-
![[Buch Cover]](../covers/cisconut2.s.gif)
- Weitere Informationen zu diesem Buch:
Inhaltsverzeichnis | Index | Probekapitel | Kolophon | Rezensionen |
- Weitere Informationen zu diesem Buch:
Second Edition Oktober 2005
ISBN 978-0-596-00869-7
Weitere Informationen zu diesem Buch
Inhaltsverzeichnis |
Index |
Probekapitel |
Kolophon |
Rezensionen |
Index
[ Numbers ], [ A ], [ B ], [ C ], [ D ], [ E ], [ F ], [ G ], [ H ], [ I ], [ J ], [ K ], [ L ], [ M ], [ N ], [ O ], [ P ], [ Q ], [ R ], [ S ], [ T ], [ U ], [ V ], [ W ], [ X ], [ Z ], Chapter 2 2
* (asterisk), in regular expression pattern matching, 203
^ (caret)
indicating router problem with command, 5
regular expressions, beginning of line matching, 203
$ (dollar sign), end of line matching in regular expressions, 203
. (dot), in regular expression pattern matching, 203
! (exclamation point), in comment lines, 30
- (hyphen), use in router names, 30
? (question mark), listing commands with, 2, 5
_ (underscore)
in AS paths, 203
router names and, 30
Numbers[ Top ]
56k, 660
802.1Q protocol, 319
802.2 packets, access list for filtering, 400
A[ Top ]
aaa accounting command, 353
aaa accounting delay-start command, 354
aaa accounting gigawords command, 354
aaa accounting resource command, 355
aaa accounting send stop-record authentication failure, 356
aaa accounting session-duration ntp-adjusted, 356
aaa accounting suppress null-username, 356
aaa accounting update command, 356
aaa authentication attempts login command, 357
AAA (authentication, authorization, and accounting) model, 339-341
accounting commands, 353-357
authentication commands, 357-360
authorization commands, 360-362
DDR (dial-on-demand) routing, 428
restricting dial-in user access, 340
aaa authentication banner command, 357
aaa authentication command, 340
aaa authentication enable default command, 358
aaa authentication fail-message command, 358
aaa authentication local-override command, 358
aaa authentication login command, 359
aaa authentication password-prompt command, 359
aaa authentication ppp command, 360
aaa authentication username-prompt command, 360
aaa authorization command, 360
aaa authorization config-commands, 361
aaa authorization reverse-access command, 362
aaa authorization template command, 362
aaa configuration route command, 362
aaa group server radius command, 362
aaa group server tacacs+ command, 363
aaa new-model command, 340, 363
aborting TFTP, 19
ABR (area border router), 168
OSPF configuration example, 176
absolute line numbering, 39
absolute time range, 114
absolute-timeout command, 363
access lists, 100-120
address/mask pairs (wildcards), 102
applying to a line, 364
applying to debug commands, 348
applying to interface or line, 109
AS path filters and, 202
BGP, 488
for a bridge group, 400
comments, adding to, 114
computing wildcard for subnet mask, 103
controlling SNMP access, 34
dialer groups, 433
dynamic, 364
editing, 104, 120
efficiency of, 105
emulating a packet sniffer, 119
extended, 101, 106-110
filtering IEEE 802.2 packets, 400
filtering incoming routing updates, 444
filtering outbound routing updates, 444
gateway routers, 33, 114-118
example list, 117
IP address spoofing, 115
permitting FTP, 116
implicit deny, 104
interface for a bridge group, 399
IP address spoofing, preventing, 115
logging violations, 119
matching packets to list entries, 102
named, 110, 367, 483
optimizing, 118
processing, 103
reflexive, 111-113
rules, 100
secure updating of, 119
standard, for IP traffic, 100
timed, 114
types of, listed, 106
using with debug command, 347
VTYs, 337
access-class command, 42, 110, 364
access-enable command, 364
access-group command, 109, 111
access-list command, 365
access-list rate-limit command, 368
access-template command, 369
accounting, 484
aaa accounting command, 353
AAA model, 340
AAA model commands, 353-357
interface, 68
IP accounting, 484
(see also AAA model)
ACK and RST bits, 108, 112
activation-character command, 48, 370
additive keyword, 205
address pool, 63
address-family ipv4 vrf command, 303
administrative distance, 124
BGP, 443
DDR backup with floating static routes, 243
EIGRP, 443
option to ip route command, 127
ADSU (ATM CSU/DSU), 80, 84
AF (Assured Forwarding), 218
aggregate routes, filtering, 205
aggregate-address command, 205, 370
AH (Authentication Headers), 282
alias command, 371
aliases (ip alias command), 47
analog phone service, 93
application, identifying packets by (NBAR), 224
application session command, 98
area authentication command, 372
area border router (see ABR)
area default-cost command, 372
area nssa command, 373
area range command, 179, 373
area stub command, 374
area virtual-link command, 374
area-internal router, 168
area-password command, 190, 373
areas
IS-IS, password authentication, 373
OSPF, 167, 171
contiguity of, 173
NSSAs, 373
types of, 169
ARP (Address Resolution Protocol)
ATM ARP server, 84
atm arp-server command, 380
proxy ARP, 54, 535
(see also inverse ARP)
arp (global) command, 375
arp (interface) command, 376
arp timeout command, 376
AS (autonomous systems)
BGP confederacies, 213
numbers, 121-123
BGP confederacies, 394
BGP routing, neighbor command, 196
private, for internal networks, 196
router bgn command, 195
paths, 195
filtering, 206
filters, 202
rules, 202
show ip bgn command, 201
ASBR (autonomous system border router), 167
default routes, generating, 175
injecting default route into OSPF domain, 425
ASCII values for special characters (user/router interaction), 48
Assured Forwarding (AF), 218
async default ip address command, 377
async default routing command, 377
async dynamic address command, 378
async dynamic routing command, 378
async mode command, 379
async-bootp command, 63, 376
asynchronous interfaces, 62-64
BOOTP requests, 63
DHCP for IP addresses and configuration items, 64
group-async command, 62
IP address pool, specifying, 63
TTY connections with serial devices, 42
Asynchronous Transfer Mode (see ATM)
atm address command, 379
atm arp-server command, 380
ATM (Asynchronous Transfer Mode), 79-87
ARP server, 84
client-atm-address name command, 414
configuring PVCs, 81
configuring SVCs, 82
DSL client router, 88
DSL connections, 89
hardware, 80
LAN Emulation (LANE), 85-87
show commands, 84
terminology, 80
atm esi-address command, 84, 380
atm lecs-address command, 380
atm lecs-address-default command, 381
atm nsap-address command, 84, 381
atm pvc address command, 381
atm pvc command, 81
ATM-DXI, 80, 84
atm-vc command, 383
authentication, 338
AAA model, 340
AAA model commands, 357-360
area authentication command, 372
CHAP, for DDR interface, 239
EIGRP packets, 488
enabling local authentication, 339
IS-IS, 190
name for the remote router, 438
neighbor authentication in BGP, 211
RIPv2, 148
stop records for failed logins, 356
(see also AAA model)
Authentication Headers (AH), 282
authorization
AAA model, 340
AAA model commands, 360-362
(see also AAA model)
auto qos voip command, 236, 386
auto secure command, 335, 386
autobaud command, 48, 383
autocommand command, 384
auto-config-atm-address, 567
autodetect encapsulation command, 384
autohangup command, 385
autonomous system border router (see ASBR)
Autonomous System LSAs, 169
autonomous systems (see AS)
AutoQoS, 235
network requirements for, 236
show auto qos command, 237
Auto-RP (Rendezvous Point), 296
AutoSecure, web page, 336
autoselect command, 387
auto-summary command, 387
auto-summary in EIGRP, disabling, 160
AUX (auxiliary) ports, 43
in TCP port/asynchronous line mapping, 47
AUX line numbering, 39
B[ Top ]
B (bearer) channels, 57
configuring for ISDN connections, 58
backbone area, 169
backbone routers
OSPF, 168
OSPF network with single, 171
backbones
ATM, use in, 79
internal, switches, 306
OSPF network backbone across three ABRs, 172
OSPF, virtual link connecting, 375
virtual links (OSPF), 173
backdoor, 624
backing up current IOS image to network server, 18
backup command, 388
backup designated router (BDR), 170
backup links, 241-244
backup interface commands, 242
backup with floating static routes, 243
DDR, using for, 238
dialer, delay time, 440
backup static routes, 127
backward explicit congestion notification), 77
bandwidth
Committed Information Rate (CIR), 71
EIGRP, 489
IGRP metric, 151
bandwidth command, 53, 149, 229
bandwidth (interface) command, 389
bandwidth (policy-map) command, 389
banner exec command, 390
banner incoming command, 390
banner login command, 391
banner motd command, 391
banners, 36
authentication, 357
busy message, 405
creating, 37
disabling, 37
failed login attempt, 358
warning banner, 335
Basic Rate Interface (BRI), 57
baud rate detection, 48, 383
frame-relay, 462
Bc (burst size), 77
BDR (backup designated router), 170
Be (excess burst size), 77
bearer (B) channels, 57
configuring for ISDN connections, 58
BECN (backward explicit congestion notification), 77
frame-relay adaptive-shaping becn command, 79
becn-response-enable, 462
Best Effort service, 218
bgp always-compare-med command, 392
bgp bestpath as-path ignore command, 392
bgp bestpath med-confed command, 392
bgp bestpath missing-as-worst command, 393
BGP (Border Gateway Protocol), 123, 193-214
administrative distance, 443
AS (autonomous system) numbers, 121
basic configuration commands, 195-198
automatic summary, 197
default-originate keyword, 197
iBGP checklist, 198
local-AS numbers, 196
next-hop-self keyword, 197
route dampening, 198
router and network command, 195
synchronization, 197
confederacies, 213
configuration example, 198-202
advanced, 206-211
external (eBGP), 193
internal (iBGP), 193
MPLS VPN, 302
neighbor authentication, 211
peer groups, 211
route aggregation, 370
route filtering, 202-206
aggregate filters, 205
AS path filters, 202
community filters, 203-205
route reflectors, 213
route selection process, 195
routing metrics, 194
bgp client-to-client reflection command, 393
bgp cluster-id command, 393
bgp confederation identifier command, 394
bgp confederation peers command, 394
bgp dampening command, 198, 394
bgp default local-preference command, 395
bgp default route-target filter command, 395
bgp deterministic med command, 396
bgp fast-external-fallover command, 396
bgp log-neighbor-changes command, 396
bgp-policy command, 396
BID (Bridge ID), 309
binary, converting address/mask pairs to, 102
bit bucket, 55
bit rate
for B channel of ISDN connection, 433
for DCE serial devices, 415
black hole interface, 55
blocking state (ports), 308
ports not in category of root or designated port, 310
boot command, 23
BOOTP
asynchronous interface responses to requests, 63
enabling/disabling server, 489
keywords and values, 376
Bootstrap Router (BSR), 297
Border Gateway Protocol (see BGP)
BPDUs (Bridge Protocol Data Units), 309, 403
BRI (Basic Rate Interface), 57
bridge acquire command, 397
bridge address command, 397
bridge cmf command, 398
bridge crb command, 258, 398
bridge forward-time command, 398
bridge hello-time command, 403
Bridge ID (BID), 309
bridge irb command, 259, 403
bridge max-age command, 403
bridge multicast-source command, 404
bridge priority command, 404
bridge protocol command, 404
Bridge Protocol Data Units (BPDUs), 309, 403
bridge route command, 405
bridge-group aging-time command, 399
bridge-group circuit-group command, 399
bridge-group command, 399
