Cisco IOS in a Nutshell. 2nd Edition - Helion
ISBN: 978-05-965-5311-1
stron: 798, Format: ebook
Data wydania: 2005-08-22
Księgarnia: Helion
Cena książki: 118,15 zł (poprzednio: 137,38 zł)
Oszczędzasz: 14% (-19,23 zł)
Cisco routers are everywhere that networks are. They come in all sizes, from inexpensive units for homes and small offices to equipment costing well over $100,000 and capable of routing at gigabit speeds. A fixture in today's networks, Cisco claims roughly 70% of the router market, producing high-end switches, hubs, and other network hardware. One unifying thread runs through the product line: virtually all of Cisco's products run the Internetwork Operating System, or IOS.
If you work with Cisco routers, it's likely that you deal with Cisco's IOS software--an extremely powerful and complex operating system, with an equally complex configuration language. With a cryptic command-line interface and thousands of commands--some of which mean different things in different situations--it doesn't have a reputation for being user-friendly.
Fortunately, there's help. This second edition of Cisco IOS in a Nutshell consolidates the most important commands and features of IOS into a single, well-organized volume that you'll find refreshingly user-friendly.
This handy, two-part reference covers IOS configuration for the TCP/IP protocol family. The first section includes chapters on the user interface, configuring lines and interfaces, access lists, routing protocols, and dial-on-demand routing and security. A brief, example-filled tutorial shows you how to accomplish common tasks.
The second part is a classic O'Reilly quick reference to all the commands for working with TCP/IP and the lower-level protocols on which it relies. Brief descriptions and lists of options help you zero in on the commands you for the task at hand. Updated to cover Cisco IOS Software Major Release 12.3, this second edition includes lots of examples of the most common configuration steps for the routers themselves. It's a timely guide that any network administrator will come to rely on.
Osoby które kupowały "Cisco IOS in a Nutshell. 2nd Edition", wybierały także:
- Cisco Packet Tracer. Kurs Video. Kompendium wiedzy o symulacji sieci Cisco 490,00 zł, (147,00 zł -70%)
- Cisco CCNA 200-301. Kurs video. Administrowanie bezpieczeństwem sieci. Część 3 790,00 zł, (237,00 zł -70%)
- Cisco CCNA 200-301. Kurs video. Administrowanie urządzeniami Cisco. Część 2 790,00 zł, (237,00 zł -70%)
- Cisco CCNA 200-301. Kurs video. Podstawy sieci komputerowych i konfiguracji. Część 1 790,00 zł, (237,00 zł -70%)
- CCNP Enterprise 350-401 ENCOR. Kurs video. Mechanizmy kierowania ruchem pakiet 490,00 zł, (171,50 zł -65%)
Spis treści
Cisco IOS in a Nutshell. 2nd Edition eBook -- spis treści
- Cisco IOS in a Nutshell, 2nd Edition
- Preface
- Organization
- Whats New in This Edition
- Conventions
- Safari Enabled
- Wed Like to Hear from You
- Acknowledgments
- 1. Getting Started
- 1.1. IOS User Modes
- 1.2. Command-Line Completion
- 1.3. Get to Know the Question Mark
- 1.4. Command-Line Editing Keys
- 1.5. Pausing Output
- 1.6. show Commands
- 2. IOS Images and Configuration Files
- 2.1. IOS Image Filenames
- 2.1.1. Platform Identifier
- 2.1.2. Feature Set
- 2.1.3. Image Execution Location
- 2.2. The New Cisco IOS Packaging Model
- 2.2.1. Example of New Image Name
- 2.2.2. Status of the Release
- 2.2.3. Finding the Release on Ciscos Web Site
- 2.3. Loading Image Files Through the Network
- 2.3.1. Using TFTP to Download Files
- 2.3.2. Using RCP to Download Files
- 2.3.3. Using SCP to Download Files
- 2.4. Using the IOS Filesystem for Images
- 2.4.1. Upgrading Flash Memory Using the Filesystem Commands
- 2.5. The Routers Configuration
- 2.6. Loading Configuration Files
- 2.6.1. Loading the running-config
- 2.6.2. Loading the startup-config
- 2.6.3. Saving running-config to startup-config
- 2.6.4. Viewing a Configuration
- 2.6.4.1. Options for the show config command
- 2.6.4.2. Stopping the More prompt
- 2.6.5. Erasing a Stored Configuration
- 2.6.6. Saving a Configuration to a Network Server
- 2.1. IOS Image Filenames
- 3. Basic Router Configuration
- 3.1. Setting the Router Name
- 3.2. Setting the System Prompt
- 3.3. Configuration Comments
- 3.4. The Enable Password
- 3.5. Mapping Hostnames to IP Addresses
- 3.5.1. IP Host Tables
- 3.5.2. Enabling DNS
- 3.6. Setting the Routers Time
- 3.6.1. The Calendar Versus the Clock
- 3.6.2. Configuring NTP
- 3.7. Enabling SNMP
- 3.8. Cisco Discovery Protocol
- 3.9. System Banners
- 3.9.1. Creating Banners
- 3.9.2. Disabling Banners
- 4. Line Commands
- 4.1. The line Command
- 4.1.1. Absolute and Relative Line Numbering
- 4.2. The Console Port
- 4.3. Virtual Terminals (VTYs)
- 4.4. Asynchronous Ports (TTYs)
- 4.5. The Auxiliary (AUX) Port
- 4.6. show line
- 4.7. Reverse Telnet
