ptg www.it-ebooks.info ptg Cisco Router Configuration Handbook Second Edition Dave Hucaby, CCIE No. 4594 Steve McQuerry, CCIE No. 6108 Andrew Whitaker Cisco Press 800 East 96th Street Indianapolis, IN 46240 www.it-ebooks.info ptg ii Cisco Router Configuration Handbook Cisco Router Configuration Handbook, Second Edition Dave Hucaby, Steve McQuerry, Andrew Whitaker Copyright © 2010 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any informa- tion storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing June 2010 Library of Congress Cataloging-in-Publication data is on file. ISBN-13: 978-1-58714-116-4 ISBN-10: 1-58714-116-7 Warning and Disclaimer This book is designed to provide information about configuring Cisco routers. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. www.it-ebooks.info ptg iii Corporate and Government Sales The publisher offers excellent discounts on this book when ordered in quantity for bulk pur- chases or special sales, which may include electronic versions and/or custom covers and con- tent particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the United States, please contact: International Sales international@pearsoned.com Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regard- ing how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message. We g r eatly a p p r e c i a t e y o ur a s s i s t a nce. Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work , Live, Play, and Learn and Cis co Sto re are ser vice marks; and A ccess Regist rar, A iron et, AsyncOS, Bringing th e Meeting To You, Cat alyst, CC DA, C CDP, CC IE, CCIP, CCNA , C CNP, CC SP, CCVP, Cis co, th e Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient , IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R) Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Publisher: Paul Boger Manager, Global Certification: Erik Ullanderson Associate Publisher: Dave Dusthimer Business Operation Manager, Cisco Press: Anand Sundaram Executive Editor: Brett Bartow Senior Development Editor: Christopher Cleveland Managing Editor: Sandra Schroeder Project Editor: Seth Kerney Copy Editor: Apostrophe Editing Services Te c hn ic a l E d ito r s : Steve Kalman, Joe Harris Editorial Assistant: Vane ssa Evan s Indexer: Wo r d W i s e Pu b l i s h i n g S e r v i c e s Book Designer: Louisa Adair Proofreaders: Sheri Cain and Water Crest Publishing Composition: Mark Shirar www.it-ebooks.info ptg iv Cisco Router Configuration Handbook Dedications Dave Hucaby: This book is dedicated to my wife, Marci, and my daughters, Lauren and Kara. I am blessed to have three wonderful girls in the house; their love, encouragement, and sup- port carry me along. God is good! Steve McQuerry: I dedicate this work to my beautiful wife and love of my life, Becky. Also, to my wonderful children, Katie, Logan, and Cameron. You are all my inspiration. Your patience, love, and support give me the courage and strength needed to spend the required time and energy on a project like this. Even through the long hours, I want you to know I love you all very much. www.it-ebooks.info ptg v About the Authors David Hucaby, CCIE #4594, is a lead network engineer for the University of Kentucky, where he designs, implements, and maintains campus networks using Cisco products. Prior to his current position, he was a senior network consultant, providing design and implementation consulting, focusing on Cisco-based VPN and IP telephony solutions. Hucaby has bachelor of science and master of science degrees in electrical engineering from the University of Kentucky. He is also the author of CCNP Switching Exam Certification Guide by Cisco Press. Stephen McQuerry, CCIE #6108, is an instructor and consultant with more than ten years of networking industry experience. He is a certified Cisco Systems instructor (CCSI) and a course director/developer, teaching routing and switching concepts for Global Knowledge. McQuerry regularly teaches Cisco Enterprise courses. Additionally, he has developed and taught custom Cisco switching courses. McQuerry holds a bachelor of science degree in engi- neering physics from Eastern Kentucky University. He is also the author of Interconnecting Cisco Network Devices by Cisco Press. Andrew