bridge-group input-address-list command, 399
bridge-group input-lsap-list command, 400
bridge-group input-pattern command, 400
bridge-group input-type-list command, 400
bridge-group output-address-list command, 401
bridge-group output-lsap-list command, 401
bridge-group output-pattern command, 401
bridge-group output-type-list command, 401
bridge-group path-cost command, 402
bridge-group priority command, 402
bridge-group spanning-disabled command, 402
Bridge-Group Virtual Interface (BVI), 259, 481
bridges, 305
spanning tree protocol (STP), 307
bridging, 256, 257-263
Concurrent Routing and Bridging (CRB), 258
DLSw+ (Data-Link Switching Plus), 261
integrated routing and bridging (IRB), 259
show commands, 260
transparent, 257
broadcast domains, 307
broadcast storm, 307
Broadcast Unknown Server (see BUS)
broadcasts
address for a given subnet, 735
dialer maps and, 248
forwarding, 469
ip-directed, 54
map list command option, 82
pinging network broadcast address, 343
BSR (Bootstrap Router), 297
buffering
logging and debug output, 350
logging of access list violations, 119
logging output
XML formatting, 351
burst size, 232
burst size (Bc), 77
burst size, excess (Be), 77
BUS (Broadcast Unknown Server), 85
configuring LES/BUS, 86
busy-message command, 405
BVI (Bridge-Group Virtual Interface), 259, 481
C[ Top ]
cable, 90
cable helper-address command, 406
calendar
updating from the router's system clock, 417
updating time into router's system clock, 415
calendar set command, 33, 406
callback forced-wait command, 406
callbacks
PPP, configuring for non-DTR dialer interface, 435
security, 429
CallManager, 92, 97
CAR (Committed Access Rate), 232, 233
access-list rate-limit command, 368
card/slot/port naming syntax (interfaces), 50
case (in router names), 30
CatOS (Catalyst OS), 313
CBWFQ (Class-Based Weighted Fair Queuing), 216
implementing with MQC, 229
WRED, using instead of tail-drop, 231
CCO account, 16
cd command, 406
cdp advertise-v2 command, 407
CDP (Cisco Discovery Protocol), 35
commands for, 407
cdp enable command, 407
cdp holdtime command, 407
cdp run command, 408
cdp timer command, 408
CEF (Cisco Express Forwarding), 300
cells, ATM network, 79
CGMP (Cisco Group Management Protocol), 298, 491
channel-group command, 408, 409
channels
MIP (Multi-Channel Interface Processor) cards, 61
VCI (Virtual Channel Idenfifier), 80
CHAP authentication, 89
characters
databits for, 422
dispatch character, 442
received/sent by an interface, 68
special, controlling user/router interaction, 48
chassis-id, 687
chat scripts, 239, 241
commands for setting up, 245
chat-script command, 409
checksums
CRC, length of, 421
packets on tunnel interface, 717
CIDR (Classless Interdomain Routing), 193, 732-736
CIR (Committed Information Rate), 71, 77, 234
frame-relay cir command, 463
circuit group, assigning to bridge group, 399
Cisco Discovery Protocol (CDP), 35, 407
Cisco Express Forwarding (CEF), 300
Cisco Feature Navigator, 16
Cisco Group Management Protocol (CGMP), 298, 491
Cisco IOS release 12.3, x
new packaging model, 14-16
Class A filesystems, 21
squeeze command, 25
Class B filesystems, 21
class boundaries, route summarization, 197
Class C filesystems, 21
class (frame-relay) command, 410
class maps, defining for MQC, 226-227
class (MPLS) command, 410
class (policy-map) command, 411
Class-Based Weighted Fair Queuing (see CBWFQ)
classes
mapping to LVCs, 410
policy-map, modifying, 411
classful network routes, 387
classful networks, 196
classful routing protocols, 125
RIP, 146
Classless Interdomain Routing (see CIDR)
classless networks, 196
classless routing, 491
classless routing protocols, 125
class-map command, 411
clear command, 412-414
clear counters command, 65
clear frame-relay-inarp command, 75
clear ip eigrp neighbors command, 163
clear ip nat translations command, 272
clear ip route command, 142
clear logging command, 351
client mode (VTP), 323
client-atm-address name command, 414
clock calendar-valid command, 415
clock rate command, 415
clock read-calendar command, 415
clock set command, 32, 416
clock summer-time command, 416
clock timezone command, 32, 417
clock update-calendar command, 33, 417
clocks (DTE), providing timing for the DCE, 422
cloud (Frame Relay), 72
cluster ID for a BGP router, 393
CMF (Constrained Multicast Flooding), 398
collision domains, 305, 307
collisions, duplex settings and, 316
command context, xi
configuration submodes, 4
command lines
access lists (named), typing, 110
completion, shortcuts for, 5
editing keys (shortcuts), 6
splitting up, xi
command modes and submodes, transitions between, 4
commands
access list arguments, numbered and named, 111
aliases for, 371
common show commands, 676
extended, 343
interface configuration, basic, 51-54
replacing, 730
comments
adding to access lists, 114
router configuration, 30
Committed Access Rate (CAR), 232, 233
Committed Information Rate (see CIR)
communities
filtering in BGP, 203-205
predefined, 203
predefined vs. user-defined, 205
compound metric, 151
compress command, 417
compression
IPcomp, 282
payload compression, 471
RTP and TCP headers, 469
RTP headers per DLCI, 470
conf memory command, 419
conf terminal command, 419
confederacies (BGP), 213, 394
MED value comparisons, 396
conference calls, 92
config terminal command, 19
config-commands, authorization of, 361
config-register command, 418
configuration
AUX port as backup connection, 43
basic router configuration, 29-37
modes for, 3
RCP use by router, 20
running, modifying with boot command, 23
viewing with show commands, 7
configuration files
erasing, 28
loading, 26
saving to network server, 28
viewing, 26
configuration mode (VLAN database), 324
configure command, 419
configure terminal command, 3
congestion
avoiding, 230-231
WRED, using, 230
within frame relay networks, 77
congestive discard threshold (WFQ), 224
connections
BOOTP, 63
bytes, 547
filtering, 134
routing, 424
console port, 40
configuration, 38, 41
uploading IOS image from, 17
Constrained Multicast Flooding (CMF), 398
contiguous areas (OSPF), 173
controller command, 420
Coordinated Universal Time (UTC), 33
time zone and number of hours from UTC, 417
copy command, 420
subcommand, finding, 6
copy run start command, 24
copy running-config startup-config command, 25, 26
copy running-config tftp command, 25
copy slot0 command, 24
copy tftp running-config command, 26
copying
files from remote servers, 22
running configuration to startup configuration, 23
CoS (Class of Service)
match cos command, 588
set cos command, 665
cost, 696
OSPF links, router interoperability and, 174
counters, 412
erasing or resetting with clear commands, 412
CRB (Concurrent Routing and Bridging), 258, 398
crc command, 421
crypto ipsec transform-set command, 282
crypto isakmp key command, 282
crypto isakmp policy command, 282
crypto key generate command, 277
crypto maps, 283
cryptographic checksums for packets, 282
cryptographic keys
generating for DSS, 277
management with IKE (IPSec), 282
cryptography, 277
CSU/DSU
ADSU (ATM CSU/DSU), 80
ATM (ADSU), 84
cards inserted into, 60
CTY line numbering, 39
Custom Queueing (CQ), 221
custom-queue-list command, 222, 421
Cyclic Redundancy Check (CRC), 421
D[ Top ]
D (data) channels, 57
dampening routes, 198, 394
data channels (ISDN), 57
Data Link Connection Identifiers (see DLCIs)
Data Link Layer (OSI networking model), 306, 739
Data Over Cable Interface Specification (DOCSIS), 90
databits command, 48, 422
data-character-bits command, 422
Data-Link Switching Plus (DLSw+), 261
dates and times
calendar, setting, 33
clock commands, 415
Daylight Saving Time, 416
timed access lists, 114
Daylight Saving Time, 33, 416
DCD signal, 480
DCE serial devices, bit rate, 415
dce-terminal-timing enable command, 422
DDR (dial-on-demand routing), 57, 238-255
AAA for, 428
backup DDR for an interface, 440
client snapshot routing, configuring, 436
configuring a simple connection, 239
dialer dtr command, 430
dialer in-band command, 432
dialer profiles, 246-249
legacy, 238
configuration examples, 240-246
phone numbers, 439
MLP (Multilink PPP), 249
show commands, 253-255
snapshot, 250
debug command, 423
debug ip eigrp command, 348
debug list command, 348
debug vpdn pppoe-events command, 89
debugging
buffering output, 350
combining acces list with debug command, 347
router configuration, 346-348
dedicated mode, async interfaces, 379
default route, 425
injecting into IS-IS, 191
default static routes, 126
default-information command, 175, 424
default-information originate command, 191, 425
default-metric command, 148, 155, 426
default-name command, 427
default-originate keyword, 196, 614
de-group, 464
delay command, 427
delay (IGRP metric), 152
delay interval, bridge forwarding, 398
delete command, 428
deleting old IOS image, 25
denial-of-service attacks
ICMP, curbing with rate-limit command, 234
ip directed-broadcasts command, 54
dense mode (multicast routing), 290-294
deny commands, named access lists, 367
deny keyword, 137
deny rules, access lists, 104
DES (Digital Encryption Standard), 277
show commands, 281
description command, 428
designated port, selection by STP, 310
designated router (DR), 170
destinations, copy command, 420
DHCP
IP address of server for UDP broadcasts, 406
IP addresses and dial-in configuration items, 64
server address for router, 493
dialer aaa command, 428
dialer callback-secure command, 429
dialer callback-server command, 429
dialer caller command, 429
dialer dtr command, 430
dialer enable-timeout command, 430
dialer fast-idle command, 245, 430
dialer hold-queue command, 431
dialer idle-timeout command, 245, 432
dialer in-band command, 239, 432
dialer interfaces, 246
dialer pools, 248
rotary groups, 246
dialer isdn command, 433
dialer load-threshold command, 249, 434
dialer map command, 241, 244, 245, 435
dialer map snapshot command, 436
dialer maps, 244-246
show dialer map command, 254
dialer max-link command, 436
dialer pool command, 436
dialer pool-member command, 437
dialer priority command, 438
dialer profiles, 238, 246
dialer remote-name command, 438
dialer rotary-group command, 248, 438
dialer rotor command, 438
dialer string command, 439
dialer wait-for-carrier-time command, 439
dialer watch-disable command, 440
dialer watch-group command, 440
dialer watch-list command, 440
dialer-group command, 431
dialer-list command, 433
dial-in connections
BOOTP parameters, 376
PPP, 62
PPPoE (Point-to-Point Protocol over Ethernet), 88
restricting user access with AAA, 340
(see also asynchronous interfaces)
dial-on-demand routing (see DDR)
Differentiated Services Codepoint (see DSCP)
DiffServ (see DSCP)
Digital Signature Standard (see DSS)
Digital Subscriber Line (see DSL)
dir command, 441
dir flash command, 23
disable command, 441
disabled state (ports), 308
disconnect command, 441
disconnect ssh command, 442
disconnect-character command, 48, 441
disconnecting line automatically, 385
dispatch-character command, 442
distance bgp command, 443
distance command, 442
distance eigrp command, 443
distance-vector protocols, 123
compatibility with snapshot routing, 251
IGRP, 149
distribute-list in command, 444
distribute-list out command, 444
DLCIs (Data Link Connection Identifiers), 71, 72
assigning to frame relay subinterface, 465
defining in router configuration, 74