- 4.8. Common Configuration Items
- 4.8.1. Communication Parameters
- 4.8.2. Transport Type
- 4.8.3. Session Limits and Timeouts
- 4.8.4. Special Characters and Key Sequences
- 4.1. The line Command
- 5. Interface Commands
- 5.1. Naming and Numbering Interfaces
- 5.1.1. Subinterfaces
- 5.2. Basic Interface Configuration Commands
- 5.2.1. shutdown
- 5.2.2. Interface Descriptions
- 5.2.3. Setting the IP Address and Subnet Mask
- 5.2.3.1. Secondary IP address(es)
- 5.2.4. Other Common Interface Commands
- 5.3. The Loopback Interface
- 5.4. The Null Interface
- 5.5. Ethernet, Fast Ethernet, and Gigabit Ethernet Interfaces
- 5.6. Token Ring Interfaces
- 5.7. ISDN Interfaces
- 5.7.1. A Simple ISDN Configuration
- 5.8. Serial Interfaces
- 5.8.1. Serial Encapsulation
- 5.8.2. Serial T1 Connection
- 5.8.3. T1 Configuration on a 2524 with a CSU/DSU Card
- 5.8.4. Channelized T1
- 5.9. Asynchronous Interfaces
- 5.9.1. Using the group-async Command
- 5.9.2. Specifying an IP Address Pool
- 5.9.3. Using BOOTP Configuration Items for Dial-in Connections
- 5.9.4. Using DHCP for IP Addresses and Dial-in Configuration Items
- 5.10. Interface show Commands
- 5.10.1. Clearing the show Command Counters
- 5.10.2. Listing All Interfaces
- 5.10.3. Using the show interface Commands
- 5.10.3.1. show interface accounting
- 5.10.3.2. show ip interface
- 5.1. Naming and Numbering Interfaces
- 6. Networking Technologies
- 6.1. Frame Relay
- 6.1.1. Important Frame Relay Terminology
- 6.1.2. Frame Relay Configuration
- 6.1.3. Mapping IP Addresses to DLCIs
- 6.1.3.1. Explicitly mapping DLCIs
- 6.1.3.2. Configuring a multipoint connection
- 6.1.4. Frame Relay Traffic Shaping
- 6.1.4.1. Enabling traffic-shaping on a frame relay link
- 6.1.4.2. Adaptive shaping
- 6.1.5. Frame Relay show Commands
- 6.2. ATM
- 6.2.1. ATM Terminology
- 6.2.2. Configuring Permanent Virtual Circuits
- 6.2.2.1. Configuring an ATM interface with static IP mapping
- 6.2.2.2. Configuring an ATM interface with dynamic IP mapping
- 6.2.3. Configuring Switched Virtual Circuits
- 6.2.3.1. ATM ARP server
- 6.2.4. Configuring with DXI
- 6.2.5. ATM show Commands
- 6.2.6. LAN Emulation (LANE)
- 6.2.6.1. LANE configuration notes
- 6.2.6.2. Configuring the LECS
- 6.2.6.3. Configuring the LES/BUS
- 6.2.6.4. Configuring the LEC
- 6.2.6.5. LANE show commands
- 6.3. DSL
- 6.3.1. Configuring Our DSL Client Router
- 6.3.2. Troubleshooting a DSL Connection
- 6.4. Cable
- 6.5. VoIP
- 6.5.1. VoIP Protocols
- 6.5.1.1. H.323
- 6.5.1.2. MGCP
- 6.5.1.3. SIP
- 6.5.2. VoIP Terminology
- 6.5.3. Examples
- 6.5.3.1. FXO Gateway to PSTN
- 6.5.3.2. H.323 call routing
- 6.5.3.3. MGCP call routing
- 6.5.3.4. SIP Configuration for VoIP
- 6.5.1. VoIP Protocols
- 6.1. Frame Relay
- 7. Access Lists
- 7.1. How Packets Match a List Entry
- 7.1.1. Address/Mask Pairs (Wildcards)
- 7.1.2. Computing a Wildcard for a Given Subnet Mask
- 7.1.3. Access List Processing
- 7.1.4. Implicit Deny
- 7.1.5. Access Lists Are Additive
- 7.1.6. Outbound Access Lists Are More Efficient Than Inbound
- 7.2. Types of Access Lists
- 7.2.1. Extended Access Lists
- 7.2.1.1. Specifying ports
- 7.2.1.2. Established connections
- 7.2.1.3. ICMP protocol entries
- 7.2.1.4. Applying an access list to an interface or line
- 7.2.2. Named Access Lists
- 7.2.2.1. Entering noncontiguous ports
- 7.2.3. Reflexive Access Lists
- 7.2.3.1. Creating the outbound reflexive list
- 7.2.3.2. Creating the inbound reflexive list
- 7.2.3.3. Applying the inbound and outbound reflexive lists to an interface
- 7.2.3.4. Setting the reflexive timeout
- 7.2.3.5. Reflexive list notes
- 7.2.1. Extended Access Lists
- 7.3. Specific Topics
- 7.3.1. Adding Comments to an Access List
- 7.3.2. Timed Access Lists
- 7.3.3. Building a Gateway Router
- 7.3.3.1. IP address spoofing
- 7.3.3.2. Permitting FTP through an access list
- 7.3.3.3. Passive FTP
- 7.3.3.4. The actual access list
- 7.3.4. Optimizing Your Access Lists
- 7.3.5. Emulating a Packet Sniffer
- 7.3.6. Logging Access List Violations
- 7.3.7. Securely Updating Access Lists
- 7.3.8. Getting the List to a Router with TFTP, RCP, or SCP
- 7.1. How Packets Match a List Entry
- 8. IP Routing Topics
- 8.1. Autonomous System (AS) Numbers
- 8.2. Interior and Exterior Gateway Protocols
- 8.3. Distance-Vector and Link-State Routing Protocols
- 8.3.1. Distance-Vector Protocols
- 8.3.2. Link-State Routing Protocols
- 8.3.3. Administrative Distance
- 8.3.4. Variable-Length Subnet Masks (VLSM) and Classless Routing
- 8.3.5. Protocol Comparison
- 8.4. Static Routes
- 8.4.1. Default Static Routes
- 8.4.2. A Static Route to the Null Interface
- 8.4.3. Backup Static Routes
- 8.5. Split Horizon
- 8.6. Passive Interfaces
- 8.6.1. Route Redistribution
- 8.6.2. Filtering Routes
- 8.6.2.1. Filtering incoming routes
- 8.6.2.2. Filtering outgoing routes
- 8.6.2.3. Filtering updates during redistribution
- 8.6.2.4. Revisiting the example
- 8.6.3. Route Maps
- 8.6.3.1. Enforcing routing policy with route maps
- 8.6.3.2. Enforcing routing policy with the ip policy command
- 8.7. Fast Switching and Process Switching
- 8.7.1. Fast Switching
- 8.7.2. Process Switching
- 8.7.3. Useful show Commands
- 8.7.3.1. show ip route summary
- 8.7.3.2. clear ip route
- 8.7.3.3. show ip protocols
- 9. Interior Routing Protocols
- 9.1. RIP
- 9.1.1. Basic RIP Configuration
- 9.1.2. Enabling RIPv2 on the Network
- 9.1.3. Redistributing Other Routing Protocols into RIP
- 9.1.4. RIPv2 Authentication
- 9.2. IGRP
- 9.2.1. Basic IGRP Configuration
- 9.2.1.1. IGRPs metric
- 9.2.1.2. Packet size
- 9.2.1.3. Modifying the range of the network
- 9.2.1.4. IGRPs load balancing
- 9.2.2. Redistributing Other Protocols into IGRP
- 9.2.1. Basic IGRP Configuration
- 9.3. EIGRP
- 9.3.1. Enabling EIGRP on the Network
- 9.3.2. EIGRP and Route Summarization
- 9.3.2.1. Enabling route summarization on a specific interface
- 9.3.3. EIGRP Authentication
- 9.3.4. EIGRP Metrics
- 9.3.5. Tuning EIGRP
- 9.3.6. EIGRP show Commands
- 9.3.6.1. show ip eigrp neighbors
- 9.3.6.2. show ip eigrp topology
- 9.3.6.3. show ip eigrp traffic
- 9.3.7. EIGRP Redistribution
- 9.3.7.1. RIP
- 9.3.7.2. IGRP
- 9.3.8. Converting an IGRP Network to EIGRP
- 9.4. OSPF
- 9.4.1. OSPF Concepts
- 9.4.1.1. Areas
- 9.4.1.2. Router types
- 9.4.1.3. Link-state advertisements (LSAs)
- 9.4.1.4. Area types
- 9.4.1.5. Router ID
- 9.4.1.6. Designated router (DR)
- 9.4.2. Enabling OSPF on the Network
- 9.4.3. Sample OSPF Configurations
- 9.4.4. Route Summarization in OSPF
- 9.4.4.1. Inter-area summarization
- 9.4.4.2. External summarization
- 9.4.5. Virtual Backbone Links
- 9.4.6. Interoperability with Other Vendors
- 9.4.7. Default Routes in OSPF
- 9.4.8. NSSAs (Not-So-Stubby Areas)
- 9.4.9. OSPF Configuration Example
- 9.4.9.1. Putting route summarization to use
- 9.4.10. Redistributing Other Protocols into OSPF
- 9.4.11. OSPF show Commands
- 9.4.11.1. show ip ospf border routers
- 9.4.11.2. show ip ospf neighbor
- 9.4.11.3. show ip ospf database
- 9.4.11.4. show ip ospf interface
- 9.4.1. OSPF Concepts
- 9.5. IS-IS
- 9.5.1. IS-IS Concepts
- 9.5.1.1. Level 1 and level 2
- 9.5.1.2. NSAP addressing
- 9.5.1.3. Enabling an interface for IS-IS
- 9.5.2. IS-IS configuration example
- 9.5.3. Show Commands
- 9.5.4. Authentication
- 9.5.5. Metric Tuning
- 9.5.6. Injecting a Default Route
- 9.5.7. IS-IS Route Leaking
- 9.5.1. IS-IS Concepts
- 9.1. RIP
- 10. Border Gateway Protocol
- 10.1. Introduction to BGP
- 10.1.1. How BGP Selects Routes
- 10.1.2. Basic Configuration Commands
- 10.1.2.1. The router and network commands
- 10.1.2.2. The neighbor command
- 10.1.2.3. Local-AS numbers
- 10.1.2.4. Synchronization
- 10.1.2.5. Automatic summary
- 10.1.2.6. default-originate
- 10.1.2.7. next-hop-self
- 10.1.2.8. BGP route dampening
- 10.1.2.9. iBGP checklist
- 10.2. A Simple BGP Configuration
- 10.3. Route Filtering
- 10.3.1. AS Path Filters
- 10.3.2. Community Filters
- 10.3.3. Aggregate Filters
- 10.4. An Advanced BGP Configuration
- 10.4.1. Adding a Preference
- 10.5. Neighbor Authentication
- 10.6. Peer Groups
- 10.7. Route Reflectors
- 10.8. BGP Confederacies
- 10.9. BGP TTL Security
- 10.1. Introduction to BGP
- 11. Quality of Service
- 11.1. Marking
- 11.1.1. Different Types of ToS
- 11.1.1.1. IPv4 ToS Byte
- 11.1.1.2. Differentiated Services Codepoint (DSCP)
- 11.1.1.3. Assured Forwarding
- 11.1.1.4. Expedited Forwarding
- 11.1.1.5. DSCP example
- 11.1.1. Different Types of ToS
- 11.2. Older Queuing Methods
- 11.2.1. FIFO
- 11.2.2. Priority Queuing
- 11.2.2.1. Monitoring priority queueing
- 11.2.3. Custom Queuing
- 11.2.3.1. Setting the queue size
- 11.2.3.2. Applying a queue to an interface
- 11.2.3.3. Assigning packets to queues by protocol type
- 11.2.4. Weighted Fair Queuing (WFQ)
- 11.2.4.1. Monitoring WFQ
- 11.3. Modern IOS QoS Tools
- 11.3.1. Network-Based Application Recognition (NBAR)
- 11.3.1.1. NBAR in action
- 11.3.1.2. NBAR protocol discovery
- 11.3.2. Modular QoS CLI (MQC)
- 11.3.2.1. Step One: Defining the class maps
- 11.3.2.2. Step Two: Defining the QoS policy
- 11.3.2.3. Step 3: Defining where to apply the service policy
- 11.3.3. Implementing Class-Based Weighted Fair Queuing with MQC
- 11.3.4. Low-Latency Queuing (LLQ)
- 11.3.1. Network-Based Application Recognition (NBAR)
- 11.4. Congestion Avoidance
- 11.4.1. Weighted Random Early Detection (WRED)
- 11.4.1.1. Configuring WRED on an interface
- 11.4.1.2. Using WRED instead of Tail-drop in CBWFQ
- 11.4.1. Weighted Random Early Detection (WRED)
- 11.5. Traffic Policing
- 11.5.1. MQC Policing
- 11.5.2. Committed Access Rate (CAR)
- 11.5.2.1. Rate-limit example
- 11.6. Traffic Shaping
- 11.6.1. Traffic Shaping Example
- 11.6.2. Frame-Relay Shaping
- 11.7. AutoQoS
- 11.7.1. What Does AutoQoS Enable?
- 11.7.2. AutoQoS Command Usage
- 11.7.2.1. Command syntax
- 11.7.2.2. AutoQoS discovery
- 11.7.2.3. AutoQoS show command
- 11.8. QoS Device Manager
- 11.1. Marking
- 12. Dial-on-Demand Routing
- 12.1. Configuring a Simple DDR Connection
- 12.2. Sample Legacy DDR Configurations
- 12.2.1. DDR Backup Links
- 12.2.1.1. Backup interface commands
- 12.2.1.2. DDR bandwidth on demand with backup interface commands
- 12.2.1.3. DDR backup with floating static routes
- 12.2.2. Dialer Maps
- 12.2.2.1. The most basic form of this command
- 12.2.2.2. A more complicated use of dialer maps
- 12.2.1. DDR Backup Links
- 12.3. Dialer Interfaces (Dialer Profiles)
- 12.3.1. Rotary Groups
- 12.3.2. Dialer Pools
- 12.4. Multilink PPP
- 12.5. Snapshot DDR
- 12.5.1. Useful show Commands
- 12.5.1.1. show dialer
- 12.5.1.2. show dialer map
- 12.5.1.3. show isdn active
- 12.5.1.4. show snapshot
- 12.5.1. Useful show Commands
- 13. Specialized Networking Topics
- 13.1. Bridging
- 13.1.1. Concurrent Routing and Bridging (CRB)
- 13.1.2. Integrated Routing and Bridging (IRB)
- 13.1.3. Bridging show Commands
- 13.1.3.1. show bridge
- 13.1.3.2. show bridge group
- 13.1.4. DLSw+
- 13.2. Hot Standby Routing Protocol (HSRP)
- 13.2.1. Tracking Another Interface
- 13.2.2. Naming Our HSRP Configuration
- 13.2.3. Multiple-Group Hot Standby Routing
- 13.2.4. Load Sharing with Hot Standby
- 13.2.5. HSRP show Commands
- 13.3. Network Address Translation (NAT)
- 13.3.1. Overloading NAT Address Space
- 13.3.1.1. Mapping incoming ports to different NAT addresses
- 13.3.2. NAT show Commands
- 13.3.3. Stateful NAT (SNAT)
- 13.3.3.1. Configuring SNAT with HSRP
- 13.3.3.2. Configuring SNAT without HSRP
- 13.3.1. Overloading NAT Address Space
- 13.4. Tunnels
- 13.4.1. show Commands for Tunnels
- 13.5. Encrypted Tunnels
- 13.5.1. Tunnel Encryption with DSS and DES
- 13.5.1.1. Generating keys
- 13.5.1.2. Configuring encryption on the tunnel
- 13.5.2. DES Tunnel show Commands
- 13.5.2.1. show crypto engine connections active
- 13.5.2.2. show crypto engine configuration
- 13.5.3. IPSec Tunneling
- 13.5.4. Dynamic Multipoint VPN
- 13.5.4.1. Configuring DMVPN
- 13.5.4.1.1. Configuring an IPSec profile
- 13.5.4.1.2. Configuring the hub for DMVPN
- 13.5.4.1.3. Configuring a spoke router for DMVPN
- 13.5.4.1.4. Verifying DMVPN configuration
- 13.5.4.1. Configuring DMVPN
- 13.5.1. Tunnel Encryption with DSS and DES
- 13.6. Multicast Routing
- 13.6.1. IGMP
- 13.6.2. Reverse Path Forwarding
- 13.6.3. Dense Mode
- 13.6.3.1. Configuring multicast for dense mode
- 13.6.4. Sparse Mode
- 13.6.4.1. Configuring multicast for sparse mode
- 13.6.4.2. Auto-RP configuration and sparse-dense mode
- 13.6.4.3. BSR
- 13.6.5. Cisco Group Management Protocol (CGMP)
- 13.7. Multiprotocol Label Switching (MPLS)
- 13.7.1. MPLS Terminology
- 13.7.2. How Does It Work?
- 13.7.3. Configuring MPLS
- 13.7.3.1. Incrementally deploying MPLS
- 13.7.3.2. Verifying the MPLS configuration
- 13.7.4. MPLS VPN
- 13.1. Bridging
- 14. Switches and VLANs
- 14.1. Switch Terminology
- 14.1.1. Layer-2 and Layer-3 Switching
- 14.1.2. Learning MAC Addresses
- 14.1.3. VLAN
- 14.1.4. Broadcast Domain
- 14.1.5. Collision Domain
- 14.1.6. Spanning Tree Protocol
- 14.1.6.1. Spanning Tree Port States
- 14.1.6.2. Bridge Protocol Data Units
- 14.1.6.3. STP selects the root bridge
- 14.1.6.4. Selecting a root port and a designated port
- 14.1.6.5. Convergence in STP
- 14.1.6.6. Speeding up STP convergence
- 14.1.6.7. show spanning-tree
- 14.2. IOS on Switches
- 14.3. Basic Switch Configuration
- 14.3.1. Configuring the Management Port (VLAN 1)
- 14.3.2. Simple Switch Configuration
- 14.3.3. Auto Detection
- 14.3.4. Sample VLAN Configuration
- 14.3.5. VLAN Interface Commands
- 14.4. Trunking
- 14.4.1. Restricting VLANs on a Trunk
- 14.4.2. Finishing Our Previous Network
- 14.4.3. Added Port Security
- 14.4.4. VLAN Trunking Protocol
- 14.4.5. VTP Modes
- 14.4.6. VLAN Database
- 14.4.7. Configuring VTP
- 14.4.7.1. Setting the VTP mode
- 14.4.7.2. Setting the VTP domain
- 14.4.7.3. Setting the VTP password
- 14.4.7.4. Creating a VLAN
- 14.4.7.5. Configuration example
- 14.4.8. Backing Up the VLAN Database
- 14.5. Switch Monitor Port for IDS or Sniffers
- 14.6. Troubleshooting Switches
- 14.1. Switch Terminology
- 15. Router Security
- 15.1. Securing Enable Mode Access
- 15.1.1. Setting the Enable Password
- 15.1.2. The More Secure enable secret Command
- 15.1.3. Privilege Levels for enable access
- 15.2. Routine Security Measures
- 15.2.1. Features to Disable
- 15.2.2. Features to Enable
- 15.2.2.1. Deny local IP addresses coming from outside
- 15.2.2.2. Use a warning banner
- 15.2.3. AutoSecure: Letting the Router Do the Work
- 15.3. Restricting Access to Your Router
- 15.3.1. Virtual Terminal Access
- 15.3.1.1. Protecting VTY with an access list
- 15.3.1.2. Allowing SSH connections to the router
- 15.3.1.3. Enabling SSH
- 15.3.2. Users and Authentication
- 15.3.2.1. Adding users with the user command
- 15.3.2.2. Using the AAA framework
- 15.3.2.3. User management with AAA
- 15.3.2.4. Restricting dial-in user access with AAA
- 15.3.1. Virtual Terminal Access
- 15.1. Securing Enable Mode Access
- 16. Troubleshooting and Logging
- 16.1. ping
- 16.1.1. Ping the Broadcast Address
- 16.1.2. Extended ping
- 16.1.2.1. What can we test with the source address?
- 16.2. trace
- 16.3. Debugging
- 16.3.1. Using Debugging in Practice
- 16.3.1.1. The debug list command
- 16.3.1. Using Debugging in Practice
- 16.4. Logging
- 16.4.1. Configuring Logging
- 16.4.2. Severity Levels
- 16.4.3. Buffering Logging and Debug Output
- 16.4.4. XML Output of Logging Messages
- 16.1. ping
- 17. Quick Reference
- aaa accounting
- aaa accounting delay-start
- aaa accounting gigawords
- aaa accounting nested
- aaa accounting resource
- aaa accounting send stop-record authentication failure
- aaa accounting session-duration ntp-adjusted
- aaa accounting suppress null-username
- aaa accounting update
- aaa authentication attempts login
- aaa authentication banner
- aaa authentication enable default
- aaa authentication fail-message
- aaa authentication local-override
- aaa authentication login
- aaa authentication password-prompt
- aaa authentication ppp
- aaa authentication username-prompt
- aaa authorization
- aaa authorization config-commands
- aaa authorization reverse-access
- aaa authorization template
- aaa configuration route
- aaa group server radius
- aaa group server tacacs+
- aaa new-model
- absolute-timeout
- access-class
- access-enable
- access-list
- access-list rate-limit
- access-template
- activation-character
- aggregate-address
- alias
- area authentication
- area default-cost
- area nssa
- area-password
- area range
- area stub
- area virtual-link
- arp (global)
- arp (interface)
- arp timeout
- async-bootp
- async default ip address
- async default routing
- async dynamic address
- async dynamic routing
- async mode
- atm address
- atm arp-server
- atm esi-address
- atm lecs-address
- atm lecs-address-default
- atm nsap-address
- atm pvc
- atm-vc
- autobaud
- autocommand
- autodetect encapsulation
- autohangup
- auto discovery qos
- auto qos voip
- auto secure
- autoselect
- auto-summary
- backup
- bandwidth (interface)
- bandwidth (policy-map)
- banner exec
- banner incoming
- banner login
- banner motd
- bgp always-compare-med
- bgp bestpath as-path ignore
- bgp bestpath med-confed
- bgp bestpath missing-as-worst
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peers
- bgp dampening
- bgp default local-preference
- bgp default route-target filter
- bgp deterministic med
- bgp fast-external-fallover
- bgp log-neighbor-changes
- bgp-policy
- bridge acquire
- bridge address
- bridge cmf
- bridge crb
- bridge forward-time
- bridge-group
- bridge-group aging-time
- bridge-group circuit-group
- bridge-group input-address-list
- bridge-group input-lsap-list
- bridge-group input-pattern
- bridge-group input-type-list
- bridge-group output-address-list
- bridge-group output-lsap-list
- bridge-group output-pattern
- bridge-group output-type-list
- bridge-group path-cost
- bridge-group priority
- bridge-group spanning-disabled
- bridge hello-time
- bridge irb
- bridge max-age
- bridge multicast-source
- bridge priority
- bridge protocol
- bridge route
- busy-message
- cable helper-address
- calendar set
- callback forced-wait
- cd
- cdp advertise-v2
- cdp enable
- cdp holdtime
- cdp run
- cdp timer
- channel-group (controller)
- channel-group (interface)
- chat-script
- class (frame-relay)
- class (MPLS)
- class (policy-map)
- class-map
- clear
- client-atm-address name
- clock calendar-valid
- clock rate
- clock read-calendar
- clock set
- clock summer-time
- clock timezone
- clock update-calendar
- compress
- config-register
- configure
- controller
- copy
- crc
- custom-queue-list
- databits
- data-character-bits
- dce-terminal-timing enable
- debug
- default-information
- default-information originate
- default-metric
- default-name
- delay
- delete
- description
- dialer aaa
- dialer callback-secure
- dialer callback-server
- dialer caller
- dialer dtr
- dialer enable-timeout
- dialer fast-idle
- dialer-group
- dialer hold-queue
- dialer idle-timeout
- dialer in-band
- dialer isdn
- dialer-list
- dialer load-threshold
- dialer map
- dialer map snapshot
- dialer max-link
- dialer pool
- dialer pool-member
- dialer priority
- dialer remote-name
- dialer rotary-group
- dialer rotor
- dialer string
- dialer wait-for-carrier-time
- dialer watch-disable
- dialer watch-group
- dialer watch-list
- dir
- disable
- disconnect
- disconnect-character
- disconnect ssh
- dispatch-character
- distance
- distance bgp
- distance eigrp
- distribute-list in
- distribute-list out
- domain-password
- downward-compatible-config
- down-when-looped
- drop
- dte-invert-txc
- early-token-release
- editing
- eigrp log-neighbor-changes
- enable
- enable last-resort
- enable password
- enable secret
- enable use-tacacs
- encapsulation (ATM/MPLS)
- encapsulation (interface)
- end
- erase
- escape-character
- exception core-file
- exception dump
- exception memory
- exception protocol
- exception spurious-interrupt
- exec
- exec-timeout
- exit
- fair-queue (policy-map class)
- fair-queue (interface)
- fair-queue aggregate-limit
- fair-queue individual-limit
- fair-queue limit
- fair-queue qos-group
- fair-queue tos
- fair-queue weight
- fddi burst-count
- fddi c-min
- fddi cmt-signal-bits
- fddi duplicate-address-check
- fddi encapsulate
- fddi frames-per-token
- fddi smt-frames
- fddi tb-min
- fddi tl-min-time
- fddi token-rotation-time
- fddi t-out
- fddi valid-transmission-time
- flowcontrol
- format
- frame-relay adaptive-shaping
- frame-relay [ bc | be]
- frame-relay becn-response-enable
- frame-relay broadcast-queue
- frame-relay cir
- frame-relay class
- frame-relay custom-queue-list
- frame-relay de-group
- frame-relay de-list
- frame-relay idle-timer
- frame-relay interface-dlci
- frame-relay intf-type
- frame-relay inverse-arp
- frame-relay ip rtp header-compression
- frame-relay ip tcp header-compression
- frame-relay lmi-type
- frame-relay local-dlci
- frame-relay map
- frame-relay map bridge
- frame-relay map clns
- frame-relay map ip compress
- frame-relay map ip rtp header-compression
- frame-relay map ip tcp header-compression
- frame-relay mincir
- frame-relay multicast-dlci
- frame-relay payload-compress packet-by-packet
- frame-relay priority-dlci-group
- frame-relay priority-group
- frame-relay route
- frame-relay svc
- frame-relay switching
- frame-relay traffic-rate
- frame-relay traffic-shaping
- fsck
- ftp-server enable
- ftp-server topdir
- full-duplex
- full-help
- group-range
- half-duplex
- half-duplex controlled-carrier
- help
- history
- hold-character
- hold-queue
- hostname
- hssi external-loop-request
- hssi internal-clock
- hub
- ignore-dcd
- interface
- interface bvi
- interface dialer
- interface group-async
- ip access-group
- ip access-list
- ip accounting
- ip accounting-list
- ip accounting-threshold
- ip accounting-transits
- ip address
- ip address negotiated
- ip address-pool
- ip alias
- ip as-path access-list
- ip authentication
- ip bandwidth-percent eigrp
- ip bgp-community new-format
- ip bootp server
- ip broadcast-address
- ip cef
- ip cef traffic-statistics
- ip cgmp
- ip classless
- ip community-list
- ip default-gateway
- ip default-network
- ip dhcp-server
- ip directed-broadcast
- ip domain-list
- ip domain-lookup
- ip domain-name
- ip dvmrp accept-filter
- ip dvmrp auto-summary
- ip dvmrp default-information
- ip dvmrp metric
- ip dvmrp metric-offset
- ip dvmrp output-report-delay
- ip dvmrp reject-non-pruners
- ip dvmrp routehog-notification
- ip dvmrp route-limit
- ip dvmrp summary-address
- ip dvmrp unicast-routing
- ip forward-protocol
- ip ftp passive
- ip ftp password
- ip ftp source-interface
- ip ftp username
- ip hello-interval eigrp
- ip helper-address
- ip hold-time eigrp
- ip host
- ip http
- ip identd
- ip igmp access-group
- ip igmp explicit-tracking
- ip igmp helper-address
- ip igmp join-group
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp query-timeout
- ip igmp static-group
- ip igmp version
- ip irdp
- ip load-sharing
- ip local policy route-map
- ip local pool
- ip mask-reply
- ip mroute
- ip mroute-cache
- ip mtu
- ip multicast boundary
- ip multicast cache-headers
- ip multicast helper-map
- ip multicast rate-limit