Whitaker has been teaching and developing Cisco courses for more than seven years and holds the following certifications: CCNP, CCVP, CCSP, CCDP, CCNA:Security, MCT, CEI, CISSP, LPT, CEH, ECSA, MCTS, MCSE, CNE, A+, Network+, Security+, Convergence+, CTP, CICP, CHFI, EMCPA. He is the author of several books, including Penetration Testing and Network Defense by Cisco Press. About the Technical Reviewers Steven Kalman is the principal officer at Esquire Micro Consultants, which offers lecturing, writing, and consulting services. He has more than 30 years of experience in data processing, with strengths in network design and implementation. Kalman is an instructor and author for Learning Tree International. He has written and reviewed many networking-related titles. He holds CCNA, CCDA, ECNE, CEN, and CNI certifications. Joe Harris, CCIE No. 6200 (R/S, Security & SP), is a Triple CCIE working for Cisco as a systems engineer within the Wireline and Emerging Providers organization, where he specializes in security and MPLS-related technologies. With more than 16 years of extensive experience focusing on advance technologies within the IT arena, Joe has been primarily focused on supporting various enterprise-sized networks revolving around all aspects of Cisco technology. He has also provided high-end consulting for both large and small corporations, as well as local government and federal agencies. Joe holds a bachelor of science degree from Louisiana Te ch Un i ver s i t y a n d re s ide s w it h h i s w i fe a nd t wo c h i ldre n i n F r i s c o, Tex as. www.it-ebooks.info ptg vi Cisco Router Configuration Handbook Acknowledgments Dave Hucaby: I am very grateful for another opportunity to work on a Cisco Press project. Getting to dabble in technical writing has been great fun, a highlight in my career, and a lot of work, too! Naturally, these good folks at Cisco Press have gone the extra mile to make writing enjoyable and achievable: Brett Bartow, who kindly accepted my idea for a book like this and kindly prodded us along to meet deadlines we didn’t think we could, and Chris Cleveland, who is a superb development editor. As a matter of fact, every Cisco Press person I have met along the way has been so nice, encouraging, and excited about their work! Thanks to our technical reviewers: Steve Kalman and Joe Harris. Working on a book of this nature has been challenging. The sheer volume and scope of the Cisco IOS Software com- mands and features are a little overwhelming. I truly appreciate reviewers who can help us see a bigger picture of better organization and accuracy while we’re writing in the depths of con- figuration commands. This book is also a testimony to the great number of things you can do with a router, thanks to the Cisco IOS Software. I don’t know how many hundreds of com- mands we have covered in this book, but we had to leave out many more lesser-used com- mands just to keep a handle on the book’s size and scope. I’m amazed at the robustness of the software and its dynamic nature. I would like to express my thanks to my friend and coauthor Steve McQuerry. We’ve followed each other around for many years, and it has been great to work on this project with him. Hopefully, we Kentucky boys can work on more things like this. Lastly, I would like to acknowledge the person who stole my laptop computer halfway through the first edition of this book project. Whoever you are, you left me a victim of my own lack of current backups. I made up a silly joke many years ago: “A backup is worth a mil- lion bytes, especially if you have to type them all back in.” Indeed. Steve McQuerry: About 20 years ago, the late Rodger Yockey gave me an opportunity as a field engineer in the computer industry. Since then, several people have been there at key moments to help my career go in certain directions. I owe a great debt to these people, as they have helped me reach the level I am at today. It is not often that one has the opportunity to thank those who have been instrumental in molding his career. In addition to Rodger, I would like to take a moment to also thank Ted Banner for his guidance and mentoring. I would also like to thank Chuck Terrien for giving me the opportunity