local DLCI, setting, 467
map class, associating with, 410
mapping IP addresses to, 74-76
explicitly, 75
priority levels, 472
DLSw+ (Data-Link Switching Plus), 261
dlsw peer commands, 261
DMVPN (Dynamic Multipoint VPN), 256, 285-289
configuring a hub, 286
configuring a spoke router, 287
verifying configuration, 289
DNS (Domain Name System)
enabling, 32
hostname lookups, 31
DOCSIS (Data Over Cable Interface Specification), 90
domain-list command, 494
domain-lookup command, 494
domain-name command, 495
domain-password command, 190, 445
domains
broadcast, 307
collision domain, 305, 307
MPLS, 299
private intranets within (VPNs), 302
OSPF, injecting default route into, 425
downward-compatible command, 445
downward-compatible-config command, 445
down-when-looped command, 445
DR (designated router), 170
establishing, 182
drop command, 446
drop precedence, 218
dropping packets
traffic policing, 232
WRED, 230
DSCP (Differentiated Services Codepoint), 217
AF values with corresponding drop precedences, 218
example, 218
DSL (Digital Subscriber Line), 87-90
configuring DSL client router, 88
troubleshooting connections, 89
DSS (Digital Signature Standard), 277
dte-invert-txc command, 446
DTR (Data Terminal Ready), 430
DTR pulsing signals, interval between, 643
duplex modes
full duplex, 475
settings, automatic, 316
DVMRP, 495-499
DXI mode (ATM), 84
dynamic access lists, 364
dynamic IP addresses (async interfaces), 378
dynamic IP mapping, 82
Dynamic Multipoint VPN (see DMVPN)
dynamic routing on async interfaces, 378
E[ Top ]
E1 connections
channel timeslots, 408
controller, 420
early-token-release command, 56, 446
echo requests, used as keepalives, 60
editing command, 649
editing named access lists, 111
EF (Expedited Forwarding), 218
EGPs (exterior gateway protocols), 123
BGP routing decisions, 195
egress router, 299, 301
EIGRP (Enhanced IGRP), 149, 155, 155-166
administrative distance, 443
authentication, 162
auto-summary, disabling, 387
bandwidth, 489
comparison with other interior protocols, 126
configuration, route summarization, 158-161
debugging, limiting output from, 348
default route for incoming/outgoing updates, 424
enabling on network, 156
IGRP network, converting to, 165
load balancing, 139
local-AS numbers, 121
metrics, 124, 162
passive-interface command, 128
redistributing other protocols into, 164
redistribution into OSPF, 180-181
route redistribution from RIF using route maps, 137
show commands, 163
tuning, 162
eigrp log-neighbor-changes command, 163, 447
ELAN (Emulated LAN), 85
default name, 427
name of, 414
E&M interfaces, 93
enable command, 474
configuring IOS image download, 18
entering privileged mode, 3
enable last-resort command, 448
enable mode
IOS and CatOS, 314
securing access, 330-332
enable password, 330
enable secret command, 331
privilege levels, 332
enable password, 31
enable password command, 448
enable secret command, 331, 448
enable use-tacacs command, 449
Encapsulating Security Payload (ESP), 282
encapsulation
Any Transport over MPLS, 449
ARP packets on an interface, 376
automatic detection of types, 384
compression and, 418
method for interface, 449
encapsulation types
ATM, 80
ISDN interfaces, 57
serial interface, 60
encrypted tunnels, 277-289
DES show commands, 281
DMVPN (Dynamic Multipoint VPN), 285-289
DSS and DES algorithms, 277-281
configuring encryption, 278-281
IPSec, 282-284
encryption
enable secret command, 331
passwords, 31, 331
Radius and TACACS+ protocols, 339
end command, 450
End System Identifier (ESI), 84, 380
Enhanced IGRP (see EIGRP)
equal-cost load balancing, 153, 154
erase command, 25, 450
error messages, receiving or blocking, 109
escape characters (terminal line), 709
escape sequences (prompt command), 30
escape-character command, 451
ESI (End System Identifier), 84, 380
ESP (Encapsulating Security Payload), 282
established connections, access lists, 108, 112
Ethernet
bridging and routing IP traffic, 259
bridging SDLC to, using DLSw+, 263
DSL connections, 88, 89
Ethernet interfaces, 56
bridging, 257
configuring IP address, 17
exception core-file command, 451
exception dump command, 451
exception memory command, 452
exception protocol command, 452
exception spurious-interrupt command, 452
excess burst size (Be), 77
exec banner, 36
exec command, 453
exec-timeout command, 337, 453
execution location, IOS image, 14
exit command, 453
exiting configuration mode, 3
expect-send pairs (chat scripts), 239
Expedited Forwarding (EF), 218
explicit mapping, DLCI/IP address, 74
extendable keyword, 271
extended access lists, 101, 106-110
applying to interface or line, 109
established connections, 108
ICMP entries, 109
named, 110
ports, specifying, 107
extended ping, 343
exterior gateway protocols (EGPs), 123
(see also BGP)
external BGP (eBGP), 193
external route summarization, 173
External Summary LSAs, 169
F[ Top ]
facility, log files, 349, 575
fair-queue aggregate-limit command, 455
fair-queue individual-limit command, 455
fair-queue (interface) command, 455
fair-queue limit command, 455
fair-queue (policy-map class), 454
fair-queue qos-group command, 456
fair-queue tos command, 456
fair-queue weight command, 456
Fast Ethernet interfaces, 56
EtherChannel group, 409
fast switching, 139
fddi burst-count command, 457
fddi c-min command, 457
fddi cmt-signal-bits command, 457
fddi duplicate-address-check command, 458
fddi encapsulate command, 458
fddi frames-per-token command, 458
fddi smt-frames command, 459
fddi tb-min command, 459
fddi tl-min-time command, 459
fddi token-rotation-time command, 460
fddi t-out command, 460
fddi valid-transmission-time command, 460
feature set, IOS image, 13
FECN (forward explicit congestion notification), 77
FEP (Front End Processor) interfaces, 263
filenames (IOS image), 11-14
files, copying, 420
filesystem commands, 21
upgrading flash memory, 22
filesystems, deleting files, 428
filtering
BGP routes, 202-206, 395
aggregate filters, 205
AS path filters, 202, 206
community filters, 203-205
incoming routing updates, 444
routing unwanted traffic to the null interface, 55, 127
first-in, first-out (FIFO) queues, 219
flapping routes, 198
flash memory
checking contents with dir flash command, 24
checking for IOS image download, 18
upgrading with filesystem commands, 22
flowcontrol command, 48, 460
forced wait (callbacks), 406
forward explicit congestion notification (FECN), 77
forwarding delay interval (bridge), 398
forwarding information, MPLS, 301
forwarding state (ports), 309
entering immediately with portfast, 312
fragmenting packets before encryption, 287
Frame Relay, 71-79
configuration, 73
mapping IP addresses to DLCIs, 74-76
serial interfaces, 60
show commands, 79
subinterfaces, 50
T1 connection, 2524 router with CSU/DSU card, 61
terminology, 71
traffic shaping, 76-79, 235
frame-relay adaptive-shaping becn command, 79
frame-relay adaptive-shaping command, 461
frame-relay becn-response-enable command, 462
frame-relay broadcast-queue command, 462
frame-relay cir command, 463
frame-relay class command, 463
frame-relay custom-queue-list command, 464
frame-relay de-group command, 464
frame-relay de-list command, 464
frame-relay idle-timer command, 465
frame-relay interface-dlci command, 465
frame-relay intf-type command, 466
frame-relay inverse-arp command, 466
frame-relay ip rtp header-compression command, 466
frame-relay ip tcp header-compression command, 467
frame-relay lmi-type command, 467
frame-relay local-dlci command, 467
frame-relay map bridge command, 469
frame-relay map clns command, 469
frame-relay map command, 76, 468
frame-relay map ip command, 75
frame-relay map ip compress command, 469
frame-relay map ip rtp header-compression command, 470
frame-relay map ip tcp header-compression command, 470
frame-relay mincir command, 471
frame-relay multicast-dlci command, 471
frame-relay payload-compress packet-by-packet command, 471
frame-relay priority-dlci-group command, 472
frame-relay priority-group command, 472
frame-relay route command, 472
frame-relay svc command, 473
frame-relay switching command, 473
frame-relay traffic-rate command, 78, 473
frame-relay traffic-shaping command, 77, 474
fr-atm keyword (auto qos voip), 236
fsck command, 474
FTP, 500
passive, 116
permitting through an access list, 116
ftp-server enable command, 474
ftp-server topdir command, 475
full duplex, 316
full-duplex command, 475
full-help command, 475
fully meshed IBGP routers, 198
FXO (Foreign Exchange Office), 93
gateway to PSTN, 94
FXS (Foreign Exchange Station), 93
G[ Top ]
gatekeeper (VoIP H.323 network), 92, 95
configuration, 96
gateway routers, 113-118
access lists, 33, 114-120
example list, 117
IP address spoofing, 115
permitting FTP, 116
features to disable for tighter security, 333
features to enable for tighter security, 333
interior and exterior routing protocols, 123
reflexive lists, 113
gateways
MGCP, configuring to identify CallManager, 97
VoIP H.323 network, 92, 95
Gigabit interfaces, 56
global commands
arp (global), 376
monitor, 328
VLAN database, 324
global configuration mode, 3
gre multipoint, 286, 718
group-async command, 62
group-range command, 476
groups
bridge group, 399
dialer, 431
H[ Top ]
H.323 standard (VoIP), 91
call routing, 95
half duplex, 316
half-duplex command, 476
half-duplex controlled-carrier command, 476
hanging up the line automatically, 385
hardware
ATM, 80
configuration of asynchronous line, 62
flow control, 43
hardware flow control, 48
hash algorithms, 282
HDLC encapsulation
compression, enabling, 418
ISDN interfaces, 57
serial interfaces, 60
hello interval
EIGRP, 501
IS-IS, 562
OSPF, 527
help
full-help command, 475
help command, 477
hexadecimal values, NSAP addresses, 82
history log, router commands used, 9
hold time
EIGRP, 502
NHRP, 521
hold-character command, 48, 477
hold-down (ignored) state, routes, 198
hold-queue command, 478
hop counts
IGRP, 153
RIP, 144
host tables, 31
hostname command, 29, 478
hostnames, mapping to IP addresses, 31
hosts
available per subnet, 735
MAC address, 306
HSRP (Hot Standby Routing Protocol), 256, 263-267
authentication, configuring, 700
configuring SNAT to work with, 272
load sharing, 266
multiple group, 265
naming a configuration, 265
show standby command, 267
tracking another interface, 265
hssi external-loop-request command, 479
hssi internal-clock command, 479
hub command, 479
hub for DMVPN, configuring, 286
I[ Top ]
ia (interarea), 192
iBGP (internal BGP), 193
implementing, 198
ICMP (Internet Control Message Protocol)
access list entries, 109
responses to mask requests, 509
ICMP Router Discovery Protocol (IRDP), 507
idle terminal session, activation character for, 370
IEEE 802.2 packets, 400
IGMP (Internet Group Management Protocol), 289, 504-506
ip igmp join-group command, 291, 292
multicast routing, sparse mode, 294
IGMP snooping, 298
ignore-dcd command, 480
IGPs (interior gateway protocols), 123
BGP routing decisions, 195, 202
classful or classless, 125
comparison of, 126
distance-vector, 123
link-state, 124
IGRP (Interior Gateway Routing Protocol), 144, 149-155
comparisong with other interior protocols, 126
configuration, basic, 149-155
load balancing, 153
metrics, 151-153
modifying network range, 153
packet size (MTU), 153
converting network to EIGRP, 165
Enhanced (see EIGRP)
local-AS numbers, 121
