|
|
PrefaceCicso routers are nearly ubiquitous in IP networks. They are extremely flexible and reliable devices. The number and variety of features grows with each new release of the Internetwork Operating System (IOS). And while Cisco Press and several other publishers supply excellent documentation of these features both online and in a variety of books, it is often difficult to know when, why, and how to use these features. There are often many different ways to solve any given networking problem using Cisco devices. Some of these solutions are clearly more effective than others. The most pressing question in the mind of you, the network engineer, is which of the many potential solutions is the most appropriate for your particular situation. And once you have decided to use a particular feature, the next question is how to actually implement it. Unfortunately, the feature documentation that describes a particular command or feature frequently does very little to answer either of these questions. Indeed, there are many cases in which the Cisco IOS and documentation offers solutions that will make the network extremely difficult to support in the long term. These solutions are legitimate in odd special situations, but we strongly believe that they should be avoided in most production networks. In some cases this is because there are features that open potentially serious security holes in their default modes. In other cases, there are features that can render the network exceedingly difficult to manage effectively (policy-based routing is the classic example of this problem). Everybody who has worked with Cisco routers for any length of time has at one time or another had to ask their friends and co-workers for example router configuration files that show how to actually solve a common problem. A good working configuration example can often save huge amounts of time and frustration when implementing a feature that you've never used before. This is often true even when you already understand the theory behind this feature. This is why we have written this book. We don't intend the Cisco IOS Cookbook to replace the detailed feature documentation included in books like Cisco IOS in a Nutshell, Second Edition, by James Boney (O'Reilly), or information available on Cisco's web site (http://www.cisco.com). We don't have the space to tell you in detail about how particular protocols actually work. This is information that you can find in places like the Internet Engineering Task Force (IETF) Request for Comment (RFC) documents, as well as a wide variety of books. Instead, this book is a complement to those sources of information. They will tell you things like what a routing protocol is, how it works, and which command turns it on. We will help you select the right routing protocol and configure it in the most efficient way for your network. This book includes a collection of sample router configurations and scripts that we have found useful in real-world networks. It also includes, wherever possible, our advice on what features to use in which situations and how to use them most effectively. There are many common mistakes that we have seen before (although we rarely make mistakes ourselves), and we want to help you to avoid making these same mistakes yourself. What's New in This EditionThe first important difference between the first and second editions of this book is visible right on the cover: we changed the title from Cisco Cookbook to Cisco IOS Cookbook. We had two main reasons for making this change. First, it's more accurate. Cisco has several different product lines with completely different configuration interfaces. This book just covers the Cisco Internetwork Operating System (IOS), the software that runs on most of Cisco's routers and switches. It doesn't cover PIX or ASA firewall configuration or content switching or Cisco's Intrusion Detection Systems (IDS), for example. The second reason for the change is that somebody might one day want to write a Cisco firewall or content switching or IDS cookbook. In fact, several readers have written to us asking for such things, although having just completed the marathon process of updating this book, neither of us feels a burning desire to undertake such a project right away. For the second edition, we had two main goals. The first was to update the information for the first edition so that it now reflects IOS Version 12.4. And our second goal was to add some of the new topics, like MPLS and IPv6, which have become more relevant since the first edition was published. Many of these ideas came from reader suggestions. However, Cisco rarely deletes features from its software when it creates a new version, so we have also retained most of the content from the first edition of this book. This means that much of the content in this book is also relevant to lower IOS versions. We have tried to make it clear when certain features were introduced, or if they are only available with certain IOS feature sets. In each chapter, whenever there were relevant and useful new features, we have added new recipes showing how to use these features effectively. And when there were modifications to existing features, we have added information to the existing recipes. We have also written four new chapters on topics that either were requested by readers, or that we felt were interesting and important. The new chapters cover IP Mobility, IP Version 6, MPLS, and Security, respectively. In all, this edition contains 89 entirely new recipes, and we have deleted two old ones, one because we didn't feel it was still the best solution to the problem, and the other because it made sense to absorb its content into another recipe. We have made significant updates to existing recipes in every chapter, mostly to describe useful new options to existing commands. We welcome feedback from