Table of Contents • Index • Reviews • Reader Reviews • Errata • Cisco IOS in a Nutshell By James Boney Publisher: Pub Date: ISBN: Pages: Slots: O'Reilly December 2001 1-56592-942-X 606 This two-part reference covers IOS configuration for the TCP/IP protocol family The first part includes chapters on the user interface, configuring lines and interfaces, access lists, routing protocols, and dial-on-demand routing and security The second part is a classic O'Reilly-style quick reference to all the commands you need to work with TCP/IP and the lower-level protocols on which it relies, with lots of examples of the most common configuration steps for the routers themselves Table of Contents • Index • Reviews • Reader Reviews • Errata • Cisco IOS in a Nutshell By James Boney Publisher: Pub Date: ISBN: Pages: Slots: O'Reilly December 2001 1-56592-942-X 606 Copyright Preface Organization Conventions We'd Like to Hear from You Acknowledgments Chapter Getting Started Section 1.1 Introduction Section 1.2 IOS User Modes Section 1.3 Command-Line Completion Section 1.4 Get to Know the Question Mark Section 1.5 Command-Line Editing Keys Section 1.6 Pausing Output Section 1.7 show Commands Chapter IOS Images and Configuration Files Section 2.1 IOS Images Section 2.2 Using the IOS Filesystem for Images Section 2.3 The Router's Configuration Section 2.4 Loading Configuration Files Chapter Basic Router Configuration Section 3.1 Configuration Soapbox Section 3.2 Setting the Router Name Section 3.3 Setting the System Prompt Section 3.4 Configuration Comments Section 3.5 The Enable Password Section 3.6 Mapping Hostnames to IP Addresses Section 3.7 Setting the Router's Time Section 3.8 Enabling SNMP Section 3.9 Cisco Discovery Protocol Section 3.10 System Banners Chapter Line Commands Section 4.1 What Is a Line? Section 4.2 The line Command Section 4.3 The Console Port Section 4.4 Virtual Terminals (VTYs) Section 4.5 Asynchronous Ports (TTYs) Section 4.6 The Auxiliary (AUX) Port Section 4.7 show line Chapter Interface Commands Section 5.1 Naming and Numbering Interfaces Section 5.2 Basic Interface Configuration Commands Section 5.3 The Loopback Interface Section 5.4 The Null Interface Section 5.5 Ethernet and Fast Ethernet Interfaces Section 5.6 Token Ring Interfaces Section 5.7 ISDN Interfaces Section 5.8 Serial Interfaces Section 5.9 Asynchronous Interfaces Section 5.10 Interface show Commands Chapter Frame Relay and ATM Section 6.1 Frame Relay Section 6.2 ATM Chapter Lists and Queues Section 7.1 Access Lists Section 7.2 Specific Topics Section 7.3 Managing Priorities with Queues Chapter IP Routing Topics Section 8.1 Routing Protocol Topics Section 8.2 Static Routes Section 8.3 Split Horizon Section 8.4 Passive Interfaces Section 8.5 Fast Switching and Process Switching Chapter Interior Routing Protocols Section 9.1 RIP Section 9.2 IGRP Section 9.3 EIGRP Section 9.4 OSPF Chapter 10 Border Gateway Protocol Section 10.1 Introduction to BGP Section 10.2 A Simple BGP Configuration Section 10.3 Route Filtering Section 10.4 An Advanced BGP Configuration Section 10.5 Neighbor Authentication Section 10.6 Peer Groups Section 10.7 Route Reflectors Section 10.8 BGP Confederacies Chapter 11 Dial-on-Demand Routing Section 11.1 Configuring a Simple DDR Connection Section 11.2 Sample Legacy DDR Configurations Section 11.3 Dialer Interfaces (Dialer Profiles) Section 11.4 Multilink PPP Section 11.5 Snapshot DDR Chapter 12 Special Topics Section 12.1 Bridging Section 12.2 Hot Standby Routing Protocol (HSRP) Section 12.3 Network Address Translation (NAT) Section 12.4 Tunnels Section 12.5 Encrypted Tunnels Chapter 13 Router Security Section 13.1 The enable Password Section 13.2 Features to Disable on Your Gateway Routers Section 13.3 Use a Warning Banner Section 13.4 Protect VTYs with an Access List Chapter 14 Troubleshooting and Logging Section 14.1 ping Section 14.2 trace Section 14.3 Debugging Section 14.4 Logging Chapter 15a Quick Reference A-H aaa accounting aaa authentication enable default aaa authentication local-override aaa authentication login aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt aaa authorization aaa authorization config-commands aaa authorization reverse-access aaa new-model absolute-timeout access-class access-enable access-list access-list rate-limit access-template activation-character aggregate-address alias area authentication area default-cost area nssa area-password area range area stub area virtual-link arp arp arp timeout async-bootp async default ip address async default routing async dynamic address async dynamic routing async mode atm address atm arp-server atm esi-address atm lecs-address atm lecs-address-default atm nsap-address atm pvc atm-vc autobaud autocommand autodetect encapsulation autohangup autoselect auto-summary backup bandwidth banner exec banner incoming banner login banner motd bgp always-compare-med bgp bestpath as-path ignore bgp bestpath med-confed bgp bestpath missing-as-worst bgp client-to-client reflection bgp cluster-id bgp confederation identifier bgp confederation peers bgp dampening bgp default local-preference bgp deterministic med bgp fast-external-fallover bgp log-neighbor-changes bgp-policy bridge acquire bridge address bridge cmf bridge crb bridge forward-time bridge-group