metric, calculating, 124
passive interfaces, 128
redistributing EIGRP into, 424
redistributing into EIGRP, 165
redistributing other protocols into, 155
IKE (Internet Key Exchange), 282
images, IOS, 11-25
filename, 11-14
feature set, 13
image execution location, 14
platform identifier, 12
loading files through the network, 17-20
RCP, using, 20
SCP, using, 20
TFTP, using, 17-20
new packaging model, 14-16
example of image name, 15
finding a release on Cisco web site, 16
status of the release, 16
using IOS filesystem for, 21-25
upgrading flash memory, 22
incoming connections
access lists, reflexive, 112
modem inout command, 47
packet filters, established keyword and, 109
telnet, specifying as only protocol, 48
ingress router, 299, 301
inheritance, package, 15
Integrated Routing and Bridging (IRB), 259
interactive mode, async interfaces, 379
inter-area route summarization, 173
interface bvi command, 481
interface command, 50, 590
interface configuration mode, 3
interface dialer command, 482
interface group-async command, 482
interfaces
access list (named), applying, 111
applying access lists to, 109
associating with a dialer group, 431
async, 42
asynchronous, 62-64
backup, 388
basic configuration commands, 51-54
IP adress and subnet mask, setting, 52
DDR (dial-on-demand routing), 239
description of, 428
dialer, 246-249
Ethernet, Fast Ethernet, and Gigabit, defining, 56
inbound and outbound reflexive access lists, 113
ISDN, 57
configuration examples, 58-59
IS-IS, 186
loopback, 54
naming and numbering, 50
null, 55
passive, 128
queue list, applying to, 222
serial, 59-61
show commands, 64
clearing counters, 64
listing all interfaces, 65
show interface, 65-68
show interface accounting, 68
show ip interface, 68
show ip interface brief, 70
source address or interface command, 344
specifying for a specific debug command, 348
token ring, 56
tunnels as, 276
types of, 49
VLAN interface commands, 317
interior gateway protocols (see IGPs)
interior routing protocols
EIGRP, 155-166
IGRP, 149-155
IS-IS, 184-192
OSPF, 167-183
RIP, 144-149
Intermediate System-to-Intermediate System (see IS-IS routing protocol)
internal BGP (iBGP), 193, 198
Internal Summary LSAs, 169
Internet Group Management Protocol (see IGMP)
Internet Key Exchange (IKE), 282
Internetwork Operating System (IOS), 1
interval
HSRP, 702
IS-IS, 562
OSPF, 526
TC, 77
Intrusion Detection System (IDS), configuring for a switch, 328
inverse ARP, 76, 466
ATM interface, dynamic IP mapping, 82
configuring for Frame Relay, 466
DLCI/IP address mapping, remote end of link, 74
for Frame Relay, 466
IOS
CatOS and, 314
on switches, 313
IP
access lists, 100
access lists, named, 110
accounting, access violation, 119
bridging and, 258
packets, sending over ATM network, 80
Voice over IP (VoIP), 91-98
ip access-group command, 100, 483
ip access-list command, 110, 483
ip accounting command, 484
ip accounting-list command, 485
ip accounting-threshold command, 485
ip accounting-transits command, 485
ip address command, 52, 486
ip address negotiated command, 486
IP addresses
address pool for async interfaces, 63
asynchronous interfaces, 62, 63
configuring for router Ethernet interface, 17
dialer mapping, 244
dynamic, on async interfaces, 378
Ethernet, Fast Ethernet and Gigabit interfaces, 56
HSRP, 701
loopback interface, 55
mapping hostnames to, 31
mapping to ATM PVCs, 81
mapping to corresponding MAC addresses, 376
mapping to DLCIs, 74-76
explicitly, 75
NSAP addressing and, 185
packets from outside with local addresses, 334
private, Class C, 196
secondary
problems with, 53
setting for interfaces, 52
subinterfaces, 50
token ring interfaces, 56
wasted, with classful routing protocol, 125
ip address-pool command, 487
ip alias command, 47, 487
ip as-path access-list command, 202, 488
ip authentication command, 488
ip bandwidth-percent eigrp command, 489
ip bgp-community new-format command, 489
ip bootp server command, 489
ip broadcast-address command, 490
ip cef command, 300, 490
ip cef traffic-statistics command, 491
ip cgmp command, 491
ip classless command, 491
ip community-list command, 492
ip default-gateway command, 492
ip default-network command, 493
ip dhcp-server command, 493
ip directed-broadcast command, 54, 493
ip domain-list command, 494
ip domain-lookup command, 32, 494
ip domain-name command, 495
ip dvmrp accept-filter command, 495
ip dvmrp auto-summary command, 496
ip dvmrp default-information command, 496
ip dvmrp metric command, 496
ip dvmrp metric-offset command, 497
ip dvmrp output-report-delay command, 497
ip dvmrp reject-non-pruners command, 497
ip dvmrp routehog-notification command, 498
ip dvmrp route-limit command, 498
ip dvmrp summary-address command, 498
ip dvmrp unicast-routing command, 499
ip forward-protocol command, 499
ip ftp passive command, 500
ip ftp password command, 500
ip ftp source-interface command, 500
ip ftp username command, 501
ip hello-interval eigrp command, 501
ip helper-address command, 502
ip hold-time eigrp command, 502
ip host command, 31, 503
ip http command, 503
ip identd command, 504
ip igmp access-group command, 504
ip igmp explicit-tracking command, 504
ip igmp helper-address command, 505
ip igmp join-group command, 291, 292, 505
ip igmp query-interval command, 505
ip igmp query-max-response-time command, 506
ip igmp query-timeout command, 506
ip igmp static-group command, 506
ip igmp version command, 506
ip irdp command, 507
ip load-sharing command, 508
ip local policy route-map command, 138, 508
ip local pool command, 63, 509
ip mask-reply command, 509
ip mroute command, 510
ip mroute-cache command, 510
ip mtu command, 510
ip multicast boundary command, 511
ip multicast cache-headers command, 511
ip multicast helper-map command, 512
ip multicast rate-limit command, 513
ip multicast ttl-threshold command, 514
ip multicast-routing command, 290, 294, 514
ip name-server command, 514
ip nat command, 515
ip nat inside command, 270
ip nat inside destination command, 515
ip nat inside source command, 516
ip nat outside source command, 516
ip nat pool command, 270, 517
ip nat stateful command, 272
ip nat stateful id command, 517
ip nat translation command, 518
ip nbar pdlm command, 519
ip nbar port-map command, 519
ip nbar protocol-discovery command, 225, 520
ip netmask-format command, 520
ip nhrp authentication command, 520
ip nhrp command, 286
ip nhrp holdtime command, 521
ip nhrp interest command, 521
ip nhrp map command, 521
ip nhrp map multicast command, 287, 522
ip nhrp max-send command, 522
ip nhrp network-id command, 522
ip nhrp nhs command, 523
ip nhrp record command, 523
ip nhrp responder command, 523
ip nhrp server-only command, 524
ip nhrp trigger-svc command, 524
ip nhrp use command, 524
ip ospf authentication command, 525
ip ospf authentication-key command, 525
ip ospf cost command, 525
ip ospf dead-interval command, 526
ip ospf demand-circuit command, 526
ip ospf hello-interval command, 527
ip ospf message-digest-key command, 527
ip ospf name-lookup command, 527
ip ospf network command, 527
ip ospf priority command, 528
ip ospf retransmit-interval command, 528
ip ospf transmit-delay command, 529
ip pim accept-rp command, 530
ip pim command, 529
ip pim dense-mode command, 290
ip pim message-interval command, 530
ip pim minimum-vc-rate command, 530
ip pim multipoint-signalling command, 531
ip pim nbma-mode command, 531
ip pim neighbor-filter command, 531
ip pim query-interval command, 532
ip pim rp-address command, 532
ip pim rp-announce-filter command, 532
ip pim send-rp-announce command, 533
ip pim send-rp-discovery command, 533
ip pim sparse-dense mode command, 297
ip pim sparse-mode command, 294
ip pim vc-count command, 534
ip pim version command, 534
ip policy command, 138
ip policy route-map command, 535
ip policy-list command, 534
IP Precedence values, 397
dropping packets based on, 230
DSCP and, 217
ip proxy-arp command, 54, 535
ip radius source-interface command, 536
ip rarp-server command, 536
ip rcmd rcp-enable command, 536
ip rcmd remote-host command, 537
ip rcmd remote-username command, 537
ip rcmd rsh-enable command, 537
ip redirects command, 538
ip rip authentication command, 538
ip rip receive version command, 539
ip rip send version command, 539
ip rip triggered command, 540
ip rip v2-broadcast command, 540
ip route command, 540
creating backup static routes, 127
ip route priority high command, 542
ip route profile command, 543
ip route-cache command, 541
ip route-cache policy command, 542
ip router isis command, 543
IP routing
administrative distance, 124
autonomous system (AS) numbers, 121-123
distance-vector protocols, 123
fast switching and process switching, 139-141
interior and exterior gateway protocols, 123
link-state protocols, 124
passive interfaces, 128
show commands, 141-143
split horizon, 128
static routes, 126-128
ip routing command, 543
ip rtp compression-connections command, 543
ip rtp header-compression command, 544
ip rtp priority command, 544
ip scp server enable command, 545
ip source-route command, 545
ip split-horizon command, 545
ip ssh command, 546
ip subnet-zero command, 546
ip summary-address eigrp (interface) command, 547
ip summary-address rip command, 547
ip tcp chunk-size command, 547
ip tcp compression-connections command, 547
ip tcp header-compression command, 548
ip tcp mtu-path-discovery command, 548
ip tcp queuemax command, 549
ip tcp synwait-time command, 549
ip tcp window-size command, 549
ip telnet source-interface command, 550
ip tftp source-interface command, 550
ip unnumbered command, 125, 286, 550
ip unreachables command, 54, 551
ip vrf command, 302
ip vrf forwarding command, 302
IPcomp (IP Compression), 282
IPSec tunneling, 282-284
configuring profile for DMVPN, 286
IPv4 subnetting, 731-737
IPv6, 740-742
IRB (Integrated Routing and Bridging)
bridge irb command, 403
CRB vs., 398
IRDP (ICMP Router Discovery Protocol), 507
isdn answer1, isdn answer2 command, 552
isdn autodetect command, 552
isdn bchan-number-order command, 552
isdn busy command, 553
isdn call interface command, 553
isdn caller command, 553
isdn calling-number command, 554
isdn conference-code command, 554
isdn disconnect interface command, 554
isdn fast-rollover-delay command, 555
isdn incoming-voice command, 555
ISDN interfaces, 57
bit rate for B channel, 433
configuration examples, 58-59
configuring with dialer map command, 244
encapsulation types, 385
show isdn active command, 254
using multilink PPP (MLP), 250
isdn leased-line bri 128 command, 555
isdn not-end-to-end command, 556
isdn nsf-service command, 556
isdn outgoing-voice command, 556
isdn overlap-receiving, 556
isdn send-alerting command, 557
isdn sending-complete command, 557
isdn service command, 557
isdn spid1 (spid2) command, 558
isdn switch-type command, 558
isdn tei command, 559
isdn tei-negotiation command, 559
isdn transfer-code command, 559
isdn twait-disable command, 560
isdn voice-priority command, 560
isis advertise-prefix command, 560
isis authentication key-chain command, 561
isis authentication mode command, 561
isis authentication send-only command, 561
isis circuit-type command, 562
isis csnp-interval command, 562
isis hello-interval command, 562
isis hello-multiplier command, 563
isis lsp-interval command, 563
isis metric command, 563