our readers. If you have comments, suggestions, or ideas for other recipes or topics that you'd like to see covered, please let us know. Just as we did with this edition, if there are addtional future editions of the Cisco IOS Cookbook, we will include any suggestions that we think are especially useful. You can reach us at kevind@manageablenetworks.com or ijbrown@hotmail.com. OrganizationAs the name suggests, the Cisco Cookbook is organized as a series of recipes. Each recipe begins with a problem statement that describes a common situation that you might be faced with. After each problem statement is a brief solution that shows a sample router configuration or a script that you can use to resolve this particular problem. Then we turn to a discussion section where we describe the solution, how it works, and when you should or should not use it. We have tried to construct the recipes so you can turn directly to the one that addresses your specific problem and find a useful solution without needing to read the entire book. If the solution includes terms or concepts that you are not familiar with, the chapter introductions should help to bridge the gap. And many recipes refer to other recipes or chapters that discuss related topics. We have also included a variety of references to other sources in case you need more background information on a particular subject. The chapters are organized by the feature or protocol discussed. So, if you are looking for information on a particular feature such as NAT, NTP, or SNMP, you can turn to that chapter and find a variety of related recipes. Most of the chapters list the more basic problems first, and any unusual or complicated situations last. But there are some exceptions to this, when we have opted instead to group related recipes together. What's in This BookThe first four chapters cover what would be considered essential system administration functions if a router were a server. Chapter 1 covers router configuration and file management issues. In Chapter 2, we turn to useful router management tricks. such as command aliases, how to use CDP and DNS, as well as how to tune buffers and create exception dumps. This chapter ends with a set of four scripts that generate various useful reports to help you manage your routers. Then Chapter 3 discusses user access and privileges on the router. Chapter 4 extends this discussion on using TACACS+ to provide centralized management of user access to your routers. The next five chapters look at various aspects of IP routing. Chapter 5 looks at IP routing in general, including static routes and administrative distances. In Chapter 6, we focus on RIP, including both versions 1 and 2. Chapter 7 looks at EIGRP, and Chapter 8 at OSPF. And, in Chapter 9 we discuss the BGP protocol, which controls all IP routing through the backbone of the Internet. The remaining chapters all cover separate topics. We look at the popular Frame Relay WAN protocol in Chapter 10. Chapter 11 discusses queuing and congestion. This chapter also goes into some detail on various IP Quality of Service issues. In Chapter 12, we look at IP tunnels and VPNs. This chapter includes a discussion of Cisco's IPSec implementation. We turn to issues related to Dial Backup in Chapter 13. Then, in Chapter 14, we look at time. We include a relatively detailed discussion of the NTP protocol, which you can use to synchronize the clocks of all your routers. You can then use the synchronized routers as a time source for other equipment, including application servers on your network. Chapter 15 is primarily concerned with configuring the DLSw protocol. It also looks SNA and SDLC protocols, which often are carried over IP networks using DLSw. In Chapter 16, we show how to configure several of the most popular interface types on a Cisco router. Chapters 17 and 18 look at the closely related issues of network management and logging. In Chapter 17, we discuss SNMP in particular. This chapter includes several router configuration examples to use with SNMP, as well as a number of useful scripts that you can use to help manage your Cisco equipment. Chapter 18 looks at issues related to managing the router's event logs, as well how to use the syslog protocol to send these log messages to a central server. It's impossible to do much on a Cisco router without having a good understanding of Access Lists. There are several different kinds of Access Lists, and Chapter 19 shows several useful and interesting applications of the various IP specific Access Lists. In Chapter 20, we look at DHCP. Routers usually just act as DHCP proxy devices, but we also show how to use the router as a DHCP server, or even as a client. Chapter 21 talks about NAT, which allows you to use private IP addresses, and even resolve conflicting address ranges between networks. One of the best ways to build a fault-tolerant LAN is to configure two or more routers to share a single IP address using HSRP. We show several different HSRP configurations in Chapter 22. Then, in Chapter 23, we look at how to implement multicast routing functionality on a Cisco router. The four new chapters appear at the end of the book. Chapter 24 covers IP Mobility. There also is a recipe on the related but much simpler topic of Local Area Mobility. IP Mobility is something of a fringe topic in the TCP/IP protocol suite, but we believe it is becoming more common for two reasons. First, there has been a marked increase in the number of wireless mobile devices. The second reason is increased demand for consumer access to the public Internet. In Chapter 25, we look at another subject that is not widely deployed in Enterprise networks, but which we nonetheless think is increasingly important: IPv6. Most people today still mean IPv4 when they talk about TCP/IP. But there are some large service provider networks, particularly for third generation