- ip multicast-routing
- ip multicast ttl-threshold
- ip name-server
- ip nat
- ip nat inside destination
- ip nat inside source
- ip nat outside source
- ip nat pool
- ip nat stateful id
- ip nat translation
- ip nbar pdlm
- ip nbar port-map
- ip nbar protocol-discovery
- ip netmask-format
- ip nhrp authentication
- ip nhrp holdtime
- ip nhrp interest
- ip nhrp map
- ip nhrp map multicast
- ip nhrp max-send
- ip nhrp network-id
- ip nhrp nhs
- ip nhrp record
- ip nhrp responder
- ip nhrp server-only
- ip nhrp trigger-svc
- ip nhrp use
- ip ospf authentication
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf demand-circuit
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf name-lookup
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- ip pim
- ip pim accept-rp
- ip pim message-interval
- ip pim minimum-vc-rate
- ip pim multipoint-signalling
- ip pim nbma-mode
- ip pim neighbor-filter
- ip pim query-interval
- ip pim rp-address
- ip pim rp-announce-filter
- ip pim send-rp-announce
- ip pim send-rp-discovery
- ip pim vc-count
- ip pim version
- ip policy-list
- ip policy route-map
- ip proxy-arp
- ip radius source-interface
- ip rarp-server
- ip rcmd rcp-enable
- ip rcmd remote-host
- ip rcmd remote-username
- ip rcmd rsh-enable
- ip redirects
- ip rip authentication
- ip rip receive version
- ip rip send version
- ip rip triggered
- ip rip v2-broadcast
- ip route
- ip route-cache
- ip route-cache policy
- ip route priority high
- ip route profile
- ip router isis
- ip routing
- ip rtp compression-connections
- ip rtp header-compression
- ip rtp priority
- ip scp server enable
- ip source-route
- ip split-horizon
- ip ssh
- ip subnet-zero
- ip summary-address eigrp
- ip summary-address rip
- ip tcp chunk-size
- ip tcp compression-connections
- ip tcp header-compression
- ip tcp mtu-path-discovery
- ip tcp queuemax
- ip tcp synwait-time
- ip tcp window-size
- ip telnet source-interface
- ip tftp source-interface
- ip unnumbered
- ip unreachables
- isdn answer1, isdn answer2
- isdn autodetect
- isdn bchan-number-order
- isdn busy
- isdn caller
- isdn call interface
- isdn calling-number
- isdn conference-code
- isdn disconnect interface
- isdn fast-rollover-delay
- isdn incoming-voice
- isdn leased-line bri 128
- isdn not-end-to-end
- isdn nsf-service
- isdn outgoing-voice
- isdn overlap-receiving
- isdn send-alerting
- isdn sending-complete
- isdn service
- isdn spid1 (spid2)
- isdn switch-type
- isdn tei
- isdn tei-negotiation
- isdn transfer-code
- isdn twait-disable
- isdn voice-priority
- isis advertise-prefix
- isis authentication key-chain
- isis authentication mode
- isis authentication send-only
- isis circuit-type
- isis csnp-interval
- isis hello-interval
- isis hello-multiplier
- isis lsp-interval
- isis metric
- isis password
- isis priority
- isis retransmit-interval
- isis retransmit-throttle-interval
- is-type
- keepalive
- key
- key chain
- key config-key
- key-string
- lane auto-config-atm-address
- lane bus-atm-address
- lane client
- lane client-atm-address
- lane config-atm-address
- lane config database
- lane database
- lane fixed-config-atm-address
- lane global-lecs-address
- lane le-arp
- lane server-atm-address
- lane server-bus
- line
- linecode
- link-test
- location
- logging
- logging buffered
- logging buffered xml
- logging console
- logging console xml
- logging count
- logging facility
- logging history
- logging history size
- logging host
- logging monitor
- logging on
- logging source-interface
- logging synchronous
- logging trap
- login
- login authentication
- logout-warning
- loopback
- mac-address-table aging-time
- mac-address-table dynamic
- mac-address-table secure
- mac-address-table static
- map-class dialer
- map-class frame-relay
- map-group
- map-list
- match access-group
- match any
- match as-path
- match class-map
- match community-list
- match cos
- match destination-address mac
- match discard-class
- match dscp
- match fr-dlci
- match input-interface
- match interface
- match ip address
- match ip dscp
- match ip next-hop
- match ip precedence
- match ip route-source
- match ip rtp
- match length
- match metric
- match mpls experimental
- match mpls-label
- match not
- match packet length
- match precedence
- match protocol
- match qos-group
- match route-type
- match source-address mac
- match tag
- maximum-paths
- max-reserved-bandwidth
- media-type
- member
- menu
- menu command
- menu text
- menu title
- metric holddown
- metric maximum-hops
- metric weights
- mkdir
- modem
- monitor session
- more
- motd-banner
- mpls atm control-vc
- mpls atm cos
- mpls atm disable-headend-vc
- mpls atm multi-vc
- mpls atm vpi
- mpls atm vp-tunnel
- mpls cos-map
- mpls ip
- mpls ip default-route
- mpls ip encapsulate explicit-null
- mpls ip ttl-expiration pop
- mpls label protocol
- mpls label range
- mpls mtu
- mpls prefix-map
- mpls request-labels for
- mrinfo
- mstat
- mtrace
- mtu
- name elan-id
- name local-seg-id
- name preempt
- name server-atm-address
- neighbor
- neighbor advertisement-interval
- neighbor database-filter
- neighbor default-originate
- neighbor description
- neighbor distribute-list
- neighbor filter-list
- neighbor maximum-prefix
- neighbor next-hop-self
- neighbor password
- neighbor peer-group
- neighbor prefix-list
- neighbor remote-as
- neighbor route-map
- neighbor route-reflector-client
- neighbor send-community
- neighbor send-label
- neighbor shutdown
- neighbor soft-reconfiguration inbound
- neighbor ttl-security
- neighbor timers
- neighbor ttl-security
- neighbor update-source
- neighbor version
- neighbor weight
- net
- network
- network backdoor
- network weight
- nrzi-encoding
- ntp access-group
- ntp authenticate
- ntp authentication-key
- ntp broadcast
- ntp broadcast client
- ntp broadcastdelay
- ntp disable
- ntp master
- ntp peer
- ntp server
- ntp source
- ntp trusted-key
- ntp update-calendar
- offset-list
- ospf auto-cost reference-bandwidth
- ospf log-adj-changes
- output-delay
- padding
- parity
- passive-interface
- password
- peer default ip address
- peer neighbor-route
- physical-layer
- ping
- police
- policy-map
- ppp
- ppp authentication
- ppp bridge ip
- ppp chap
- ppp compress
- ppp multilink
- ppp quality
- ppp reliable-link
- ppp use-tacacs
- priority-group
- priority-list
- privilege level (global)
- privilege level (line)
- prompt
- pulse-time
- pvc
- qos pre-classify
- queue-limit
- queue-list
- radius-server
- random-detect
- random-detect discard-class
- random-detect discard-class-based
- random-detect dscp
- random-detect ecn
- random-detect exponential-weighting-constant
- random-detect flow
- rate-limit
- redistribute
- refuse-message
- reload
- rename
- ring-speed
- rlogin
- rmdir
- route-map
- router
- rsh
- rxspeed
- send
- service
- service compress-config
- service linenumber
- service-module 56k
- service-module t1
- service-policy (interface)
- service-policy (policy-map)
- service timestamps
- session-limit
- session-timeout
- set as-path
- set atm-clp
- set automatic-tag
- set community
- set cos
- set default interface
- set discard-class
- set dscp
- set fr-de
- set interface
- set ip default next-hop
- set ip next-hop
- set ip precedence
- set ip tos
- set level
- set local-preference
- set metric
- set metric-type
- set metric-type internal
- set mpls-label
- set origin
- set ospf router-id
- set-overload-bit
- set precedence
- set qos-group
- set tag
- setup
- set weight
- shape
- show
- shutdown
- smt-queue-threshold
- snapshot
- snmp-server
- snmp-server chassis-id
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server engine-id
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server packetsize
- snmp-server queue-length
- snmp-server system-shutdown
- snmp-server tftp-server-list
- snmp-server trap-source
- snmp-server trap-timeout
- snmp-server user
- snmp-server view
- snmp trap link-status
- source-address
- spanning-tree backbonefast
- spanning-tree cost
- spanning-tree port-priority
- spanning-tree vlan
- speed
- squeeze
- squelch
- sscop cc-timer
- sscop keepalive-timer
- sscop max-cc
- sscop poll-timer
- sscop rcv-window
- sscop send-window
- standby authentication
- standby ip
- standby preempt
- standby priority
- standby timers
- standby track
- stopbits
- summary-address
- synchronization
- table-map
- tacacs-server attempts
- tacacs-server authenticate
- tacacs-server directed-request
- tacacs-server extended
- tacacs-server host
- tacacs-server key
- tacacs-server last-resort
- tacacs-server notify
- tacacs-server optional-passwords
- tacacs-server retransmit
- tacacs-server timeout
- tag-switching
- terminal editing
- terminal escape-character
- terminal history
- terminal length
- terminal monitor
- tftp-server
- timers basic
- timers bgp
- timers spf
- trace, traceroute
- traffic-shape adaptive
- traffic-shape fecn-adapt
- traffic-shape group
- traffic-shape rate
- traffic-share
- transport
- tunnel checksum
- tunnel destination
- tunnel key
- tunnel mode
- tunnel sequence-datagrams
- tunnel source
- txspeed
- undebug
- undelete
- username
- vacant-message
- validate-update-source
- variance
- verify
- version
- vlan
- vlan database
- vtp client
- vtp domain
- vtp password
- vtp server
- vtp transparent
- vtp v2-mode
- vty-async
- vty-async dynamic-routing
- vty-async header-compression
- vty-async keepalive
- vty-async mtu
- vty-async ppp authentication
- vty-async ppp use-tacacs
- width
- write
- A. Appendix: Network Basics
- A.1. IPv4 Subnetting
- A.1.1. Classless Inter-Domain Routing
- A.1.1.1. CIDR notation
- A.1.2. Subnet Math
- A.1.2.1. Subnet zero reminder
- A.1.2.2. Calculating a network address from a host address
- A.1.2.3. Calculating the broadcast address of a subnet
- A.1.2.4. Calculating available subnets
- A.1.2.5. Calculating the number of hosts per subnet
- A.1.3. More about Subnets
- A.1.3.1. Private address space
- A.1.3.2. Changing the way the router displays subnet information
- A.1.3.3. Variable Length Subnet Masks (VLSM)
- A.1.1. Classless Inter-Domain Routing
- A.2. OSI Reference Model
- A.2.1. Application Layer
- A.2.2. Presentation Layer
- A.2.3. Session Layer
- A.2.4. Transport Layer
- A.2.5. Network Layer
- A.2.6. Data Link Layer
- A.2.7. Physical Layer
- A.3. IPv6
- A.3.1. IPv6 Notation
- A.3.1.1. Shorthand rule one
- A.3.1.2. Shorthand rule two
- A.3.2. Important IPv6 Addresses
- A.3.3. Enabling IPv6 on a Router
- A.3.4. Using an IPv6 Address in a URL
- A.3.1. IPv6 Notation
- A.1. IPv4 Subnetting
- 18. About the Author
- Index
- About the Author
- Colophon
- Copyright