isis password command, 564
isis priority command, 564
isis retransmit-interval command, 564
isis retransmit-throttle-interval command, 565
IS-IS routing protocol, 126, 184-192
authentication, 190
configuration example, 187-189
enabling and interface for, 186
injecting a default route, 191
level 1 and level 2, 184
metric tuning, 191
NSAP addressing, 185
password authentication for an area, 373
passwords, 445
route leaking, 192
show commands, 189
ISL (Inter-Switch Link) protocol, 319
ISPs
connecting remote network to, using bridging, 257
router configuration example (BGP), 200
is-type command, 565
J[ Top ]
join-group command, problems caused by, 292
K[ Top ]
keepalive command, 565
keepalives, echo requests as, 60
key chain command, 566
key command, 706
key config-key command, 567
keyboard shortcuts (command-line editing), 6
keys (encryption), public/private pairs, 280
key-string command, 567
keywords
additive, 205
BOOTP, 376
default-originate, 197
established, 108, 112
log-input, 119
next-hop-self, 197
permit and deny, 137
reflect, 113
remark, 114
shape command, 234
show commands, 8
L[ Top ]
Label Distribution Protocol (LDP), 607
Label Switched Controlled Virtual Circuits (LVCs), 410
Label Switched Path (LSP), 299
Label Switching Router (LSR), 299
LAN Emulation Client (LEC), 85
configuring, 86, 87
LAN Emulation Configuration Server (LECS), 85
address, configuring, 380
LAN Emulation (LANE), 80, 85-87
client address, adding to database, 414
configuration, 85
show commands, 87
LAN Emulation Server (LES), 85
configuring LES/BUS, 86
lane auto-config-atm-address command, 86, 567
lane bus-atm-address command, 568
lane client command, 87, 568
lane client-atm-address command, 568
lane config database command, 569
lane config-atm-address command, 569
lane database command, 569
lane fixed-config-atm-address command, 570
lane global-lecs-address command, 570
lane le-arp command, 570
lane server-atm-address command, 571
lane server-bus command, 86, 571
LANs, virtual (see VLANs)
LAPB (Link Access Procedure Balanced) encapsulation, 385
latency of an interface, 427
layer 2 switches, 306
layer 3 switches, 306
LDP (Label Distribution Protocol), 607
leaking, route, 192
learning state (ports), 309
LECS (see LAN Emulation Server)
legacy DDR, 246
backup links, 241-244
dialer maps, 244-246
phone numbers, 439
sample configurations, 240-246
length, CRC checksum, 421
levels (debugging), 423
levels of network service (AF), 218
line command, 38-40, 571
absolute and relative line numbering, 39
applying to group of lines, 39
line commands, 38
asynchronous ports (TTYs), 42
automatic execution of, 384
auxiliary (AUX) ports, 43
communication parameters, 48
console port, 40
reverse telnet, 46
session limits and timeouts, 48
show line, 44-46
special characters and key sequences, 48
transport type, 48
virtual terminals (VTYs), 41
line configuration mode, 4
linecode command, 572
linenumber command, 659
lines
access list, applying to, 364
applying standard access list to, 110
Link Access Procedure Balanced (LAPB) encapsulation, 385
links (open), maximum number for dialer, 436
link-state advertisements (LSAs), 168
link-state protocols, 124
OSPF, 167
link-test command, 572
listening state (ports), 308
LMI (Local Management Interface), 72, 467
load balancing
EIGRP, 139
IGRP, 153
load sharing vs., 140
multilink PPP, DDR connections, 249
load (IGRP metric), 152
load sharing, 140
CEF (Cisco Express Forwarding), 508
HSRP, using, 266
local preference (BGP routing), 194, 201
default value, 395
modifying, 210
local usernames and passwords, 358
local-AS numbers, 121
location command, 41, 691
Lock and Key feature, 364
logging, 349-352
access list violations, 119
BGP neighbor status changes, 396
buffering output, 350
configuring, 349
eigrp log-neighbor-changes command, 163
severity levels, syslog, 350
XML formatting of output, 351
logging buffered command, 119, 350, 573
logging buffered xml command, 574
logging command, 573
logging console command, 574
logging console xml command, 574
logging count command, 575
logging facility command, 349, 575
logging history command, 576
logging history size command, 576
logging host command, 576
enabling XML logging, 352
logging monitor command, 577
logging on command, 577
logging source-interface command, 577
logging synchronous command, 578
logging trap command, 349, 578
login authentication command, 579
login command, 579
login local command, 339
log-input keyword, 119
logins
AAA authentication method, 359
banner message, 391
console ports, 41
logout-warning command, 580
loopback command, 580
loopback interfaces, 54
loops
introduction into STP with portfast command, 312
prevention by STP, 311
prevention with spanning tree, 307
Low-Latency Queuing (LLQ), 230
LSAs (link-state advertisements), 168
LSP (Label Switched Path), 299
LSR (Label Switching Router), 299
LVCs (Label Switched Controlled Virtual Circuits), 410
M[ Top ]
MAC (Media Access Control) addresses
access list filtering for bridge group interface, 400
bridging, 257
creating unique NSAP address, 185
layer 2 switches, 306
learning by bridges and switches, 305
learning by layer 2 switches, 306
limiting detection of, 322
mapping to corresponding IP addresses, 376
show mac-address-table command, 316
virtual, 264
mac-address-table aging-time command, 582
mac-address-table dynamic command, 582
mac-address-table secure command, 582
mac-address-table static command, 583
management software, use of loopback interface address, 55
management VLAN (see VLANs)
map class, association with DLCI, 410
map-class dialer command, 583
map-class frame-relay command, 584
map-group command, 585
map-list command, 82, 383
marking, 217-219
Assured Forwarding (AF), 218
DSCP, 217
DSCP example, 218
Expedited Forwarding (EF), 218
ToS, types of, 217
match access-group command, 586
match any command, 586
match as-path command, 586
match class-map command, 587
match commands for MQC class-map, 227
match community-list command, 588
match cos command, 588
match destination-address mac command, 588
match discard-class command, 589
match dscp command, 589
match fr-dlci command, 589
match input-interface command, 589
match interface command, 590
match ip address command, 590
match ip dscp command, 590
match ip next-hop command, 136, 591
match ip precedence command, 591
match ip route-source command, 136, 591
match ip rtp command, 591
match length command, 592
match metric command, 592
match mpls experimental command, 593
match mpls-label command, 593
match not command, 593
match packet length command, 594
match precedence command, 594
match protocol command, 594
match qos-group command, 595
match route-type command, 595
match source-address mac command, 596
match tag command, 596
match-all option (class map), 226
match-any option (class map), 226
Maximum Transmission Unit (MTU), 153, 510
maximum-paths command, 596
max-reserved-bandwidth command, 597
MCU (Multipoint Control Unit), 92
MD5 message-digest algorithm, 148
MED (multi-exit discriminator), 194, 392, 396
route selection, role in, 195
Media Access Control (see MAC addresses)
Media Gateway Control Protocol (see MGCP)
media-type command, 597
member command, 63, 597
menu command, 598
menu command command, 598
menu text command, 599
menu title command, 599
message-of-the-day (motd) banners, 36, 391
metric holddown command, 600
metric maximum-hops command, 600
metric weights command, 600
metrics
BGP routing, 194, 201
default-metric command, 426
distance-vector protocols, 123
DVRMP, 496
equal-cost load balancing, IGRP, 153
IGRP, 151-153
IGRP and EIGRP, 149
IS-IS, 191, 563
modifying with route map, 136
redistributing routing protocols into RIP, 148
MGCP (Media Gateway Control Protocol), 91, 92
call routing, 97
military (24-hour) time, 32
MIP (Multi-Channel Interface Processor) cards, 61
mkdir command, 601
MLP (Multilink PPP), 249
modem callout command, 47
modem command, 601
modem inout command, 47
modems
chat scripts, 409
dial string, 439
DTR signaling, 430
router communication with, 239
TTY connections to, 42
modes
enable, 447
EXEC, 447
SNMP access, 34
Modular QoS CLI (see MQC)
monitor command, 328
monitor session command, 602
more command, 603
--More-- prompt, stopping, 28
MOSPF (Multicast OSPF), 169
motd (message-of-the-day) banners, 36, 391
motd-banner command, 603
mpls atm control-vc command, 604
mpls atm cos command, 604
mpls atm disable-headend-vc command, 604
mpls atm multi-vc command, 605
mpls atm vpi command, 605
mpls atm vp-tunnel command, 605
mpls command, 300
mpls cos-map command, 606
mpls ip command, 606
mpls ip default-route command, 606
mpls ip encapsulate explicit-null command, 607
mpls ip ttl-expiration pop command, 607
mpls label protocol command, 607
mpls label range command, 608
mpls mtu command, 608
MPLS (Multiprotocol Label Switching), 257, 298-304
configuring, 300
incremental deployment, 301
verifying configuration, 301
VPN, 302-304
mpls prefix-map command, 608
mpls request-labels for command, 609
MQC (Modular QoS CLI), 216, 226-229
defining class maps, 226-227
defining QoS policy, 228
implementing CBWFQ, 229
service policy, defining where to apply, 229
traffic policing, 232
mrinfo command, 609
mstat command, 609
mtrace command, 610
mtu command, 610
MTU (Maximum Transmission Unit), 153, 510
Multicast OSPF (MOSPF), 169
multicast routing, 257, 289-298, 510
bridge groups, forwarding multicast packets, 404
CGMP (Cisco Group Management Protocol), 298
dense mode, 290-294
IGMP (Internet Group Management Protocol), 289
PIM, 529-534
RPF (Reverse Path Forwarding), 290
sparse mode, 294-298
Multi-Channel Interface Processor (MIP) cards, 61
multi-exit discriminator (MED), 194, 392, 396
multilink command, 250
multipoint connections, configuring, 75
Multipoint Control Unit (MCU), 92
Multipoint GRE tunnels, 286, 718
multipoint networks, 73
multipoint subinterfaces, disabling split horizon, 128
Multiprotocol Label Switching (see MPLS)
N[ Top ]
name elan-id command, 610
name local-seg-id command, 611
name preempt command, 611
name server-atm-address command, 611
named access lists, 110, 367
creating, 483
names
authentication name for remote router, 438
interface, 50
route maps, 136
router, 29
SNMP community string, 34
NAT (Network Address Translation), 88, 256, 267-273, 515-518
cable networks, 90
mapping incoming ports to different NAT addresses, 270
overloading, 269
show commands, 271
Stateful NAT (SNAT), 272-273
NBAR (Network-Based Application Recognition), 216, 224, 519
VoIP traffic identification, 236
NBMA (Non-Broadcast Multi-Access), 531
neighbor advertisement-interval command, 613
neighbor authentication in BGP, 211
neighbor command, 612
BGP routing, 196
default-originate keyword, 197
iBGP routers, 198
next-hop-self keyword, 197
route map, applying, 204
use with passive-interface command, 129
neighbor database-filter command, 614
neighbor default-originate command, 614
neighbor description command, 614
neighbor device, information about, 36
neighbor distribute-list command, 615
neighbor filter-list command, 615
neighbor maximum-prefix command, 615
neighbor next-hop-self command, 616
neighbor password command, 616
neighbor peer-group command, 617
neighbor prefix-list command, 617
neighbor remote-as command, 618
neighbor route-map command, 618
neighbor route-reflector-client command, 619
neighbor send-community command, 619
neighbor send-label command, 619
neighbor shutdown command, 620
neighbor soft-reconfiguration inbound command, 620
neighbor timers command, 621
neighbor update-source command, 621
neighbor version command, 622
neighbor weight command, 622
neighbors
BGP, logging status changes for, 396
EIGRP, 163
peer groups in BGP, 212
net command, 185, 623
Network Address Translation (see NAT)
network backdoor command, 624
network command, 145, 623
OSPF, 170
network layer (OSI model), 739
Network LSAs, 168
Network Service Access Point (see NSAP)
Network Time Protocol (NTP), 33
network weight command, 624
Network-Based Application Recognition (see NBAR)
networking, 731-742
ATM (Asynchronous Transfer Mode), 79-87
bridging, 257-263
cable, 90
DSL (Digital Subscriber Line), 87-90
Frame Relay, 71-79
HSRP (Hot Standby Routing Protocol), 263-267
IPv4 subnetting, 731-737
IPv6, 740-742
multicast routing, 289-298
Multiprotocol Label Switching (MPLS), 298-304
NAT (Network Address Translation), 267-273
OSI model, 306, 738-740
preventing spoofing attacks, 115
segmenting networks, 305
SNMP (Simple Network Management Protocol), 34-35
tunnels, 274-289
encrypted, 277-289
Voice over IP (VoIP), 91-98
next hop, 124, 136
modifying with route maps, 136
next-hop address, 201
next-hop-self keyword, 196, 197
NHRP (Next-Hop Resolution Protocol), 520-524
configuring hub for DMVPN, 286
no cable-modem compliant bridge command, 90
no ip route-cache command, 141
no ip routing command, 258
no ip unreachables command, 55
no prompt command, 30
no shutdown command, 51
Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, 56
no-advertise community, 204
non-passive FTP connections, 116
nonvolatile memory (NVRAM), 25
not-so-stubby areas (see NSSAs)
nrzi-encoding command, 625
NSAP (Network Service Access Point), 82, 185
ATM end-system address, 381
ELAN clients, 86
NSSA External LSA, 169
NSSAs (not-so-stubby areas), 169, 175
area nssa command, 373
ntp access-group command, 625
ntp authenticate command, 626
ntp authentication-key command, 626
ntp broadcast client command, 626
ntp broadcast command, 626
ntp broadcastdelay command, 627
ntp clock-period command, 33
ntp disable command, 627
ntp master command, 34, 627
NTP (Network Time Protocol), 33
configuring, 415
Radius session duration, converting to, 356
ntp peer command, 628
ntp server command, 33, 628
ntp source command, 629
ntp trusted-key command, 629
ntp update-calendar command, 629
null interface, 55
static route to, 127
numbers
access list, 106, 110, 365
autonomous system (AS), 121-123
NVRAM (nonvolatile memory), 25
O[ Top ]
offset-list command, 630
Open Shortest Path First (see OSPF)
origin types (AS paths), 195
OSI networking model, 306, 738-740
ospf auto-cost reference-bandwidth command, 630
ospf cost command, 174
ospf log-adj-changes command, 631
OSPF (Open Shortest Path First), 144, 167-183, 525-529
area stub commmand, 374
areas, 167
types of, 169
BGP network router, 207
Cisco routers, interoperability with other vendors, 174
comparison with other interior protocols, 126
configuration examples, 171-172, 176-180
cost for default summary route, 372
default routes, 175, 425
designated router (DR), 170
enabling on network, 170
link-state advertisements (LSAs), 168
NSSAs (not-so-stubby areas), 175
passive-interface command, 128
password authentication, 372
process IDs, 122
redistributing other protocols into, 180-181
route summarization, 173, 178
router ID, 170, 672
router types, 167
show commands, 181-183
testing BGP router configuration, 209
virtual backbone links, 173
virtual links, 374
outgoing connections
access lists, 101
efficiency of, 105
modem callout command, 47
modem inout command, 47
reflexive access lists, 111, 113
reverse telnet, configuring TTY line for, 47
output, pausing, 7
output-delay command, 631
P[ Top ]
package inheritance, 15
packages (new Cisco 12.3 model), 14-16
packet size (MTU), 153
packet sniffers, emulating with access lists, 119
packets
from outside with local IP address, 334
received by an interface, 68
TTL (Time to Live), 345
padding command, 631
parity command, 48, 632
passive interfaces
DDR connections, using for, 246
route maps, 136-139
route redistribution, 129-136
passive-interface command, 128, 632
password command, 726
passwords
enable, 31
enable mode, 448
IS-IS domains, 445
local, 358
neighbor authentication in BGP, 211
PAT (port address translation), 271
path cost for an interface (bridge group), 402
paths
AS (autonomous system), 195
IOS filesystem notation, 22
PBR (Policy-Based Routing), 542
PBX (Private Branch Exchange), 93
PE routers for VPNs, 302
peer default ip address command, 62, 63, 633
peer groups, 211
peer neighbor-route command, 634
peers
BGP confederation, 394
DLSw+ (Data-Link Switching Plus), 261
resetting BGP sessions, 396
periodic time range, 114
permanent virtual circuits (see PVCs)
permit and deny commands (named access lists), 367
permit and deny keywords, 137
phase-shifting of data on high-speed data lines, 422
phone service (see VoIP)
physical characteristics, line, 38
physical layer (OSI model), 740
physical-layer command, 634
PIM (Protocol Independent Multicast)
Bootstrap Router (BSR), 297
PIM (Protocol-Independent Multicast), 290, 529-534
ping, 18, 342-345
blocking packets with dialer lists, 246
to broadcast address, 343
extended ping, 343
ping command, 342
receiving or blocking packets, 109
ping command, 634
platform identifier for IOS image, 12
point-to-point connections, 72
subinterfaces for multipoint connection, 76
point-to-point serial links, encapsulation types, 385
police command, 232, 635
policy map commands, 228
policy maps
bandwidth for, 389
class to change or modify, 411
policy-map command, 636
pool command, 273
pool commands, 63
pools
dialer, 248, 436
IP addresses, 63, 509
port security command, 322
port security max-mac-count commands, 322
port states (STP), 308
transitions, 309
portfast command, 312
ports
console, 40
IP, reflexive access lists and, 113
specifying for extended access lists, 107
UDP and TCP, mapping to internal addresses, 271
using as a trunk, 319
POTS (Plain Old Telephone Service), 93
ppp authentication command, 636
ppp bridge ip command, 637
ppp chap command, 637
ppp command, 729
ppp compress command, 637
ppp multilink command, 638
PPP (Point-to-Point Protocol)
AAA authentication method, 360
assigning IP addresses to peers with DHCP, 64
asynchronous interfaces, 62
callbacks for non-DTR dialer interface, 435
compression, enabling, 418
dial-on-demand (DDR), asynchronous interfaces, 239
DSL connections, 89
encapsulation protocol for ISDN links, 57
Multilink PPP (MLP), 249
peers connecting to async group interfaces, 63
serial interfaces, 60
ppp quality command, 638
ppp reliable-link command, 638
ppp use-tacacs command, 639
PPPoE (Point-to-Point Protocol over Ethernet), 88
troubleshooting DSL connections, 89
Precedence values (ToS), 217
preempt command, 263
prefixes, IOS filesystem notation, 22
PRI (Primary Rate Interface), 57
primary command, 273
priorities
bridge, 404
bridge group, 402
dialer, within rotary group, 438
DLCI, 472
DR router, defining, 182
priority command, 230, 263
priority queuing, 220
Low-Latency Queuing (LLQ), 230
priority-group command, 472
priority-list command, 639
private addresses, 736
private AS numbers for internal networks, 196
private Class C IP addresses, 196
privilege level (global) command, 641
privilege level (line) command, 642
privilege levels, enable access, 332
privileged command set, access to, 358
privileged mode, 3
configuration submode, 3
disabling, 441
enable password, 31
(see also enable mode)
process switching, 139, 140
enabling on an interface, 141
prompt command, 642
prompts
privileged mode, 3
privileged mode submodes, 3
setting with prompt command, 30
user mode, 2
Protocol-Independent Multicast (see PIM)
protocols
bridging unless explicitly routed, 258
defining for line (transport command), 48
not routable, bridging across network, 257
packets and characters transmitted from an interface, 68
routing on a specific bridge group, 405
proxy ARP on an interface, 54
PSTN (Public Switched Telephone Network), 93
FXO gateway to, 94
public and private cryptographic keys
generating for DSS, 277
IPSec, 282
management with IKE (IPSec), 282
pulse-time command, 643
pvc command, 643
PVCs (permanent virtual circuits), 80
atm pvc command, 381
atm-vc command, 383
configuring, 81
dynamic IP mapping, 82
static IP mapping, 81
DSL client router, 88
Q[ Top ]
QDM (QoS Device Manager), 237
QoS Device Manager (QDM), 237
qos pre-classify command, 643
QoS (quality of service), 216-237
auto qos voip command, 386
AutoQoS, 235
congestion avoidance, 230-231
for voice traffic, 91
IP precedence or group ID, setting, 397, 669
marking packets, 217-219
modern IOS tools, 224-230
NBAR, 224
QDM (QoS Device Manager), 237
queuing based on group numbers, 456
queuing methods, older, 219-223
traffic policing, 232-234
traffic shaping, 234
quality of service (see QoS)
queue-length policy command, 229
queue-limit command, 229, 644
queue-list command, 644
queuing
custom queue list, applying to an interface, 421
outgoing TCP packets, 549
packets for dial-up connection, 431
queuing methods (QoS)
modern
CBWFQ, 229
Low-Latency Queuing, 230
MQC (Modular QoS CLI), 226-229
older, 219-223
applying a queue to an interface, 222
custom queuing, 221
FIFO, 219
priority queuing, 220
queues based on protocol type, 222
setting queue size, 221
Weighted Fair Queuing (WFQ), 223
R[ Top ]
Radius protocol, 339
downloading static routes from server, 362
group of servers, defining, 362
session duration adjusted to NTP clock, 356
radius-server command, 646
random-detect command, 231, 647
random-detect discard-class command, 647
random-detect discard-class-based command, 648
random-detect dscp command, 648
random-detect ecn command, 649
random-detect exponential-weighting-constant command, 649
random-detect flow command, 649
RARP (Reverse ARP), 536
RAS (Registration Admission and Status), 92
rate, DCE, 415
rate-limit command, 233, 650
example of use, 233
rates, traffic, 232
RCP (Remote Copy Protocol), 11
configuring, 536
downloading files, 20
saving configuration to network server, 28
transferring access list from/to router, 120
redistribute command, 155, 651
redistributing routing protocols
into EIGRP, 164
into OSPF, 180-181
into RIP, 148
RIP into IGRP, 155
RIP into OSPF, 175
reflect command, 112
reflect keyword, 113
reflectors, route, 393
reflexive access lists, 111-113
important facts about, 113
inbound and outbound, applying to an interface, 113
inbound, creating, 112
timeout, setting, 113
refuse-message command, 652
register, configuration, 418
Registration Admission and Status (RAS), 92
regular expressions
^$, matching routes in a given AS, 206
AS path filters, 202
AS path, listed, 203
editing show command output, 27
relative line numbering, 39
reliability (IGRP metric), 152
reload command, 19, 653
remark keyword, 114
remote networks, connecting to an ISP with bridging, 257
remote servers, copying and viewing files on, 22
Rendezvous Points (see RPs)
Reverse ARP (RARP), 536
Reverse Path Forwarding (see RPF)
reverse telnet, 46
authorization, 362
banner messages for incoming connections, 390