cell phones, in which the number of end devices demands IPv6. We expect to see the number of IPv6 installations expand rapidly over the next few years. Then Chapter 26 turns to a protocol that has exploded in popularity since the first edition of this book: MPLS. When we wrote the first edition, just three years ago, Frame Relay and ATM still were the WAN protocols of choice in most regions. While these protocols are still present, particularly inside carrier networks, MPLS has largely replaced them as a delivery mode for IP WANs. And finally, in Chapter 27, we look at Security. Most of the features discussed in this chapter concern the IOS Firewall feature set (also called Advanced Security). Many of these features are not new. Indeed, one of the recipes in this new chapter was in the previous edition, and has been relocated from the Access List chapter. However, we have seen such an increase in concern about network security since then that it seemed wise to include an entire chapter on the subject. We should also point out that security as a general topic is discussed in several other chapters in this book. For example, the security of the router itself is discussed in Chapters 2, 3, and 4. Another popular security topic, VPNs, is found in Chapter 12. We also include two appendices. Appendix A discusses the various external software tools that we use throughout the book, and shows how to obtain your own copies of these packages. Appendix B gives some helpful background on IP Quality of Service, as well as various queueing algorithms that you can use on Cisco routers. Conventions Used in This BookThe following typographical conventions are used in this book:
Using Code ExamplesThis book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you're reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O'Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product's documentation does require permission. We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: "Cisco IOS Cookbook, Second Edition, by Kevin Dooley and Ian J. Brown. Copyright 2007 O'Reilly Media, Inc., 978-0-596-52722-8." If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. We'd Like Your Feedback!We at O'Reilly have tested and verified the information in this book to the best of our ability, but mistakes and oversights do occur. Please let us know about errors you may find, as well as your suggestions for future editions, by writing to:
There is a web page for the book where we list errata, examples, or any additional information. You can access this page at:
To comment or ask technical questions about this book, send email to: For more information about our books, conferences, software, Resource Centers, and the O'Reilly Network, see our web site at: Safari® Enabled
When you see a Safari® Enabled icon on the cover of your favorite technology book, that means the book is available online through the O'Reilly Network Safari Bookshelf. Safari offers a solution that's better than e-books. It's a virtual library that lets you easily search thousands of top tech books, cut and paste code samples, download chapters, and find quick answers when you need the most accurate, current information. Try it for free at http://safari.oreilly.com. AcknowledgmentsAlthough this book has been significantly updated since the first edition, it was built on the bones of that earlier book, and so we need to start by repeating our gratitude to everybody who helped in the production of the first edition: John Karek, Jackman Chan, David Close, Jim Sumser, Mike Loukides, Phil Dangler, Jessamyn Read, Ellie Volckhausen, and our insightful technical reviewers Peter Rybaczyk, Ravi Malhotra, and Iljitsch van Beijnum. For the second edition, we'd like to say thanks again to everybody at O'Reilly, particularly our editor, Mike Loukides, who must have seriously wondered how we were going to pull our rapidly slipping writing schedule out of the dirt. He took us at our rather cavalier word that we had it under control. A lesser editor would surely have run screaming. So thanks for believing our bravado. We had only one technical reviewer for the second edition. Ravi Malhotra had the unenviable task of reading this enormous new book and pointing out the many rough spots. Thanks Ravi, and thanks also for your encouraging words. Although this is a second edition, it contains as much new material as many first editions, so we do know how much we asked you to do and with what time constraints, and we really appreciate it. Kevin DooleyI'd like to thank my ceaselessly supportive wife, Sherry Biscope. We dated while I wrote my first book. You agreed to marry me during the writing of the first edition of this book, and we're still together as this massive second edition goes out the door. You've also cheered me on through marathons and a thousand other crazy, life-consuming projects. And I'd also like to thank my lovely daughter, Alice. You are a constant delight. My life was bright before you came into it, and then the sun rose. I love you both more than I ever thought was possible. And thanks to Ginger the beagle, the best dog in the world, despite the occasional bit of late-night-writing-snack thievery. Ian J. BrownI would like to thank my beautiful and understanding wife, Lisa, who supported me (almost) unconditionally throughout this project. Special thanks also to my son, Ethan, and daughter, Darby, who provided me with endless amounts of encouragement throughout. Without the assistance and encouragement of my family, this book would not have been possible. You guys mean the world to me and I will love you always and forever. I would also like to thank our friends at Cisco, who provided equipment, cards, and cables throughout so we could build, configure, and test our solutions. Special thanks to the No Ma'am organization for their support throughout the years.  |
|
|