to work as an instructor in the Cisco product line. I would like to thank Brett Bartow for the opportunity to begin sharing my experiences with the network community by writing for Cisco Press. Last but not least, I have to thank my friend and coauthor, Dave Hucaby. This book was his concept, and I thank him for the opportunity work with him once again. I hope we will always find a way to con- tinue working together in the future. Since I began working on book and course projects a couple of years ago, I have a newfound respect for what it takes to edit, coordinate, publish, and basically keep authors on track. Behind every Cisco Press book is an incredible staff, and I would be remiss if I did not acknowledge their work. Chris Cleveland, again it has been great working with you. I hope that we can work together again in the future. www.it-ebooks.info ptg vii Without the following individuals behind the book, it would be no more than a collection of jumbled notes and napkin sketches of networking configurations: The sharp eyes of all our technical editors on the first and this edition: Joe Harris, Steve Kalman, Alexander Marhold, and Kevin Turek. All my students and fellow instructors at Global Knowledge. Your challenges and questions provide me with the drive to have a better understanding. My wife and children for their never-ending patience and understanding during this and all of my projects. Most important, God, for giving me the skills, talents, and opportunity to work in such a chal- lenging and exciting profession. Andrew Whitaker: I would like to express my thanks to both Dave Hucaby and Steve McQuerry for this opportunity. Brett Bartow and Chris Cleveland, it is great to work with both of you again. Finally, to Steve Kalman and Joe Harris, I appreciate how diligently you worked to ensure a quality book. www.it-ebooks.info ptg viii Cisco Router Configuration Handbook Contents at a Glance Introduction xxi Part I: Configuration Fundamentals Chapter 1 Configuration Basics 1 Chapter 2 Interface Configuration 73 Chapter 3 Dial Solutions 121 Part II: Network Protocols Chapter 4 IPv4 Addressing and Services 153 Chapter 5 IPv6 Addressing and Services 195 Chapter 6 IP Routing Protocols 227 Chapter 7 IP Multicast Routing 275 Chapter 8 IP Route Processing 293 Part III: Packet Processing Chapter 9 Quality of Service 311 Chapter 10 Multiprotocol Label Switching 359 Part IV: Voice & Telephony Chapter 11 Voice and Telephony 375 Part V: Security Chapter 12 Router Security 423 Chapter 13 Virtual Private Networks 475 Chapter 14 Access Lists and Regular Expressions 519 Appendixes Appendix A Cisco IOS Software Release and Filename Conventions 543 Appendix B Cabling Quick Reference 551 Appendix C SNMP MIB Structure 557 Appendix D Password Recovery 561 Appendix E Configuration Register Settings 569 Appendix F Well-Known IP Protocol Numbers 577 Appendix G Well-Known IP Port Numbers 587 Appendix H ICMP Type and Code Numbers 601 Appendix I Well-Known IP Multicast Addresses 605 Appendix J To o l C o m m a n d L a n g u a g e ( T C L ) R e f e r e n c e 619 Appendix K Ethernet Type Codes 623 Index 631 www.it-ebooks.info ptg ix Contents Introduction xxi Part I: Configuration Fundamentals Chapter 1 Configuration Basics 1 1-1: User Interfaces 1 Configuration 2 Navigating File Systems 19 1-2: File Management 19 Deleting Files from Flash 22 Moving System Files 23 Configuration Rollback 25 Related File Management Commands 26 Alias Commands 27 1-3: Cisco Discovery Protocol (CDP) 28 Configuration 28 Example 29 1-4: System Time 30 Configuration 30 Example 33 1-5: Logging 34 Configuration 34 Ver i f y i n g L o g g i n g 37 Example 37 1-6: System Monitoring 38 Configuration 39 Example 47 1-7: Service Assurance Agent (SAA) 47 Configuration 48 Example 56 1-8: Buffer Management 56 Configuration 57 Example 61 1-9: Some Troubleshooting Tools 61 IP Connectivity Tools: Extended ping 62 IP Connectivity Tools: ping 62 IP Connectivity Tools: traceroute 63 Debugging Output from the Router 65 IP Connectivity Tools: Telnet 65 www.it-ebooks.info [...]... 