ring-speed command, 56, 654
RIP (Routing Information Protocol), 144-149, 538-540
AS numbers and, 122
backup static routes, 127
comparison with other interior protocols, 126
configuration, basic, 145
debugging packets, 347
metric, 124
passive interfaces, 128
redistributing IGRP into, 155
redistributing into EIGRP, 137, 164
redistributing other protocols into, 148
redistribution into OSPF, 175
RIPv2, 126, 144
authentication, 148
enabling, 147
rlogin command, 654
rmdir command, 654
root bridge, 308
selection by STP, 309
uplinkfast command and, 312
root port
selection by STP, 310
switching with uplinkfast command, 312
root switch, 308
rotary groups (dialer), 246, 438
route dampening, 198
route leaking, 192
route maps, 136-139
applying in the neighbor command, 204
changing local preference, BGP network, 210
enforcing routing policy, 137
enforcing routing policy with ip policy command, 138
route redistribution, 129-136
from RIP into EIGRP using route maps, 137
route reflectors, 213, 393
route status codes, 201
route summarization
auto-summary command, 387
EIGRP and, 158-161
enabling on specific interface, 161
OSPF, 173
OSPF network, 178
RIP network, 147
route-map command, 654
router bgp command, 195
router command, 543
OSPF, 170
router configuration mode, 4
router ID, 55
Router Link LSAs, 168
router rip command, 145
routers
configuration, 25
configuration, basic, 29-37
banners, 36
Cisco Discovery Protocol (CDP), 35
comments, 30
enable password, 31
enabling SNMP, 34-35
mapping hostnames to IP addresses, 31
setting router name, 29
setting system prompt, 30
setting the time, 32-34
editing configuration, 3
IOS image, 11
as multicast clients, 292
rebooting, 19
security, 330-341
enable mode access, 330-332
restricting access, 336-341
as standalone DHCP servers, 64
switches and, 305
system clock, setting, 416
troubleshooting, 342-348
trunking, enabling, 320-322
VPN, 302
routes
filtering, 133-136
filtering in BGP, 202-206
aggregate filters, 205
AS path filters, 202
community filters, 203-205
redistributing (see redistributing routing protocols)
static, 126-128
routing
enabling on cable modem, 90
interface, 543
local, 508
NET, 623
Routing Information Protocol (see RIP)
routing loops
detection using AS paths in BGP, 195
prevention with split horizong, 128
routing policy, enforcing with ip policy command, 138
routing protocols
exterior (see BGP)
interior
EIGRP, 155-166
IGRP, 149-155
IS-IS, 184-192
OSPF, 167-183
RIP, 144-149
RPF (Reverse Path Forwarding), 290, 294
RPs (Rendezvous Points), 294-298, 532
Auto-RP and sparse-dense mode, 296
RSA keys, creating, 337
rsh command, 656
RST (Reset) and ACK bits, 108, 112
RTC calendar, 415
RTP (Real-Time Transport Protocol), 93, 543
running configuration, 25
copying into startup configuration, 25
displaying, 26
loading, 26
saving to network server, 28
saving to startup configuration, 26
rxspeed command, 48, 657
S[ Top ]
saving configuration to network server, 28
SCP (Secure Copy Protocol), 11
downloading IOS image files, 20
saving configuration to network server, 28
SDLC (Synchronous Data Link Control), 263
secondary command, 53
secondary IP addresses, 52
problems with, 53
Secure Hash Algorithm (SHA), 282
Secure Shell (see SSH)
security, 330-341
access list updates, 119
auto secure command, 335
callback dialing, 429
CDP and, 36
console port, 41
debug ip packet command, 346
enable mode access, 330-332
features to disable on gateway router, 333
features to enable on gateway router, 333
features to enable on gateway routers
denying packets with local IP address sent from outside, 334
warning banners, 335
gateway router access list, building, 114
null interface, using, 56
ports used as trunks, 322
remote shell protocols, problems with, 20
restricting access to routers, 336-341
users and authentication, 338-341
virtual terminal access, 336
tunnels and, 274
segmenting networks, 305
selector byte field (ATM address), 380
send command, 657
serial devices, clock rate, 415
serial interfaces, 59-61
bandwidth command, IGRP, 149
encapsulation types, 60
T1 configuration on 2524 router with CSU/DSU card, 60
T1 connection, 60
server mode (VTP), 323
server (NTP), router used as, 33
service command, 658
service compress-config command, 659
service linenumber command, 41, 659
service password-encryption command, 31, 331
service profile identifier (SPID), 57, 558
Service Specific Connection Oriented Protocol), 700
Service Specific Connection Oriented Protocol (SSCOP), 699
service-module 56k command, 660
service-module command, 60
service-module t1 command, 660
service-policy (interface) command, 661
service-policy (policy-map) command, 662
Session Initiation Protocol (SIP), 91, 98
session layer (OSI model), 739
session protocol sipv2 command, 98
session type, automatic selection of, 387
session-limit command, 48, 663
session-timeout command, 48, 663
set as-path command, 663
set atm-clp command, 664
set automatic-tag command, 665
set commands (CatOS), 314
set community command, 205, 665
set cos command, 665
set default interface command, 666
set discard-class command, 666
set dscp command, 667
set fr-de command, 667
set interface command, 668
set ip default next-hop command, 668
set ip next-hop command, 668
set ip precedence command, 669
set ip tos command, 669
set level command, 669
set local-preference command, 670
set metric command, 670
set metric-type command, 671
set metric-type internal command, 671
set mpls-label command, 672
set origin command, 672
set ospf router-id command, 672
set precedence command, 673
set qos-group command, 673
set tag command, 674
set weight command, 675
set-overload-bit command, 673
setup command, 674
severity levels (logging), 349
syslog, 350
SHA (Secure Hash Algorithm), 282
shape command, 234, 675
show access-list command, 113, 118
show async bootp command, 64
show auto qos, 237
show auto secure config command, 336
show bridge command, 260
show bridge group command, 261
show cdp neighbor command, 36
show command, 676
VLANs on a trunk, 320
show commands, 7-10
ATM (Asynchronous Transfer Mode), 84
BGP, 200
DDR, monitoring, 253-255
Frame Relay, 79
H.323 configurations, 96
interface, 64
IOS and CatOS, 314
LANE (LAN Emulation), 87
in user mode, 2
viewing router configuration, 7
show crypto engine command, 284
show crypto engine configuration command, 281
show crypto engine connections active command, 281
show crypto key mypubkey dss command, 278
show dlsw peers command, 262
show dlsw reachability command, 262
show flash command, 18, 22
show history command, 9
show hosts command, 32
show interface command
encapsulation type, serial interfaces, 60
switch duplex and speed settings, 316
tunnels, 276
verifying WRED, 231
show interface commands
clearing counters, 65
show interface, 65-68
show interface accounting, 68
show ip interface, 68
show ip interface brief, 70
show interfaces command, 51
show ip bgp command, 201, 208
show ip eigrp neighbors command, 163
show ip eigrp topology command, 163
show ip eigrp traffic command, 164
show ip mroute command, 293
show ip nat statistics command, 271
show ip nat translations command, 271
show ip nbar protocol-discovery command, 225
show ip nhrp command, 289
show ip ospf border routers command, 182
show ip ospf database command, 182
show ip ospf interface command, 183
show ip ospf neighbor command, 178, 182
show ip pim interface command, 293
show ip pim neighbor command, 293
show ip protocols command, 143
show ip route command, 141
BGP, 200
BGP router, 209
testing default route, 211
IGRP routing, 151
OSPF network, 177
tunnels, 276
verifying DMVPN configuration, 289
show ip route summary command, 142
show ip ssh command, 338
show ip vrf command, 304
show ip vrf interface command, 304
show isis database command, 189
show isis topology command, 189
show line command, 44-46
fields in output, 44, 45
show logging command, 350
show logging xml command, 351
show mac-address-table command, 306, 316
show mgcp command, 98
show monitor command, 328
show mpls forwarding-table command, 301
show mpls interfaces command, 301
show port monitor command, 328
show queue command, 224
show queueing command, 223
show queuing priority command, 221
show slot0 command, 22
show spanning-tree command, 312
show standby command, 267
show startup-config command, 26
show users all command, 40
show users command, 10
show version command, 8
displaying IOS image name, 11
listing all interfaces, 65
verifying new IOS image, 23
show VLAN brief command, 316
interfaces in VLANs, 318
show vpdn command, 90
shutdown command, 51, 620
side effects to an interface shutdown, 51
Simple Network Management Protocol (SNMP), 34-35
SIP (Session Initiation Protocol), 91, 92, 98
slot/port naming scheme (interfaces), 50
Smooth Round Trip Time (SRTT), 163
smt-queue-threshold command, 685
SNA (Systems Network Architecture), 261
snapshot command, 686
snapshot routing, 251
client, configuring for DDR interface, 436
DDR connections, show snapshot command, 254
SNAT (Stateful NAT), 272-273
configuring with HSRP, 272
configuring without HSRP, 273
sniffers, configuring for switches, 328
SNMP (Simple Network Management Protocol), 34-35
port security on switches, 323
snmp-server chassis-id command, 687
snmp-server command, 686
snmp-server community command, 34, 687
snmp-server contact command, 688
snmp-server enable traps command, 688
snmp-server engine-id command, 689
snmp-server group command, 690
snmp-server host command, 690
snmp-server location command, 691
snmp-server packetsize command, 691
snmp-server queue-length command, 692
snmp-server system-shutdown command, 692
snmp-server tftp-server-list command, 692
snmp-server trap-source command, 692
snmp-server trap-timeout command, 693
snmp-server user command, 693
snmp-server view command, 694
Snort (intrusion detection system), 328
source address or interface command, 344
source addresses
in access lists, 102
multicast packet routing by, 289
source-address command, 695
source-routing bridging (SRB), 257
sources and destinations, copy command, 420
SPAN (Switch Port Analyzer), 328
spanning tree protocol (see STP)
spanning-tree backbonefast command, 696
spanning-tree bridge protocols, 257
spanning-tree cost command, 696
spanning-tree port-priority command, 696
spanning-tree vlan command, 697
spantree start-forward command, 312
sparse mode (multicast routing), 294-298
sparse-dense mode (multicast routing), 296
speed and duplex settings, 316
speed command, 48, 698
SPID (service profile identifier), 57, 558
split horizon, 73, 128
splitting command lines, xi
spoofing, IP address, 115
squeeze command, 25, 698
squelch command, 698
SRB (source-routing bridging), 257
SRTT (Smooth Round Trip Time), 163
(SSCOP), 699, 700
sscop cc-timer command, 698
sscop keepalive-timer cp,,amd, 699
sscop max-cc command, 699
sscop poll-timer command, 699
sscop rcv-window command, 700
sscop send-window command, 700
SSCOP (Service Specific Connection Oriented Protocol), 699, 700
SSH (Secure Shell)
disconnecting background session, 442
modifying control parameters, 546
router connections, 337
SCP (Secure Copy Protocol), 20
standard area, 169
standby authentication command, 700
standby command, 263
standby ip command, 263, 701
standby name command, 265
standby preempt command, 263, 701
standby priority command, 701
