book

Cisco IOS in a Nutshell, 2nd Edition

by James Boney

August 2005

Intermediate to advanced

798 pages

31h 12m

English

O'Reilly Media, Inc.

Read now

Unlock full access

OrganizationWhat’s New in This EditionConventionsSafari EnabledWe’d Like to Hear from YouAcknowledgments
1.1. IOS User Modes1.2. Command-Line Completion1.3. Get to Know the Question Mark1.4. Command-Line Editing Keys1.5. Pausing Output1.6. show Commands
2.1. IOS Image Filenames2.1.1. Platform Identifier2.1.2. Feature Set2.1.3. Image Execution Location2.2. The New Cisco IOS Packaging Model2.2.1. Example of New Image Name2.2.2. Status of the Release2.2.3. Finding the Release on Cisco’s Web Site2.3. Loading Image Files Through the Network2.3.1. Using TFTP to Download Files2.3.2. Using RCP to Download Files2.3.3. Using SCP to Download Files2.4. Using the IOS Filesystem for Images2.4.1. Upgrading Flash Memory Using the Filesystem Commands2.5. The Router’s Configuration2.6. Loading Configuration Files2.6.1. Loading the running-config2.6.2. Loading the startup-config2.6.3. Saving running-config to startup-config2.6.4. Viewing a Configuration2.6.4.1. Options for the show config command2.6.4.2. Stopping the —More— prompt2.6.5. Erasing a Stored Configuration2.6.6. Saving a Configuration to a Network Server
3.1. Setting the Router Name3.2. Setting the System Prompt3.3. Configuration Comments3.4. The Enable Password3.5. Mapping Hostnames to IP Addresses3.5.1. IP Host Tables3.5.2. Enabling DNS3.6. Setting the Router’s Time3.6.1. The Calendar Versus the Clock3.6.2. Configuring NTP3.7. Enabling SNMP3.8. Cisco Discovery Protocol3.9. System Banners3.9.1. Creating Banners3.9.2. Disabling Banners
4.1. The line Command4.1.1. Absolute and Relative Line Numbering4.2. The Console Port4.3. Virtual Terminals (VTYs)4.4. Asynchronous Ports (TTYs)4.5. The Auxiliary (AUX) Port4.6. show line4.7. Reverse Telnet4.8. Common Configuration Items4.8.1. Communication Parameters4.8.2. Transport Type4.8.3. Session Limits and Timeouts4.8.4. Special Characters and Key Sequences
5.1. Naming and Numbering Interfaces5.1.1. Subinterfaces5.2. Basic Interface Configuration Commands5.2.1. shutdown5.2.2. Interface Descriptions5.2.3. Setting the IP Address and Subnet Mask5.2.3.1. Secondary IP address(es)5.2.4. Other Common Interface Commands5.3. The Loopback Interface5.4. The Null Interface5.5. Ethernet, Fast Ethernet, and Gigabit Ethernet Interfaces5.6. Token Ring Interfaces5.7. ISDN Interfaces5.7.1. A Simple ISDN Configuration5.8. Serial Interfaces5.8.1. Serial Encapsulation5.8.2. Serial T1 Connection5.8.3. T1 Configuration on a 2524 with a CSU/DSU Card5.8.4. Channelized T15.9. Asynchronous Interfaces5.9.1. Using the group-async Command5.9.2. Specifying an IP Address Pool5.9.3. Using BOOTP Configuration Items for Dial-in Connections5.9.4. Using DHCP for IP Addresses and Dial-in Configuration Items5.10. Interface show Commands5.10.1. Clearing the show Command Counters5.10.2. Listing All Interfaces5.10.3. Using the show interface Commands5.10.3.1. show interface accounting5.10.3.2. show ip interface
6.1. Frame Relay6.1.1. Important Frame Relay Terminology6.1.2. Frame Relay Configuration6.1.3. Mapping IP Addresses to DLCIs6.1.3.1. Explicitly mapping DLCIs6.1.3.2. Configuring a multipoint connection6.1.4. Frame Relay Traffic Shaping6.1.4.1. Enabling traffic-shaping on a frame relay link6.1.4.2. Adaptive shaping6.1.5. Frame Relay show Commands6.2. ATM6.2.1. ATM Terminology6.2.2. Configuring Permanent Virtual Circuits6.2.2.1. Configuring an ATM interface with static IP mapping6.2.2.2. Configuring an ATM interface with dynamic IP mapping6.2.3. Configuring Switched Virtual Circuits6.2.3.1. ATM ARP server6.2.4. Configuring with DXI6.2.5. ATM show Commands6.2.6. LAN Emulation (LANE)6.2.6.1. LANE configuration notes6.2.6.2. Configuring the LECS6.2.6.3. Configuring the LES/BUS6.2.6.4. Configuring the LEC6.2.6.5. LANE show commands6.3. DSL6.3.1. Configuring Our DSL Client Router6.3.2. Troubleshooting a DSL Connection6.4. Cable6.5. VoIP6.5.1. VoIP Protocols6.5.1.1. H.3236.5.1.2. MGCP6.5.1.3. SIP6.5.2. VoIP Terminology6.5.3. Examples6.5.3.1. FXO Gateway to PSTN6.5.3.2. H.323 call routing6.5.3.3. MGCP call routing6.5.3.4. SIP Configuration for VoIP
7.1. How Packets Match a List Entry7.1.1. Address/Mask Pairs (Wildcards)7.1.2. Computing a Wildcard for a Given Subnet Mask7.1.3. Access List Processing7.1.4. Implicit Deny7.1.5. Access Lists Are Additive7.1.6. Outbound Access Lists Are More Efficient Than Inbound7.2. Types of Access Lists7.2.1. Extended Access Lists7.2.1.1. Specifying ports7.2.1.2. Established connections7.2.1.3. ICMP protocol entries7.2.1.4. Applying an access list to an interface or line7.2.2. Named Access Lists7.2.2.1. Entering noncontiguous ports7.2.3. Reflexive Access Lists7.2.3.1. Creating the outbound reflexive list7.2.3.2. Creating the inbound reflexive list7.2.3.3. Applying the inbound and outbound reflexive lists to an interface7.2.3.4. Setting the reflexive timeout7.2.3.5. Reflexive list notes7.3. Specific Topics7.3.1. Adding Comments to an Access List7.3.2. Timed Access Lists7.3.3. Building a Gateway Router7.3.3.1. IP address spoofing7.3.3.2. Permitting FTP through an access list7.3.3.3. Passive FTP7.3.3.4. The actual access list7.3.4. Optimizing Your Access Lists7.3.5. Emulating a Packet Sniffer7.3.6. Logging Access List Violations7.3.7. Securely Updating Access Lists7.3.8. Getting the List to a Router with TFTP, RCP, or SCP
8.1. Autonomous System (AS) Numbers8.2. Interior and Exterior Gateway Protocols8.3. Distance-Vector and Link-State Routing Protocols8.3.1. Distance-Vector Protocols8.3.2. Link-State Routing Protocols8.3.3. Administrative Distance8.3.4. Variable-Length Subnet Masks (VLSM) and Classless Routing8.3.5. Protocol Comparison8.4. Static Routes8.4.1. Default Static Routes8.4.2. A Static Route to the Null Interface8.4.3. Backup Static Routes8.5. Split Horizon8.6. Passive Interfaces8.6.1. Route Redistribution8.6.2. Filtering Routes8.6.2.1. Filtering incoming routes8.6.2.2. Filtering outgoing routes8.6.2.3. Filtering updates during redistribution8.6.2.4. Revisiting the example8.6.3. Route Maps8.6.3.1. Enforcing routing policy with route maps8.6.3.2. Enforcing routing policy with the ip policy command8.7. Fast Switching and Process Switching8.7.1. Fast Switching8.7.2. Process Switching8.7.3. Useful show Commands8.7.3.1. show ip route summary8.7.3.2. clear ip route8.7.3.3. show ip protocols
9.1. RIP9.1.1. Basic RIP Configuration9.1.2. Enabling RIPv2 on the Network9.1.3. Redistributing Other Routing Protocols into RIP9.1.4. RIPv2 Authentication9.2. IGRP9.2.1. Basic IGRP Configuration9.2.1.1. IGRP’s metric9.2.1.2. Packet size9.2.1.3. Modifying the range of the network9.2.1.4. IGRP’s load balancing9.2.2. Redistributing Other Protocols into IGRP9.3. EIGRP9.3.1. Enabling EIGRP on the Network9.3.2. EIGRP and Route Summarization9.3.2.1. Enabling route summarization on a specific interface9.3.3. EIGRP Authentication9.3.4. EIGRP Metrics9.3.5. Tuning EIGRP9.3.6. EIGRP show Commands9.3.6.1. show ip eigrp neighbors9.3.6.2. show ip eigrp topology9.3.6.3. show ip eigrp traffic9.3.7. EIGRP Redistribution9.3.7.1. RIP9.3.7.2. IGRP9.3.8. Converting an IGRP Network to EIGRP9.4. OSPF9.4.1. OSPF Concepts9.4.1.1. Areas9.4.1.2. Router types9.4.1.3. Link-state advertisements (LSAs)9.4.1.4. Area types9.4.1.5. Router ID9.4.1.6. Designated router (DR)9.4.2. Enabling OSPF on the Network9.4.3. Sample OSPF Configurations9.4.4. Route Summarization in OSPF9.4.4.1. Inter-area summarization9.4.4.2. External summarization9.4.5. Virtual Backbone Links9.4.6. Interoperability with Other Vendors9.4.7. Default Routes in OSPF9.4.8. NSSAs (Not-So-Stubby Areas)9.4.9. OSPF Configuration Example9.4.9.1. Putting route summarization to use9.4.10. Redistributing Other Protocols into OSPF9.4.11. OSPF show Commands9.4.11.1. show ip ospf border routers9.4.11.2. show ip ospf neighbor9.4.11.3. show ip ospf database9.4.11.4. show ip ospf interface9.5. IS-IS9.5.1. IS-IS Concepts9.5.1.1. Level 1 and level 29.5.1.2. NSAP addressing9.5.1.3. Enabling an interface for IS-IS9.5.2. IS-IS configuration example9.5.3. Show Commands9.5.4. Authentication9.5.5. Metric Tuning9.5.6. Injecting a Default Route9.5.7. IS-IS Route Leaking

Content preview from Cisco IOS in a Nutshell, 2nd Edition

Name

ip access-list — global

Synopsis

ip access-list {standard | extended} name

Configures

Named access lists

Default

None

Description

This command allows you to create a named access list. A named access list is really no different from a numbered access list as defined by the access-list command, except that it is identified by a logical name. A named access list may be either standard or extended. This command is followed by permit and deny commands that specify the access-list rules. For more about access lists, see Chapter 7 and the discussion of the access-list command.

Example

The following commands define a named access list that allows HTTP traffic from any host to the server at 10.1.2.3 and permits all other TCP traffic that has the SYN flag set. Remember that all access lists end with an implicit deny, which rejects all traffic not permitted by a statement in the access list.

ip access-list extended bogus-firewall
  permit tcp any host 10.1.2.3 eq http
  permit tcp any any established

As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this:

ip access-list extended acllist1
  permit tcp any host 192.168.1.1 eq telnet
  permit tcp any host 192.168.1.1 eq www
  permit tcp any host 192.168.1.1 eq smtp
  permit tcp any host 192.168.1.1 eq pop3

With noncontigious port support, you can write it more tersely:

ip access-list extended acllist1
  permit tcp any host 192.168.1.1 eq telnet www smtp pop3

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 0596008694Errata

Cisco IOS in a Nutshell, 2nd Edition

by James Boney

Name

Synopsis

Configures

Default

Description

Example

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

CISCO IOS in a Nutshell

Cisco IOS Cookbook, 2nd Edition

Cisco Software-Defined Access

Cisco Networks: Engineers' Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA

Publisher Resources