bridge-group aging-time bridge-group circuit-group bridge-group input-address-list bridge-group input-lsap-list bridge-group input-pattern bridge-group input-type-list bridge-group output-address-list bridge-group output-lsap-list bridge-group output-pattern bridge-group output-type-list bridge-group path-cost bridge-group priority bridge-group spanning-disabled bridge hello-time bridge irb bridge max-age bridge multicast-source bridge priority bridge protocol bridge route busy-message calendar set callback forced-wait cd cdp advertise-v2 cdp enable cdp holdtime cdp run cdp timer channel-group channel-group chat-script class clear client-atm-address name clock calendar-valid clock rate clock read-calendar clock set clock summer-time clock timezone clock update-calendar compress config-register configure controller copy crc custom-queue-list databits data-character-bits dce-terminal-timing enable debug default-information default-information originate default-metric default-name delay delete description dialer aaa dialer callback-secure dialer callback-server dialer caller dialer dtr dialer enable-timeout dialer fast-idle dialer-group dialer hold-queue dialer idle-timeout dialer in-band dialer isdn dialer-list dialer load-threshold dialer map dialer map snapshot dialer max-link dialer pool dialer pool-member dialer priority dialer remote-name dialer rotary-group dialer rotor dialer string dialer wait-for-carrier-time dialer watch-disable dialer watch-group dialer watch-list dir disable disconnect disconnect-character dispatch-character distance distance bgp distance eigrp distribute-list in distribute-list out domain-password downward-compatible-config down-when-looped dte-invert-txc early-token-release editing eigrp log-neighbor-changes enable enable last-resort enable password enable secret enable use-tacacs encapsulation end erase escape-character exception core-file exception dump exception memory exception protocol exception spurious-interrupt exec exec-timeout exit fair-queue fair-queue aggregate-limit fair-queue individual-limit fair-queue limit fair-queue qos-group fair-queue tos fair-queue weight fddi burst-count fddi c-min fddi cmt-signal-bits fddi duplicate-address-check fddi encapsulate fddi frames-per-token fddi smt-frames fddi tb-min fddi tl-min-time fddi token-rotation-time fddi t-out fddi valid-transmission-time flowcontrol format frame-relay adaptive-shaping frame-relay [ bc | be] frame-relay becn-response-enable frame-relay broadcast-queue frame-relay cir frame-relay class frame-relay custom-queue-list frame-relay de-group frame-relay de-list frame-relay idle-timer frame-relay interface-dlci frame-relay intf-type frame-relay inverse-arp frame-relay ip rtp header-compression frame-relay ip tcp header-compression frame-relay lmi-type frame-relay local-dlci frame-relay map frame-relay map bridge frame-relay map clns frame-relay map ip compress frame-relay map ip rtp header-compression frame-relay map ip tcp header-compression frame-relay mincir frame-relay multicast-dlci frame-relay payload-compress packet-by-packet frame-relay priority-dlci-group frame-relay priority-group frame-relay route frame-relay svc frame-relay switching frame-relay traffic-rate frame-relay traffic-shaping fsck ftp-server enable ftp-server topdir full-duplex full-help group-range half-duplex half-duplex controlled-carrier help history hold-character hold-queue hostname hssi external-loop-request hssi internal-clock hub Chapter 15b Quick Reference I-M ignore-dcd interface interface bvi interface dialer interface group-async ip access-group ip access-list ip accounting ip accounting-list ip accounting-threshold ip accounting-transits ip address ip address negotiated ip address-pool ip alias ip as-path access-list ip authentication ip bandwidth-percent eigrp ip bgp-community new-format ip bootp server ip broadcast-address ip cef ip cef traffic-statistics ip classless ip community-list ip default-gateway ip default-network ip dhcp-server ip directed-broadcast ip domain-list ip domain-lookup ip domain-name ip dvmrp accept-filter ip dvmrp auto-summary ip dvmrp default-information ip dvmrp metric ip dvmrp metric-offset ip dvmrp output-report-delay ip dvmrp reject-non-pruners ip dvmrp routehog-notification ip dvmrp route-limit ip dvmrp summary-address ip dvmrp unicast-routing single line, displaying detailed information on show logging command show queues command show queuing command show running-config command show slot0 command show standby command show startup-config command show users all command show users command show version command IOS image displaying verifying listing all interfaces on router shutdown command 2nd signal pulse intervals (DTR) slot/port naming scheme smt-queue-threshold command SNAP frames (outgoing), bridge group access list for snapshot command snapshot routing DDR connections, show snapshot command DDR interface, configuring for 2nd link-state routing protocols, building with SNMP (Simple Network Management Protocol) disabling for router enabling snmp trap link-status command snmp-server chassis-id command snmp-server community command 2nd snmp-server contact command snmp-server enable traps command snmp-server engine-id command snmp-server group command snmp-server host command snmp-server location