standby timers command, 701
standby track command, 702
starting or stopping of a connection, accounting for, 355
startup configuration, 25
copying running configuration into, 25
deleting, 28
displaying, 26
loading, 26
saving running configuration to, 26
saving to network server, 28
Stateful NAT (see SNAT)
Stateful NAT (SNAT), 267-273
static routes, 126-128
backup, 127
DDR connections, 240
default, 126
downloading from Radius server, 362
floating static routes, DDR backup, 243
to null interface, 127
tunnels, 275
stopbits command, 48, 702
STP (spanning tree protocol), 307-313
BPDUs, 309
bridge group, 402
bridge protocol command, 404
convergence, 311
speeding up, 312
loop prevention, 311
port states, 308
selecting root port and designated port, 310
selecting the root bridge, 309
show spanning-tree command, 312
stub areas (OSPF), 169, 373, 374
(see also NSSAs)
subinterfaces, 50
ATM, 81
multipoint
disabling split horizon, 128
shutdown command, 51
subnet masks
address/mask pair wildcards and, 102
computing wildcard for, 103
setting, 52
variable-length (VLSM), 125
subnet zero, 546
subnets, IPv4, 731-737
summarization of routes (see route summarization)
summary-address command, 546
summary-only keyword, 205
SVCs (switched virtual circuits), 80
configuring, 82
Switch Port Analyzer (SPAN), 328
switched virtual circuits (see SVCs)
switches, 305-329
broadcast domains, 307
Catalyst series, 314
Cisco, CGMP on, 298
HSRP groups and, 266
IOS on, 313
IOS-enabled, basic configuration, 314-318
management port (VLAN1), 314
simple (example), 315
speed and duplex settings, 316
VLAN (example), 317
VLAN interface commands, 317
ISDN, types of, 57
layer 2 and layer 3 switching, 306
monitor port for IDS or sniffers, 328
root switch, 308
spanning tree protocol (STP), 307-313
switches (continued)
troubleshooting, 329
trunking, 318-328
enabling trunking on the router, 320-322
port security, 322
restricting VLANs, 320
VLAN database, backing up, 327
VLAN Trunking Protocol (VTP), 323-327
VLANs (Virtual LANs), 306
switching, 473
switchport access command, 317
switchport mode trunk command, 319
switchport trunk encapsulation command, 319
switch-type, 558
synchronization
BGP, 197
disabling for iBGF, 198
synchronization command, 703
Synchronous Data Link Control (SDLC), 263
syslog, 349
severity levels, 350
XML formatting of output, 351
syslog.conf file, 349
system images, copying, 420
Systems Network Architecture (SNA), 261
T[ Top ]
T1 connections
AUX port as backup, 43
channel timeslots, 408
channelized, 61
configuration on 2524 router with CSU/DSU card, 60
controller, 420
serial interface, 60
table-map command, 704
TACACS+ protocol, 339
group of servers, defining, 363
TACACS protocol, authentication for privileged mode, 449
tacacs-server attempts command, 704
tacacs-server authenticate command, 704
tacacs-server directed-request command, 705
tacacs-server extended command, 705
tacacs-server host command, 706
tacacs-server key command, 706
tacacs-server last-resort command, 707
tacacs-server notify command, 707
tacacs-server optional-passwords command, 708
tacacs-server retransmit command, 708
tacacs-server timeout command, 708
tags (route map), 136
tag-switching command, 709
tag-switching ip command, 300
tail-drop, 231
TC (interval), 77
TCP, 547-549
access lists, established keyword, 108
mapping internal addresses to, 271
mapping ports to router asynchronous lines, 46
TEI (terminal endpoint identifier), 559
telephone service (see VoIP)
telnet
dynamic access list for current session, 364
reverse, 46
terminating background session, 441
transport input telnet command, 48
VTYs, configuring for, 41
temporary access lists, 369
terminal command, pausing output, 7
terminal editing command, 709
terminal escape-character command, 709
terminal history command, 9, 710
terminal length command, 28, 710
terminal monitor command, 711
terminal-emulation program (VT100), 41
terminals
security, 337
VoIP H.323 network, 92
TFTP (Trivial File Transfer Protocol), 11
copying running configuration to network server, 25
loading IOS image, 17-20
RCP vs., 20
router access lists, editing, 120
saving running or startup configuration, 28
viewing file on server, 22
tftp-server command, 711
tftp-server flash command, 18
threshold for opening additional dialer connection, 434
time
CDP, 407
HSRP, 702
IS-IS, 563
setting for routers, 32-34
calendar, 33
clock, 32
NTP (Network Time Protocol), 33
Time to Live (see TTL)
time zones, 417
timeouts
absolute-timeout command, 363
arp timeout command, 376
console port, configuring for, 41
dialer, 432
dialer enable-timeout command, 430
dialer fast-idle, 245
dialer idle-timeout, 245
exec-timeout, applying to VTYs, 337
IGMP queries, 506
reflexive access lists, 113
session-timeout command, 48
snmp-server trap, 693
time-range command, 114
timers basic command, 711
timers bgp command, 712
timers spf command, 713
timestamps, 662
token ring interfaces, 56
topology, network
EIGRP, 163
IS-IS, 189
ToS (type of service), 217
Assured Forwarding, 218
DSCP (Differentiated Services Codepoint), 217
Precedence values, 217
totally stubby area, 169
totally stubby not-so-stubby areas, 170
trace command, 345
trace, traceroute commands, 713
track command (HSRP), 265
traffic levels, 218
traffic policing, 232-234
CAR (Committed Access Rate), 233
MQC, 232
valid actions for MQC police command, 232
traffic shaping, 234
example, 234
Frame Relay, 76-79, 235
adaptive, 79
traffic-shape adaptive command, 714
traffic-shape fecn-adapt command, 714
traffic-shape group command, 715
traffic-shape rate command, 715
traffic-share command, 155, 716
transit-traffic filtering, 206
transparent bridging, 257
transparent mode (VTP), 323
transport command, 48, 716
transport input command, 42
transport input telnet command, 48
transport layer, 739
transport preferred none command, 48
traps, SNMP, 35, 688, 692
tree structure, network (STP), 308
Trivial File Transfer Protocol (see TFTP)
troubleshooting, 342-348
debugging router configuration, 346-348
ping tool, 342
ping, using, 342-345
trace command, using, 345
trunking, 318-328
enabling on the router, 320-322
port security, 322
restricting VLANs on a trunk, 320
VLAN database, backing up, 327
VLAN Trunking Protocol (VTP), 323-327
trust keyword (auto qos voip), 236
TTL (Time To Live), 345
BGP security, 215, 620
TTY line numbering, 39
TTY lines, 62
TTY ports, 42
tunnel checksum command, 717
tunnel destination command, 717
tunnel key command, 718
tunnel mode command, 718
tunnel mode gre multipoint command, 286, 718
tunnel protection ipsec profile, 286
tunnel sequence-datagrams command, 719
tunnel source command, 719
tunneling, 256
tunnels, 274-289
encrypted, 277-289
DES show commands, 281
DMVPN (Dynamic Multipoint VPN), 285-289
DSS and DES algorithms, 277-281
IPSec, 282-284
show commands, 276
txspeed command, 48, 719
type 7 encryption, 331
type of service (see ToS)
U[ Top ]
UAC (User Agent Clients), 92
UAS (User Agent Servers), 92
UDP
IP address of DHCP server for broadcasts, 406
ports, mapping to internal addresses, 271
TTL (Time to Live) field, 345
undebug all command, 346, 423
undebug command, 346, 720
undelete command, 720
unequal-cost load balancing, 153, 154
Unix
remote copy protocol, 20
syslog, configuring, 349
traceroute command, 345
unnumbered command, 55
asynchronous interfaces, 62
Frame Relay interface, 73
unreachable messages (ICMP), 54
updates (DDR connections), stopping for, 240
upgrading router from IOS file (igs-j-l.110 to igs-j-l.120), 18
uplinkfast command, 312
URLs, sources and destinations for copy command, 420
User Agent Clients (UAC), 92
User Agent Servers (UAS), 92
user modes, 2-4
show commands in, 8
username command, 338, 720
usernames
configuring for RCP, 20
local, 358
NULL, prevention of accounting records for, 356
prompt for AAA authentication, 360
users, 338-341
adding to routers, 338
currently connected, listing, 10
management with AAA, 340
UTC (Coordinated Universal Time), 33
time zone and number of hours from UTC, 417
V[ Top ]
v2-mode, 727
vacant-message command, 721
validate-update-source command, 722
Variable-Length Subnet Masks (see VLSM)
variance, 153
equal-cost load balancing, 154
unequal-cost load balancing, 154
variance command, 722
VCI (Virtual Channel Identifier), 80
VCs (virtual circuits), 72
LVCs, 410
permanent (PVCs) or switched (SVCs), 80
point-to-point subinterfaces, assigning to, 76
(see also PVCs; SVCs)
vector (distance-vector protocols), 124
verify command, 723
verify flash command, 19
version command, 723
versions
IOS image, viewing, 11
show version command, 8
(see also show version command)
VIP2 (Versatile Interface Processor) cards, 50
Virtual Channel Identifier (VCI), 80
virtual circuits (see VCs)
Virtual Lans (see VLANs)
virtual links, 173
area virtual-link command, 374
virtual MAC and IP addresses, 264
Virtual Path Identifier (VPI), 80
Virtual Private Dialup Network (VPDN), 88
show vpdn command, 90
virtual routers, 263
multiple, created under HSRP, 265
virtual terminals (see VTYs)
vlan command, 697, 724
VLAN database command, 324
vlan database command, 725
VLAN.dat file, 324
VLANs (Virtual LANs), 305, 306
broadcast domains, 307
configuration example, 317
configuring management port (VLAN1), 314
interface commands, 317
management VLAN (VLAN1)
configuration example, 315
monitoring with SPAN, 328
show VLAN brief command, 316
troubleshooting techniques, 329
trunking, 318-328
backing up VLAN database, 327
enabling trunking on the router, 320-322
port security, 322
restricting VLANs on a trunk, 320
VTP, 323-327
VLSM (Variable-Length Subnet Masks), 125, 737
not supported by RIP, 144
voice calls, priority of, 560
voice-priority, 560
VoIP (Voice over IP), 91-98
AutoQos feature, 386
FXO gateway to PSTN, 94
H.323 call routing, 95
MGCP call routing, 97
SIP configuration, 98
terminology, 93
VPDN (Virtual Private Dialup Network), 88
show vpdn command, 90
VPI (Virtual Path Identifier), 80
VPN
Dynamic Multipoint VPN (DMVPN), 256
IPv4 routes, acceptance of, 395
MPLS, 302-304
router types, 302
(see also DMVPN)
VRF (VPN routing/forwarding instance), 302
VT100 terminal-emulation program, 41
vtp client command, 726
vtp domain command, 726
vtp password command, 726
vtp server command, 727
vtp transparent command, 727
vtp v2-mode command, 727
VTP (VLAN Trunking Protocol), 323-327
configuring, 325-327
modes, 323
VLAN database, configuring, 324
vty-async command, 727
vty-async dynamic-routing command, 728
vty-async header-compression command, 728
vty-async keepalive command, 728
vty-async mtu command, 729
vty-async ppp authentication command, 729
vty-async ppp use-tacacs command, 729
VTYs (virtual terminals)
access, restricting, 336
line commands, 41
line numbering, 39
usernames, 339
W[ Top ]
WAN (wide-area network)
Frame Relay, 71
warning banners, 335
watch groups, dialer, 440
weight (BGP routing), 194, 201
Weighted Fair Queuing (WFQ), 223
width command, 729
wildcard masks, 102, 170
computing for a subnet mask, 103
Windows systems
configuring logging, 349
tracert command, 345
WRED (Weighted Random Early Detection), 230
write command, 730
write memory command, 26
write terminal command, 26
X[ Top ]
XML, output of logging messages, 351
Z[ Top ]
zero subnet, 546
zeroize command, 277
Zurück zu Cisco IOS in a Nutshell
