Cisco IOS Cookbook™ Other resources from O’Reilly Related titles Cisco IOS in a Nusthell IP Routing Cisco IOS Access Lists IPv6 Essentials DNS and BIND IPv6 Network Administration Ethernet: The Definitive SSH, The Secure Shell: The Guide Definitive Guide Hardening Cisco Routers oreilly.com oreilly.com is more than a complete catalog of O’Reilly books. You’llalsofindlinkstonews,events,articles,weblogs,sample chapters, and code examples. oreillynet.comistheessentialportalfordevelopersinterestedin openandemergingtechnologies,includingnewplatforms,pro- gramming languages, and operating systems. Conferences O’Reillybringsdiverseinnovatorstogethertonurturetheideas thatsparkrevolutionaryindustries.Wespecializeindocument- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searchesacrossmorethan1,000books.Subscriberscanzeroin on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. SECOND EDITION Cisco IOS Cookbook ™ Kevin Dooley and Ian J. Brown Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Cisco IOS Cookbook™, Second Edition by Kevin Dooley and Ian J. Brown Copyright © 2007, 2003 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 [email protected]. Editor: Mike Loukides Cover Designer: Ellie Volckhausen Production Editor: Colleen Gorman Interior Designer: David Futato Proofreader: Ann Atalla Illustrators: RobertRomanoandJessamynRead Indexer: John Bickelhaupt Printing History: July 2003: First Edition. December 2006: Second Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. TheCookbook series designations,Cisco IOS Cookbook, the image of a black jaguar, and related trade dress are trademarks of O’Reilly Media, Inc. Manyofthedesignationsusedbymanufacturersandsellerstodistinguishtheirproductsareclaimedas trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. ISBN10: 0-596-52722-5 ISBN13: 978-0-596-52722-8 [C] Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix 1. Router Configuration and File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Configuring the Router via TFTP 4 1.2 Saving Router Configuration to Server 5 1.3 Booting the Router Using a Remote Configuration File 7 1.4 Storing Configuration Files Larger Than NVRAM 10 1.5 Clearing the Startup Configuration 12 1.6 Loading a New IOS Image 15 1.7 Booting a Different IOS Image 18 1.8 Booting over the Network 22 1.9 Copying an IOS Image to a Server 24 1.10 Copying an IOS Image Through the Console 25 1.11 Deleting Files from Flash 27 1.12 Partitioning Flash 30 1.13 Using the Router as a TFTP Server 32 1.14 Using FTP from the Router 33 1.15 Generating Large Numbers of Router Configurations 35 1.16 Changing the Configurations of Many Routers atOnce 38 1.17 Extracting Hardware Inventory Information 41 1.18 Backing Up Router Configurations 43 1.19 Warm Reload 47 1.20 Warm Upgrade 48 1.21 Configuration Archiving 50 1.22 Locking Configuration Access 52 v 2. Router Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 2.1 Creating Command Aliases 55 2.2 Managing the Router’s ARP Cache 58 2.3 Tuning Router Buffers 60 2.4 Auto Tuning Buffers 65 2.5 Using the Cisco Discovery Protocol 66 2.6 Disabling the Cisco Discovery Protocol 70 2.7 Using the Small Servers 71 2.8 Enabling HTTP Access to a Router 75 2.9 Enabling Secure HTTP (HTTPS) Access to a Router 77 2.10 Using Static Hostname Tables 79 2.11 Enabling Domain Name Services 81 2.12 Disabling Domain Name Lookups 84 2.13 Specifying a Router Reload Time 86 2.14 Scheduling of Router Commands 89 2.15 Displaying Historical CPU Values 91 2.16 Creating Exception Dump Files 94 2.17 Generating a Report of Interface Information 96 2.18 Generating a Report of Routing Table Information 99 2.19 Generating a Report of ARP Table Information 101 2.20 Generating a Server Host Table File 103 3. User Access and Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 3.1 Setting Up User IDs 108 3.2 Encrypting Passwords 111 3.3 Using Better Password-Encryption Techniques 113 3.4 Removing Passwords from a Router Configuration File 115 3.5 Deciphering Cisco’s Weak Password Encryption 117 3.6 Displaying Active Users 119 3.7 Sending Messages to Other Users 121 3.8 Changing the Number of VTYs 123 3.9 Changing VTY Timeouts 125 3.10 Restricting VTY Access by Protocol 127 3.11 Enabling Absolute Timeouts on VTY Lines 128 3.12 Implementing Banners 129 3.13 Disabling Banners on a Port 133 3.14 Disabling Router Lines 133 3.15 Reserving a VTY Port for Administrative Access 136 3.16 Restricting Inbound Telnet Access 138 vi | Table of Contents 3.17 Logging Telnet Access 139 3.18 Setting the Source Address for Telnet 140 3.19 Automating the Login Sequence 141 3.20 Using SSH for Secure Access 144 3.21 Changing Privilege Level of IOS Commands 148 3.22 Defining Per User Privileges 151 3.23 Defining Per Port Privileges 154 4. TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 4.1 Authenticating Login IDs from a Central System 157 4.2 Restricting Command Access 160 4.3 Losing Access to the TACACS+ Server 162 4.4 Disabling TACACS+ Authentication onaParticular Line 164 4.5 Capturing User Keystrokes 165 4.6 Logging System Events 166 4.7 Setting the IP Source Address for TACACS+ Messages 168 4.8 Sample Server Configuration Files 169 5. IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 5.1 Finding an IP Route 176 5.2 Finding Types of IP Routes 177 5.3 Converting Different Mask Formats 179 5.4 Using Static Routing 184 5.5 Floating Static Routes 187 5.6 Using Policy-Based Routing to Route Based onSource Address 190 5.7 Using Policy-Based Routing to Route Based onApplication Type 193 5.8 Examining Policy-Based Routing 196 5.9 Changing Administrative Distances 197 5.10 Routing Over Multiple Paths with Equal Costs 201 5.11 Static Routes That Track Interfaces or Other Routes 203 5.12 Keeping Statistics on Routing Table Changes 209 6. RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 6.1 Configuring RIP Version 1 215 6.2 Filtering Routes with RIP 218 6.3 Redistributing Static Routes into RIP 221 6.4 Redistributing Routes Using Route Maps 225 6.5 Creating a Default Route in RIP 227 6.6 Disabling RIP on an Interface 229 Table of Contents | vii 6.7 Default Passive Interface 231 6.8 Unicast Updates for RIP 233 6.9 Applying Offsets to Routes 235 6.10 Adjusting Timers 237 6.11 Configuring Interpacket Delay 240 6.12 Enabling Nonperiodic Updates 241 6.13 Increasing the RIP Input Queue 244 6.14 Configuring RIP Version 2 245 6.15 Enabling RIP Authentication 247 6.16 RIP Route Summarization 250 6.17 Route Tagging 253 7. EIGRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 7.1 Configuring EIGRP 256 7.2 Filtering Routes with EIGRP 260 7.3 Redistributing Routes into EIGRP 265 7.4 Redistributing Routes into EIGRP Using Route Maps 269 7.5 Disabling EIGRP on an Interface 270 7.6 Adjusting EIGRP Metrics 272 7.7 Adjusting Timers 274 7.8 Enabling EIGRP Authentication 276 7.9 EIGRP Route Summarization 278 7.10 Logging EIGRP Neighbor State Changes 282 7.11 Limiting EIGRP’s Bandwidth Utilization 284 7.12 EIGRP Stub Routing 285 7.13 Route Tagging 287 7.14 Viewing EIGRP Status 289 8. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 8.1 Configuring OSPF 298 8.2 Filtering Routes in OSPF 300 8.3 Adjusting OSPF Costs 306 8.4 Creating a Default Route in OSPF 308 8.5 Redistributing Static Routes into OSPF 311 8.6 Redistributing External Routes into OSPF 313 8.7 Manipulating DR Selection 317 8.8 Setting the OSPF RID 319 8.9 Enabling OSPF Authentication 321 8.10 Selecting the Appropriate Area Types 325 viii | Table of Contents
Description: