o'reilly - cisco ios in a nutshell
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.86 MB, 1,381 trang )
•
Table of Contents
•
Index
•
Reviews
•
Reader Reviews
•
Errata
Cisco IOS in a Nutshell
By James Boney
Publisher: O'Reilly
Pub Date: December 2001
ISBN: 1-56592-942-X
Pages: 606
Slots: 1
This two-part reference covers IOS configuration for the TCP/IP protocol family.
The first part includes chapters on the user interface, configuring lines and
interfaces, access lists, routing protocols, and dial-on-demand routing and security.
The second part is a classic O'Reilly-style quick reference to all the commands you
need to work with TCP/IP and the lower-level protocols on which it relies, with lots
of examples of the most common configuration steps for the routers themselves.
•
Table of Contents
•
Index
•
Reviews
•
Reader Reviews
•
Errata
Cisco IOS in a Nutshell
By James Boney
Publisher: O'Reilly
Pub Date: December 2001
ISBN: 1-56592-942-X
Pages: 606
Slots: 1
Copyright
Preface
Organization
Conventions
We'd Like to Hear from You
Acknowledgments
Chapter 1. Getting Started
Section 1.1. Introduction
Section 1.2. IOS User Modes
Section 1.3. Command-Line Completion
Section 1.4. Get to Know the Question Mark
Section 1.5. Command-Line Editing Keys
Section 1.6. Pausing Output
Section 1.7. show Commands
Chapter 2. IOS Images and Configuration Files
Section 2.1. IOS Images
Section 2.2. Using the IOS Filesystem for Images
Section 2.3. The Router's Configuration
Section 2.4. Loading Configuration Files
Chapter 3. Basic Router Configuration
Section 3.1. Configuration Soapbox
Section 3.2. Setting the Router Name
Section 3.3. Setting the System Prompt
Section 3.4. Configuration Comments
Section 3.5. The Enable Password
Section 3.6. Mapping Hostnames to IP Addresses
Section 3.7. Setting the Router's Time
Section 3.8. Enabling SNMP
Section 3.9. Cisco Discovery Protocol
Section 3.10. System Banners
Chapter 4. Line Commands
Section 4.1. What Is a Line?
Section 4.2. The line Command
Section 4.3. The Console Port
Section 4.4. Virtual Terminals (VTYs)
Section 4.5. Asynchronous Ports (TTYs)
Section 4.6. The Auxiliary (AUX) Port
Section 4.7. show line
Chapter 5. Interface Commands
Section 5.1. Naming and Numbering Interfaces
Section 5.2. Basic Interface Configuration Commands
Section 5.3. The Loopback Interface
Section 5.4. The Null Interface
Section 5.5. Ethernet and Fast Ethernet Interfaces
Section 5.6. Token Ring Interfaces
Section 5.7. ISDN Interfaces
Section 5.8. Serial Interfaces
Section 5.9. Asynchronous Interfaces
Section 5.10. Interface show Commands
Chapter 6. Frame Relay and ATM
Section 6.1. Frame Relay
Section 6.2. ATM
Chapter 7. Lists and Queues
Section 7.1. Access Lists
Section 7.2. Specific Topics
Section 7.3. Managing Priorities with Queues
Chapter 8. IP Routing Topics
Section 8.1. Routing Protocol Topics
Section 8.2. Static Routes
Section 8.3. Split Horizon
Section 8.4. Passive Interfaces
Section 8.5. Fast Switching and Process Switching
Chapter 9. Interior Routing Protocols
Section 9.1. RIP
Section 9.2. IGRP
Section 9.3. EIGRP
Section 9.4. OSPF
Chapter 10. Border Gateway Protocol
Section 10.1. Introduction to BGP
Section 10.2. A Simple BGP Configuration
Section 10.3. Route Filtering
Section 10.4. An Advanced BGP Configuration
Section 10.5. Neighbor Authentication
Section 10.6. Peer Groups
Section 10.7. Route Reflectors
Section 10.8. BGP Confederacies
Chapter 11. Dial-on-Demand Routing
Section 11.1. Configuring a Simple DDR Connection
Section 11.2. Sample Legacy DDR Configurations
Section 11.3. Dialer Interfaces (Dialer Profiles)
Section 11.4. Multilink PPP
Section 11.5. Snapshot DDR
Chapter 12. Special Topics
Section 12.1. Bridging
Section 12.2. Hot Standby Routing Protocol (HSRP)
Section 12.3. Network Address Translation (NAT)
Section 12.4. Tunnels
Section 12.5. Encrypted Tunnels
Chapter 13. Router Security
Section 13.1. The enable Password
Section 13.2. Features to Disable on Your Gateway Routers
Section 13.3. Use a Warning Banner
Section 13.4. Protect VTYs with an Access List
Chapter 14. Troubleshooting and Logging
Section 14.1. ping
Section 14.2. trace
Section 14.3. Debugging
Section 14.4. Logging
Chapter 15a. Quick Reference A-H
aaa accounting
aaa authentication enable default
aaa authentication local-override
aaa authentication login
aaa authentication password-prompt
aaa authentication ppp
aaa authentication username-prompt
aaa authorization
aaa authorization config-commands
aaa authorization reverse-access
aaa new-model
absolute-timeout
access-class
access-enable
access-list
access-list rate-limit
access-template
activation-character
aggregate-address
alias
area authentication
area default-cost
area nssa
area-password
area range
area stub
area virtual-link
arp
arp
arp timeout
async-bootp
async default ip address
async default routing
async dynamic address
async dynamic routing
async mode
atm address
atm arp-server
atm esi-address
atm lecs-address
atm lecs-address-default
atm nsap-address
atm pvc
atm-vc
autobaud
autocommand
autodetect encapsulation
autohangup
autoselect
auto-summary
backup
bandwidth
banner exec
banner incoming
banner login
banner motd
bgp always-compare-med
bgp bestpath as-path ignore
bgp bestpath med-confed
bgp bestpath missing-as-worst
bgp client-to-client reflection
bgp cluster-id
bgp confederation identifier
bgp confederation peers
bgp dampening
bgp default local-preference
bgp deterministic med
bgp fast-external-fallover
bgp log-neighbor-changes
bgp-policy
bridge acquire
bridge address
bridge cmf
bridge crb
bridge forward-time
bridge-group
bridge-group aging-time
bridge-group circuit-group
bridge-group input-address-list
bridge-group input-lsap-list
bridge-group input-pattern
bridge-group input-type-list
bridge-group output-address-list
bridge-group output-lsap-list
bridge-group output-pattern
bridge-group output-type-list
bridge-group path-cost
bridge-group priority
bridge-group spanning-disabled
bridge hello-time
bridge irb
bridge max-age
bridge multicast-source
bridge priority
bridge protocol
bridge route
busy-message
calendar set
callback forced-wait
cd
cdp advertise-v2
cdp enable
cdp holdtime
cdp run
cdp timer
channel-group
channel-group
chat-script
class
clear
client-atm-address name
clock calendar-valid
clock rate
clock read-calendar
clock set
clock summer-time
clock timezone
clock update-calendar
compress
config-register
configure
controller
copy
crc
custom-queue-list
databits
data-character-bits
dce-terminal-timing enable
debug
default-information
default-information originate
default-metric
default-name
delay
delete
description
dialer aaa
dialer callback-secure
dialer callback-server
dialer caller
dialer dtr
dialer enable-timeout
dialer fast-idle
dialer-group
dialer hold-queue
dialer idle-timeout
dialer in-band
dialer isdn
dialer-list
dialer load-threshold
dialer map
dialer map snapshot
dialer max-link
dialer pool
dialer pool-member
dialer priority
dialer remote-name
dialer rotary-group
dialer rotor
dialer string
dialer wait-for-carrier-time
dialer watch-disable
dialer watch-group
dialer watch-list
dir
disable
disconnect
disconnect-character
dispatch-character
distance
distance bgp
distance eigrp
distribute-list in
distribute-list out
domain-password
downward-compatible-config
down-when-looped
dte-invert-txc
early-token-release
editing
eigrp log-neighbor-changes
enable
enable last-resort
enable password
enable secret
enable use-tacacs
encapsulation
end
erase
escape-character
exception core-file
exception dump
exception memory
exception protocol
exception spurious-interrupt
exec
exec-timeout
exit
fair-queue
fair-queue aggregate-limit
fair-queue individual-limit
fair-queue limit
fair-queue qos-group
fair-queue tos
fair-queue weight
fddi burst-count
fddi c-min
fddi cmt-signal-bits
fddi duplicate-address-check
fddi encapsulate
fddi frames-per-token
fddi smt-frames
fddi tb-min
fddi tl-min-time
fddi token-rotation-time
fddi t-out
fddi valid-transmission-time
flowcontrol
format
frame-relay adaptive-shaping
frame-relay [ bc | be]
frame-relay becn-response-enable
frame-relay broadcast-queue
frame-relay cir
frame-relay class
frame-relay custom-queue-list
frame-relay de-group
frame-relay de-list
frame-relay idle-timer
frame-relay interface-dlci
frame-relay intf-type
frame-relay inverse-arp
frame-relay ip rtp header-compression
frame-relay ip tcp header-compression
frame-relay lmi-type
frame-relay local-dlci
frame-relay map
frame-relay map bridge
frame-relay map clns
frame-relay map ip compress
frame-relay map ip rtp header-compression
frame-relay map ip tcp header-compression
frame-relay mincir
frame-relay multicast-dlci
frame-relay payload-compress packet-by-packet
frame-relay priority-dlci-group
frame-relay priority-group
frame-relay route
frame-relay svc
frame-relay switching
frame-relay traffic-rate
frame-relay traffic-shaping
fsck
ftp-server enable
ftp-server topdir
full-duplex
full-help
group-range
half-duplex
half-duplex controlled-carrier
help
history
hold-character
hold-queue
hostname
hssi external-loop-request
hssi internal-clock
hub
Chapter 15b. Quick Reference I-M
ignore-dcd
interface
interface bvi
interface dialer
interface group-async
ip access-group
ip access-list
ip accounting
ip accounting-list
ip accounting-threshold
ip accounting-transits
ip address
ip address negotiated
ip address-pool
ip alias
ip as-path access-list
ip authentication
ip bandwidth-percent eigrp
ip bgp-community new-format
ip bootp server
ip broadcast-address
ip cef
ip cef traffic-statistics
ip classless
ip community-list
ip default-gateway
ip default-network
ip dhcp-server
ip directed-broadcast
ip domain-list
ip domain-lookup
ip domain-name
ip dvmrp accept-filter
ip dvmrp auto-summary
ip dvmrp default-information
ip dvmrp metric
ip dvmrp metric-offset
ip dvmrp output-report-delay
ip dvmrp reject-non-pruners
ip dvmrp routehog-notification
ip dvmrp route-limit
ip dvmrp summary-address
ip dvmrp unicast-routing
ip forward-protocol
ip ftp passive
ip ftp password
ip ftp source-interface
ip ftp username
ip hello-interval eigrp
ip helper-address
ip hold-time eigrp
ip host
ip http
ip identd
ip igmp access-group
ip igmp helper-address
ip igmp join-group
ip igmp query-interval
ip igmp query-max-response-time
ip igmp query-timeout
ip igmp static-group
ip igmp version
ip irdp
ip load-sharing
ip local policy route-map
ip local pool
ip mask-reply
ip mroute
ip mroute-cache
ip mtu
ip multicast boundary
ip multicast cache-headers
ip multicast helper-map
ip multicast rate-limit
ip multicast-routing
ip multicast ttl-threshold
ip name-server
ip nat
ip nat inside destination
ip nat inside source
ip nat outside source
ip nat pool
ip nat translation
ip netmask-format
ip nhrp authentication
ip nhrp holdtime
ip nhrp interest
ip nhrp map
ip nhrp map multicast
ip nhrp max-send
ip nhrp network-id
ip nhrp nhs
ip nhrp record
ip nhrp responder
ip nhrp server-only
ip nhrp trigger-svc
ip nhrp use
ip ospf authentication
ip ospf authentication-key
ip ospf cost
ip ospf dead-interval
ip ospf demand-circuit
ip ospf hello-interval
ip ospf message-digest-key
ip ospf name-lookup
ip ospf network
ip ospf priority
ip ospf retransmit-interval
ip ospf transmit-delay
ip pim
ip pim accept-rp
ip pim message-interval
ip pim minimum-vc-rate
ip pim multipoint-signalling
ip pim nbma-mode
ip pim neighbor-filter
ip pim query-interval
ip pim rp-address
ip pim rp-announce-filter
ip pim send-rp-announce
ip pim send-rp-discovery
ip pim vc-count
ip pim version
ip policy route-map
ip proxy-arp
ip rarp-server
ip rcmd rcp-enable
ip rcmd remote-host
ip rcmd remote-username
ip rcmd rsh-enable
ip redirects
ip rip authentication
ip rip receive version
ip rip send version
ip route
ip route-cache
ip router isis
ip routing
ip source-route
ip split-horizon
ip subnet-zero
ip summary-address eigrp
ip tcp chunk-size
ip tcp compression-connections
ip tcp header-compression
ip tcp mtu-path-discovery
ip tcp queuemax
ip tcp synwait-time
ip tcp window-size
ip telnet source-interface
ip tftp source-interface
ip unnumbered
ip unreachables
isdn answer1, isdn answer2
isdn autodetect
isdn bchan-number-order
isdn busy
isdn caller
isdn call interface
isdn calling-number
isdn conference-code
isdn disconnect interface
isdn fast-rollover-delay
isdn incoming-voice
isdn leased-line bri 128
isdn not-end-to-end
isdn nsf-service
isdn outgoing-voice
isdn overlap-receiving
isdn send-alerting
isdn sending-complete
isdn service
isdn spid1 (spid2)
isdn switch-type
isdn tei
isdn tei-negotiation
isdn transfer-code
isdn twait-disable
isdn voice-priority
isis circuit-type
isis csnp-interval
isis hello-interval
isis hello-multiplier
isis lsp-interval
isis metric
isis password
isis priority
isis retransmit-interval
isis retransmit-throttle-interval
is-type
keepalive
key
key chain
key config-key
key-string
lane auto-config-atm-address
lane bus-atm-address
lane client
lane client-atm-address
lane config-atm-address
lane config database
lane database
lane fixed-config-atm-address
lane global-lecs-address
lane le-arp
lane server-atm-address
lane server-bus
line
linecode
link-test
location
logging
logging buffered
logging console
logging facility
logging history
logging history size
logging monitor
logging on
logging source-interface
logging synchronous
logging trap
login
login authentication
logout-warning
loopback
map-class dialer
map-class frame-relay
map-group
map-list
match as-path
match community-list
match interface
match ip address
match ip next-hop
match ip route-source
match length
match metric
match route-type
match tag
maximum-paths
metric holddown
metric maximum-hops
metric weights
media-type
member
menu
menu command
menu text
menu title
mkdir
modem
motd-banner
mrinfo
mstat
mtrace
mtu
Chapter 15c. Quick Reference N-Z
name elan-id
name local-seg-id
name preempt
name server-atm-address
neighbor
neighbor advertisement-interval
neighbor database-filter
neighbor default-originate
neighbor description
neighbor distribute-list
neighbor filter-list
neighbor maximum-prefix
neighbor next-hop-self
neighbor password
neighbor peer-group
neighbor prefix-list
neighbor remote-as
neighbor route-map
neighbor route-reflector-client
neighbor send-community
neighbor shutdown
neighbor soft-reconfiguration inbound
neighbor timers
neighbor update-source
neighbor version
neighbor weight
net
network
network backdoor
network weight
nrzi-encoding
ntp access-group
ntp authenticate
ntp authentication-key
ntp broadcast
ntp broadcast client
ntp broadcastdelay
ntp disable
ntp master
ntp peer
ntp server
ntp source
ntp trusted-key
ntp update-calendar
offset-list
ospf auto-cost reference-bandwidth
ospf log-adj-changes
output-delay
padding
parity
passive-interface
password
peer default ip address
peer neighbor-route
physical-layer
ping
ppp
ppp authentication
ppp bridge ip
ppp chap
ppp compress
ppp multilink
ppp quality
ppp reliable-link
ppp use-tacacs
priority-group
priority-list
privilege level (line)
privilege level (global)
prompt
pulse-time
pvc
queue-list
radius-server
redistribute
refuse-message
reload
rename
ring-speed
rlogin
rmdir
route-map
router
rsh
rxspeed
send
service
service compress-config
service linenumber
service-module 56k
service-module t1
service timestamps
session-limit
session-timeout
set as-path
set automatic-tag
set community
set default interface
set interface
set ip default next-hop
set ip precedence
set ip next-hop
set level
set local-preference
set metric
set metric-type
set metric-type internal
set origin
set-overload-bit
set tag
setup
set weight
show
shutdown
smt-queue-threshold
snapshot
snmp-server
snmp-server chassis-id
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server engine-id
snmp-server group
snmp-server host
snmp-server location
snmp-server packetsize
snmp-server queue-length
snmp-server system-shutdown
snmp-server tftp-server-list
snmp-server trap-source
snmp-server trap-timeout
snmp-server user
snmp-server view
snmp trap link-status
source-address
speed
squeeze
squelch
sscop cc-timer
sscop keepalive-timer
sscop max-cc
sscop poll-timer
sscop rcv-window
sscop send-window
standby authentication
standby ip
standby preempt
standby priority
standby timers
standby track
stopbits
summary-address
synchronization
table-map
tacacs-server attempts
tacacs-server authenticate
tacacs-server directed-request
tacacs-server extended
tacacs-server host
tacacs-server key
tacacs-server last-resort
tacacs-server notify
tacacs-server optional-passwords
tacacs-server retransmit
tacacs-server timeout
terminal editing
terminal escape-character
terminal history
terminal length
terminal monitor
tftp-server
timers basic
timers bgp
timers spf
trace
traffic-shape adaptive
traffic-shape group
traffic-shape rate
traffic-share
transport
tunnel checksum
tunnel destination
tunnel key
tunnel mode
tunnel sequence-datagrams
tunnel source
txspeed
undebug
undelete
username
vacant-message
validate-update-source
variance
verify
version
vty-async
vty-async dynamic-routing
vty-async header-compression
vty-async keepalive
vty-async mtu
vty-async ppp authentication
vty-async ppp use-tacacs
width
write
Colophon
Index
Copyright © 2001 O'Reilly & Associates, Inc. All rights reserved.
Printed in the United States of America.
Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North,
Sebastopol, CA 95472.
O'Reilly & Associates books may be purchased for educational, business, or sales
promotional use. Online editions are also available for most titles
(). For more information contact our corporate/institutional
sales department: 800-998-9938 or
Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are
registered trademarks of O'Reilly & Associates, Inc. The association of the image
of a donkey and the topic of Cisco IOS is a trademark of O'Reilly & Associates, Inc.
Cisco IOS and and all Cisco-based trademarks are registered trademarks of Cisco
Systems, Inc.
Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this
book, and O'Reilly & Associates, Inc. was aware of a trademark claim, the
designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the
publisher assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein.
Preface
This is a book for everybody who has to deal with Cisco's routers.
As you well know, Cisco Systems has created an extremely diverse line of routers
and other network products. One unifying thread runs through the product line:
virtually all of Cisco's products run the Internetwork Operating System (IOS). This
is both a great advantage and a great disadvantage. On the one hand, when you're
familiar with one Cisco router, you're reasonably familiar with them all. Someone
using a small ISDN router in a home office could look at a configuration file for a
high-end router at an ISP and not be lost. He might not understand how to
configure the more esoteric routing protocols or high-speed network interfaces, but
he'd be looking at a language that was recognizably the same.