command snmp-server packetsize command snmp-server queue-length command snmp-server system-shutdown command snmp-server tftp-server-list command snmp-server trap-source command snmp-server trap-timeout command snmp-server user command snmp-server view command software flow control source addresses in access lists extended ping, testing with source routing 2nd source-address command source-routing bridging (SRB) spanning-tree bridge protocols 2nd 3rd speed bandwidth command, interfaces Fast Ethernet interfaces, specifying receiving, setting for line token ring interfaces, specifying for speed command 2nd SPF timers SPIDs (Service Profile Identifiers), ISDN connections split horizon 2nd 3rd splitting command lines spoofing, IP address spurious interrupts, number that generates core dump squeeze command 2nd squelch command SRB (source-routing bridging) sscop cc-timer command sscop keepalive-timer command sscop max-cc command sscop poll-timer command sscop rcv-window command sscop send-window command standard access lists line, applying to naming standard area standby authentication command standby command standby groups, multiple standby ip command 2nd standby preempt command 2nd standby priority command standby timers command standby track command startup configuration copying running configuration to displaying erasing loading running, copying to startup saving running configuration to saving to network, using TFTP or RCP static IP mapping, ATM interface static routes backup based on DLCIs, assigning for PVC switching DDR connections as default route floating, DDR backup interface network, configuring to null interface station management frames (SMT), queue size for unprocessed stopbits command 2nd storing files with RCP stub areas defining NSSA (not-so-stubby area) vs OSPF cost for default summary route subinterface commands subinterfaces multipoint, disabling split horizon on naming and numbering subnet (zero) subnet masks address/mask pair wildcards and BOOTP options for Frame Relay subinterfaces interfaces, setting for show command display format variable-length (VLSM) subnet routes, summarizing to classful network routes subnets keyword, redistributing routes into OSPF summarizing routes BGP, automatic DVMRP, auto summarization EIGRP EIGRP and enabling on specific interface OSPF 2nd OSPF area subnet to classful network routes summary-address command SVCs (switched virtual circuits) configuring enabling on Frame Relay interface idle timeout, setting switched networks, handling Frame Relay packets switched virtual circuits [See SVCs] switches ATM network CDP information on ISDN, types of 2nd switching fast process 2nd synchronization command 2nd syslog severity levels system banners creating disabling system chat scripts system clock, updating from calendar system error messages system image, loading for IOS system images, copying system prompt, setting for routers [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] T1 connections AUX port as backup for channel timeslots, defining configuration (example) configuration on 2524 router with CSU/DSU card controller, configuring internal CSU/DSU module, configuring Tab key, using for command-line completion table-map command tables, host TACACS servers authentication enable password, authenticating router actions when not responding tacacs-server attempts command tacacs-server authenticate command tacacs-server directed-request command tacacs-server extended command tacacs-server host command tacacs-server key command tacacs-server last-resort command tacacs-server notify command tacacs-server optional-passwords command tacacs-server retransmit command tacacs-server timeout command tag value, setting for routes matching route map TCP access lists, established keyword header compression 2nd ports mapping internal addresses to mapping to router asynchronous lines TEI (Terminal Endpoint Identifier) telephone lines, sending digital data over telnet background session, terminating busy message for connection bytes read at once (chunk size) dynamic access list for incoming session reverse banner message for incoming source address for connections VTYs, configuring for telnet connections transport input telnet command temporary access list, creating on router Terminal Access Controller Access Control System [See TACACS servers] terminal command, pausing output terminal editing command terminal escape-character command terminal history command 2nd terminal length command terminal monitor command terminal-emulation programs (VT100) terminals virtual (VTYs) security width, setting termination addresses, loopback interfaces as TFTP (Trivial File Transfer Protocol) aborting copying running configuration to network server getting IOS image from server IP source address for loading running configuration RCP vs router access lists, editing saving running or startup configuration startup configuration, loading viewing file on server tftp-server command tftp-server flash command threshold for opening additional connection time Daylight Savings Time Network Time Protocol (NTP) service RTC calendar, considering as valid source setting for routers calendar time Network Time protocol (NTP) Time to Live (TTL), packets time zone, setting 2nd time-range command timeouts absolute-timeout