode FTP
19.13 Using Time-Based Access-Lists
19.14 Filtering Based on Noncontiguous Ports
19.15 Advanced Access-List Editing
19.16 Filtering IPv6
20. DHCP
20.1 Using IP Helper Addresses for DHCP
20.2 Limiting the Impact of IP Helper Addresses
20.3 Using DHCP to Dynamically Configure Router IP Addresses
20.4 Dynamically Allocating Client IP Addresses via DHCP
20.5 Defining DHCP Configuration Options
20.6 Defining DHCP Lease Periods
20.7 Allocating Static IP Addresses with DHCP
20.8 Configuring a DHCP Database Client
20.9 Configuring Multiple DHCP Servers per Subnet
20.10 DHCP Static Mapping
20.11 DHCP-Secured IP Address Assignment
20.12 Showing DHCP Status
20.13 Debugging DHCP
21. NAT
21.1 Configuring Basic NAT Functionality
21.2 Allocating External Addresses Dynamically
21.3 Allocating External Addresses Statically
21.4 Translating Some Addresses Statically and Others Dynamically
21.5 Using Route Maps to Refine Static Translation Rules
21.6 Translating in Both Directions Simultaneously
21.7 Rewriting the Network Prefix
21.8 Using NAT for Server Load Distribution
21.9 Stateful NAT Failover
21.10 Adjusting NAT Timers
21.11 Changing TCP Ports for FTP
21.12 Checking NAT Status
21.13 Debugging NAT
22. First Hop Redundancy Protocols
22.1 Configuring Basic HSRP Functionality
22.2 Using HSRP Preempt
22.3 Making HSRP React to Problems on Other Interfaces
22.4 Load-Balancing with HSRP
22.5 Redirecting ICMP with HSRP
22.6 Manipulating HSRP Timers
22.7 Using HSRP on Token Ring
22.8 HSRP SNMP Support
22.9 Increasing HSRP Security
22.10 Showing HSRP State Information
22.11 Debugging HSRP
22.12 HSRP Version 2
22.13 VRRP
22.14 Gateway Load-Balancing Protocol
23. IP Multicast
23.1 Configuring Basic Multicast Functionality with PIM-DM
23.2 Routing Multicast Traffic with PIM-SM and BSR
23.3 Routing Multicast Traffic with PIM-SM and Auto-RP
23.4 Filtering PIM Neighbors
23.5 Configuring Routing for a Low-Frequency Multicast
Application
23.6 Multicast over Frame Relay or ATM WANs
23.7 Configuring CGMP
23.8 Using IGMP Version 3
23.9 Static Multicast Routes and Group Memberships
23.10 Routing Multicast Traffic with MOSPF
23.11 Routing Multicast Traffic with DVMRP
23.12 DVMRP Tunnels
23.13 Configuring Bidirectional PIM
23.14 Controlling Multicast Scope with TTL
23.15 Controlling Multicast Scope with Administratively
Scoped Addressing
23.16 Exchanging Multicast Routing Information with MBGP
23.17 Using MSDP to Discover External Sources
23.18 Configuring Anycast RP
23.19 Converting Broadcasts to Multicasts
23.20 Showing Multicast Status
23.21 Debugging Multicast Routing
24. IP Mobility
24.1 Local Area Mobility
24.2 Home Agent Configuration
24.3 Foreign Agent Configuration
24.4 Making a Router a Mobile Node
24.5 Reverse-Tunnel Forwarding
24.6 Using HSRP for Home Agent Redundancy
25. IPv6
25.1 Automatically Generating IPv6 Addresses for an Interface
25.2 Manually Configuring IPv6 Addresses on an Interface
25.3 Configuring DHCP for IPv6
25.4 Dynamic Routing with RIP
25.5 Modifying the Default RIP Parameters
25.6 IPv6 Route Filtering and Metric Manipulation in RIP
25.7 Using OSPF for IPv6
25.8 IPv6 Route Filtering and Metric Manipulation in OSPF
25.9 Route Redistribution
25.10 Dynamic Routing with MBGP
25.11 Tunneling IPv6 Through an Existing IPv4 Network
25.12 Translating Between IPv6 and IPv4
26. MPLS
26.1 Configuring a Basic MPLS P Router
26.2 Configuring a Basic MPLS PE Router
26.3 Configuring Basic MPLS CE Routers
26.4 Configuring MPLS over ATM
26.5 PE-CE Communication via RIP
26.6 PE-CE Communication via OSPF
26.7 PE-CE Communication via EIGRP
26.8 PE-CE Communication via BGP
26.9 QoS over MPLS
26.10 MPLS Traffic Engineering with Autoroute
26.11 Multicast Over MPLS
26.12 Your Service Provider Doesn't Do What You Want
27. Security
27.1 Using AutoSecure
27.2 Using Context-Based Access-Lists
27.3 Transparent Cisco IOS Firewall
27.4 Stopping Denial of Service Attacks
27.5 Inspecting Applications on Different Port Numbers
27.6 Intrusion Detection and Prevention
27.7 Login Password Retry Lockout
27.8 Authentication Proxy
A. External Software Packages
B. IP Precedence, TOS, and DSCP Classifications
Index
About the Authors
Kevin Dooley is an independent networking consultant who has been designing
and implementing networks for more than ten years. In that time he has built
large scale Local and Wide Area Networks for several of Canada's largest companies.
He holds a PhD in physics from the University of Toronto and is the author of
Designing Large-Scale LANs.
Ian J. Brown is a CCIE and Managing Consultant for Bell Nexxia.
|