On the other hand, this uniformity means that just about everything has been
crammed into IOS at one time or another. IOS is massive—there's no other way to
say it. And it has evolved over many years. The command-line interface isn't
graceful, and is often non-uniform: many commands don't do what you think they
should, and the same command verbs can mean completely different things in
different contexts. This inconsistency is probably a natural result of evolution at an
extremely large company with an extremely large number of developers, but it
doesn't make life any easier.
So, where do you find out what commands you need to know? There's the almost
mythical "green wall" of Cisco documentation, but it's difficult to find what you need
in tens of thousands of pages. Of course, even getting to Cisco's online
documentation may be impossible if your router doesn't work. And the volume of
documentation is imposing. A search for ip cef traffic-statistics—not one
of the more frequently used commands—yields 163 hits. How do you get to the
right one? Beats me. That's why I wrote this book.
This book is primarily a quick reference to the commands that are most frequently
needed to configure Cisco routers for standard IP routing tasks. There are plenty of
weasel words in there, and they're needed. This is far from a complete quick ref to
all of IOS—such a quick ref would probably be well over 2000 pages long, clearly
too long to be useful. Therefore, I haven't attempted to cover protocols other than
IP (although there is support for everything from AppleTalk to SNA), nor any of the
more exotic creatures in the IP space. And even in areas I have covered
thoroughly, I was still forced to exclude commands that are useful only in limited
cases.
Above all, this is a network administrator's book: it represents practical experience
with IP routing on Cisco routers and covers the commands that you're likely to
need. No doubt some readers will disagree with the choices I've made—such
disagreement is inevitable. But though you occasionally won't find information
about a command you need to use, you will far more often find precisely what you
need to know at your fingertips.
More than anything else, the goal of this book is to give you information quickly. It
aspires not to give you in-depth knowledge of how IP routing works, but to help you
remember what arguments you need to give to the snmp-server enable traps
command, or to help you scan through the many commands that start with ip to
jog your memory about which one configures the forwarding of broadcast packets
to selected subnets. If I succeed in doing that, I'm happy.
Organization
This book consists primarily of two parts. The first could be considered a tutorial,
but that doesn't quite capture its purpose. I try to teach the basic principles behind
configuring the router, but there are many other sources for that information: for
example, Scott Ballew's Managing IP Networks with Cisco Routers, or Jeff
Sedayao's Cisco IOS Access Lists, both from O'Reilly. This part of the book
breezes quickly through as many examples of different configuration tasks as
possible. I provide explanations, but the focus is on the examples. By studying
them, you'll see how to accomplish many of the tasks involved in setting up a
router.
The bulk of the book is the quick reference. There's nothing fancy here—it's
organized alphabetically, and shows the commands that I felt were most useful to
someone using a Cisco router in an IP environment.
Conventions
The following conventions are used in this book:
Italic
Used for filenames and URLs
Constant width
Used for commands, command keywords, and anything else that has to be
typed literally
Constant width italic
Used for parameters or arguments that must be substituted into commands
Constant width bold
Used for user input in code
[ Keywords and other stuff ]
Used for optional keywords and arguments
{ choice-1 | choice-2 }
Used to signify either choice-1 or choice-2
This icon signifies a tip relating to the nearby text.
This icon signifies a warning relating to the nearby text.
One of the confusing things about working with a Cisco router is the notion of a
command context. Most commands are legal only in limited situations; all of the
quick-reference entries include a command context that indicates how the
command is to be used. A context of "command" means that the command is for
interactive use and is not entered into the router's configuration; you do not need to
enter the configuration mode (configure terminal) to give the command, and
you can't include it in a configuration file that you upload. A context of "global"
indicates that a command doesn't require any specific context; you can give it as
soon as you've entered the configuration mode. A context of "interface" indicates
that you must be in the interface configuration submode to give the command;
"line" means that you must be in the line configuration submode, and so on.
IOS has no concept of a continuation character for breaking up command lines that
are too long. That may be okay for a router, but it's a problem for a book; still, I've
decided not to invent a continuation character for the purposes of this book. I've
split long commands across lines as it seemed most convenient and clear; just
remember that you have to type it all on one line.