command for ARP entry in ARP table console port, configuring for dialer fast-idle 2nd dialer idle-timeout 2nd downtime between call or failed connections EXEC sessions, setting for Frame Relay radius-server timeout command reflexive access lists session 2nd sessionidle-timeouts [See timeouts] SNMP trap packet queues SVC, setting in seconds timer (SSCOP connection control), setting timers basic command timers bgp command timers spf command timeslots, defining for fractional T1 or E1 line timestamps on logging or debugging messages timing access lists bridge table, dynamic entry in CDP packets, holding of CDP update broadcast interval dce-terminal-timing enable command dialer-wait-for-carrier time command saving of BPDUs token ring interfaces early token release, configuring totally stubby area trace command 2nd traffic shaping for virtual circuit traffic-shape adaptive command traffic-shape group command traffic-shape rate command traffic-share command transmit speed transparent bridging transport command 2nd transport input command transport input telnet command transport preferred none command traps (SNMP) enabling host receiving, defining interface for sending, specifying interfaces, enabling/disabling sending on packet queues, length of timeouts for packet queues, setting types of troubleshooting debugging ping tool trace command, using TTL (Time to Live) 2nd TTY lines 2nd tuning, EIGRP tunnel checksum command tunnel destination command tunnel key command tunnel mode command tunnel sequence-datagrams command tunnel source command tunneling tunnels encrypted configuring encryption DES, show commands DSS and DES algorithms IPSec show commands for TXC clock signal, inverting for interface operating as DTE txspeed command 2nd [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] UDP packets, forwarding ports, mapping to internal addresses TTL (Time to Live) field undebug all command undebug command undelete command unequal-cost load balancing universal time (UTC) 2nd Unix remote copy protocol telnet commands unnumbered command 2nd 3rd unreachable messages updates DDR connections, stopping for filtering during route redistribution incoming and outgoing, default routing for routing (incoming/outgoing), filtering updating internal router clock with NTP time upgrading router from IOS file (igs-j-l.110 to igs-j-l.120) URLs as sources and destinations for copy command user mode EXEC, changing to privileged EXEC mode returning user to show commands in user sessions limiting per line special characters and key sequences for username command 2nd usernames configuring for RCP prompt for AAA authentication router checking own database for match users currently connected, listing logins to console ports SNMP, defining and associating with group system banners, communicating with UTC (Coordinated Universal Time) [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] vacant-message command validate-update-source command variable-length subnet masks (VLSM) variance command VC [See virtual circuits] VCI (Virtual Channel Identifier) verify command verify flash command version command versions IOS, downward-compatible configuration for show version command IOS image, viewing listing all interfaces viewing [See also show commands] files on remote servers IOS image views (SNMP) defining for community grouping VIP2 (Versatile Interface Processor) cards virtual addresses (MAC and IP) Virtual Channel Identifier (VCI) 2nd virtual circuits (VCs) identifiers assigned by ATM provider multiple, connected to single interface permanent (PVCs) or switched (SVCs) point-to-point subinterfaces, assigning to traffic shaping for virtual interface, bridge-group virtual links OSPF Virtual Path Identifier (VPI) virtual terminals VT100 terminal-emulation programs VTYs security VLSM (variable-length subnet masks) vty-async command vty-async vty-async vty-async vty-async vty-async vty-async dynamic-routing command header-compression command keepalive command mtu command ppp authentication command ppp use-tacacs command [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] warning banners watch lists, dialer Web IOS interface software, configuring support for weight BGP assigning to redistributed route routes matching route map fair-queue neighbor weight command network weight command Weighted Fair Queuing (WFQ) width command wildcards, subnet masks and windows receive (SSCOP), size of send (SSCOP), size of size for current user session Windows workstations, telnet commands write commands 2nd [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] X-MODEM, loading IOS image with XTACACS authentication server [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] zeroize command ... default aaa authentication local-override aaa authentication login aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt aaa authorization aaa authorization... lane client-atm-address lane config-atm-address lane config database lane database lane fixed-config-atm-address lane global-lecs-address lane le-arp lane server-atm-address lane server-bus line... aggregate-address alias area authentication area default-cost area nssa area-password area range area stub area virtual-link arp arp arp timeout async-bootp async default ip address async default routing async