154 Configuration 154 Example 157 4-2: IP Broadcast Handling 158 Configuration 158 Example 160 www.it-ebooks.info xii Cisco Router Configuration Handbook 4-3: Hot Standby Router Protocol (HSRP) 160 Configuration 161 Example 164 4-4: Virtual Router Redundancy Protocol 165 Configuration 166 Example 166 4-5: Dynamic Host Configuration Protocol (DHCP) 167 Configuration 167 Example 171 4-6: Mobile IP 172 Configuration. ..x Cisco Router Configuration Handbook Poor Man’s Sniffer 67 Troubleshooting Router Crashes 69 Monitoring Router Activity 70 Getting Assistance from Cisco 71 Information for the Cisco Technical Assistance Center (TAC) Chapter 2 Interface Configuration 73 2-1: Ethernet Interfaces 73 Configuration 74 Example 75 2-2: FDDI Interfaces 76 Configuration 76 Example 76 2-3: Loopback and Null Interfaces 77 Configuration. .. Internet Key Exchange (IKE) for VPNs 476 Configuration 476 Example 482 13-2: IPSec VPN Tunnels 483 Configuration 484 Example 490 13-3: High Availability Features 493 Configuration 494 Example 497 www.it-ebooks.info xviii Cisco Router Configuration Handbook 13-4: Dynamic Multipoint VPN (DMVPN) Configuration 504 505 Example 511 13-5: Secure Socket Layer VPNs 514 Configuration 515 Example 517 Further Reading... for QoS Signaling 348 Configuration 348 Using RSVP for QoS Signaling Example 351 9-14: Link Efficiency Mechanisms 351 Configuration 352 Link Efficiency Mechanism Example 353 9-15: AutoQoS for the Enterprise 353 Configuration 354 Example 356 www.it-ebooks.info xvi Cisco Router Configuration Handbook Chapter 10 Multiprotocol Label Switching 359 10-1: Configuring Basic MPLS 359 Configuration 360 Example... (IVR) Configuration 415 415 11-7: Survivable Remote Site (SRS) Telephony 417 Configuration 417 Example 420 Part V: Security Chapter 12 Router Security 423 12-1: Suggested Ways to Secure a Router 424 User Authentication on the Router 424 Control Access to the Router Lines 424 Configure Login Timing Options 425 Use Warning Banners to Inform Users 426 Router Management 426 Implement Logging on the Router. .. 6-8: Integrated IS-IS for IPv6 Configuration 257 257 6-9: Border Gateway Protocol (BGP) 257 Configuration 259 Example 268 6-10: Multiprotocol Border Gateway Protocol (BGP) for IPv6 Configuration 270 Example 271 Chapter 7 IP Multicast Routing 275 7-1: Protocol Independent Multicast (PIM) Configuration 277 Example 279 www.it-ebooks.info 275 270 xiv Cisco Router Configuration Handbook 7-2: Internet Group... mode, configuration mode can be entered Router commands can be given to configure any router feature that is available in the IOS software image When you are in configuration mode, you are managing the router s active memory Anytime you enter a valid command in any configuration mode and press Enter, the memory is immediately changed Configuration mode is organized in a hierarchical fashion Global configuration. .. no ip ssh version global configuration command This IOS version also introduced the capability to display a login banner prior to connecting to a router unless the router is configured to use only SSH version 1 www.it-ebooks.info Section 1-1 c Enable Authentication, Authorization, and Accounting (AAA) authentication: 11 12 Cisco Router Configuration Handbook h Telnet to the router from an SSH-capable... name is expanded to its full form if it is not ambiguous www.it-ebooks.info Section 1-1 configuration mode and return to privileged EXEC mode, type exit at the global configuration prompt To leave any configuration mode and return to privileged EXEC mode, type end or press Ctrl-z 3 4 Cisco Router Configuration Handbook If a command line is entered but doesn’t have the correct syntax, the error “% Invalid... need to know how to al-low or block traffic from the feature, look for these notes www.it-ebooks.info xxii Cisco Router Configuration Handbook Configuration Steps Each feature covered in a section includes the required and optional commands used for common configuration The difference is that the configuration steps are presented in an outline format If you follow the outline, you can configure a complex . Cisco Router Configuration Handbook Cisco Router Configuration Handbook, Second Edition Dave Hucaby, Steve McQuerry, Andrew Whitaker Copyright © 2010 Cisco. listed on the Cisco Website at www .cisco. com/go/offices. CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision,