cisco router configuration handbook · 2012. 7. 27. · ii cisco router configuration handbook...

Cisco Router Configuration Handbook Second Edition

Dave Hucaby, CCIE No. 4594

Steve McQuerry, CCIE No. 6108

Andrew Whitaker

Cisco Press

800 East 96th Street

Indianapolis, IN 46240

ii Cisco Router Configuration Handbook

Cisco Router Configuration Handbook, Second Edition

Dave Hucaby, Steve McQuerry, Andrew Whitaker

Copyright © 2010 Cisco Systems, Inc.

Published by:

Cisco Press

800 East 96th Street

Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by

any means, electronic or mechanical, including photocopying, recording, or by any informa-

tion storage and retrieval system, without written permission from the publisher, except for

the inclusion of brief quotations in a review.

Printed in the United States of America

Second Printing August 2012

Library of Congress Cataloging-in-Publication data is on file.

ISBN-13: 978-1-58714-116-4

ISBN-10: 1-58714-116-7

Warning and Disclaimer

This book is designed to provide information about configuring Cisco routers. Every effort

has been made to make this book as complete and as accurate as possible, but no warranty or

fitness is implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems,

Inc. shall have neither liability nor responsibility to any person or entity with respect to any

loss or damages arising from the information contained in this book or from the use of the

discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of

Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been

appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of

this information. Use of a term in this book should not be regarded as affecting the validity of

any trademark or service mark.

iii

Corporate and Government Sales

The publisher offers excellent discounts on this book when ordered in quantity for bulk pur-chases or special sales, which may include electronic versions and/or custom covers and con-tent particular to your business, training goals, marketing focus, and branding interests. Formore information, please contact: U.S. Corporate and Government Sales [email protected]

For sales outside the United States, please contact: International [email protected]

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value.Each book is crafted with care and precision, undergoing rigorous development that involvesthe unique expertise of members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regard-ing how we could improve the quality of this book, or otherwise alter it to better suit yourneeds, you can contact us through e-mail at [email protected]. Please make sure toinclude the book title and ISBN in your message.

We greatly appreciate your assistance.

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the

Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the

Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step,

Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,

Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and

the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)

Americas HeadquartersCisco Systems, Inc.

San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.

Singapore

Europe HeadquartersCisco Systems International BV

Amsterdam, The Netherlands

Publisher: Paul Boger Manager, Global Certification: Erik Ullanderson

Associate Publisher: Dave Dusthimer Business Operation Manager, Cisco Press: Anand Sundaram

Executive Editor: Brett Bartow Senior Development Editor: Christopher Cleveland

Managing Editor: Sandra Schroeder Project Editor: Seth Kerney

Copy Editor: Apostrophe Editing Services Technical Editors: Steve Kalman, Joe Harris

Editorial Assistant: Vanessa Evans Indexer: WordWise Publishing Services

Book Designer: Louisa Adair Proofreaders: Sheri Cain and Water Crest Publishing

Composition: Mark Shirar

www.cisco.com/go/offices

iv Cisco Router Configuration Handbook

Dedications

Dave Hucaby: This book is dedicated to my wife, Marci, and my daughters, Lauren and Kara.I am blessed to have three wonderful girls in the house; their love, encouragement, and sup-port carry me along. God is good!

Steve McQuerry: I dedicate this work to my beautiful wife and love of my life, Becky. Also,to my wonderful children, Katie, Logan, and Cameron. You are all my inspiration. Yourpatience, love, and support give me the courage and strength needed to spend the requiredtime and energy on a project like this. Even through the long hours, I want you to know I loveyou all very much.

v

About the Authors

David Hucaby, CCIE #4594, is a lead network engineer for the University of Kentucky,where he designs, implements, and maintains campus networks using Cisco products. Prior tohis current position, he was a senior network consultant, providing design and implementationconsulting, focusing on Cisco-based VPN and IP telephony solutions. Hucaby has bachelor ofscience and master of science degrees in electrical engineering from the University ofKentucky. He is also the author of CCNP Switching Exam Certification Guide by CiscoPress.

Stephen McQuerry, CCIE #6108, is an instructor and consultant with more than ten years ofnetworking industry experience. He is a certified Cisco Systems instructor (CCSI) and acourse director/developer, teaching routing and switching concepts for Global Knowledge.McQuerry regularly teaches Cisco Enterprise courses. Additionally, he has developed andtaught custom Cisco switching courses. McQuerry holds a bachelor of science degree in engi-neering physics from Eastern Kentucky University. He is also the author of Interconnecting

Cisco Network Devices by Cisco Press.

Andrew Whitaker has been teaching and developing Cisco courses for more than seven yearsand holds the following certifications: CCNP, CCVP, CCSP, CCDP, CCNA:Security, MCT,CEI, CISSP, LPT, CEH, ECSA, MCTS, MCSE, CNE, A+, Network+, Security+, Convergence+,CTP, CICP, CHFI, EMCPA. He is the author of several books, including Penetration Testing

and Network Defense by Cisco Press.

About the Technical Reviewers

Steven Kalman is the principal officer at Esquire Micro Consultants, which offers lecturing,writing, and consulting services. He has more than 30 years of experience in data processing,with strengths in network design and implementation. Kalman is an instructor and author forLearning Tree International. He has written and reviewed many networking-related titles. Heholds CCNA, CCDA, ECNE, CEN, and CNI certifications.

Joe Harris, CCIE No. 6200 (R/S, Security & SP), is a Triple CCIE working for Cisco as a systemsengineer within the Wireline and Emerging Providers organization, where he specializes insecurity and MPLS-related technologies. With more than 16 years of extensive experiencefocusing on advance technologies within the IT arena, Joe has been primarily focused onsupporting various enterprise-sized networks revolving around all aspects of Cisco technology.He has also provided high-end consulting for both large and small corporations, as well aslocal government and federal agencies. Joe holds a bachelor of science degree from LouisianaTech University and resides with his wife and two children in Frisco, Texas.

vi Cisco Router Configuration Handbook

Acknowledgments

Dave Hucaby: I am very grateful for another opportunity to work on a Cisco Press project.Getting to dabble in technical writing has been great fun, a highlight in my career, and a lot ofwork, too! Naturally, these good folks at Cisco Press have gone the extra mile to make writingenjoyable and achievable: Brett Bartow, who kindly accepted my idea for a book like this andkindly prodded us along to meet deadlines we didn’t think we could, and Chris Cleveland,who is a superb development editor. As a matter of fact, every Cisco Press person I have metalong the way has been so nice, encouraging, and excited about their work!

Thanks to our technical reviewers: Steve Kalman and Joe Harris. Working on a book of thisnature has been challenging. The sheer volume and scope of the Cisco IOS Software com-mands and features are a little overwhelming. I truly appreciate reviewers who can help us seea bigger picture of better organization and accuracy while we’re writing in the depths of con-figuration commands. This book is also a testimony to the great number of things you can dowith a router, thanks to the Cisco IOS Software. I don’t know how many hundreds of com-mands we have covered in this book, but we had to leave out many more lesser-used com-mands just to keep a handle on the book’s size and scope. I’m amazed at the robustness of thesoftware and its dynamic nature.

I would like to express my thanks to my friend and coauthor Steve McQuerry. We’ve followedeach other around for many years, and it has been great to work on this project with him.Hopefully, we Kentucky boys can work on more things like this.

Lastly, I would like to acknowledge the person who stole my laptop computer halfwaythrough the first edition of this book project. Whoever you are, you left me a victim of myown lack of current backups. I made up a silly joke many years ago: “A backup is worth a mil-lion bytes, especially if you have to type them all back in.” Indeed.

Steve McQuerry: About 20 years ago, the late Rodger Yockey gave me an opportunity as afield engineer in the computer industry. Since then, several people have been there at keymoments to help my career go in certain directions. I owe a great debt to these people, asthey have helped me reach the level I am at today. It is not often that one has the opportunityto thank those who have been instrumental in molding his career. In addition to Rodger, Iwould like to take a moment to also thank Ted Banner for his guidance and mentoring. I wouldalso like to thank Chuck Terrien for giving me the opportunity to work as an instructor in theCisco product line. I would like to thank Brett Bartow for the opportunity to begin sharingmy experiences with the network community by writing for Cisco Press. Last but not least, Ihave to thank my friend and coauthor, Dave Hucaby. This book was his concept, and I thankhim for the opportunity work with him once again. I hope we will always find a way to con-tinue working together in the future.

Since I began working on book and course projects a couple of years ago, I have a newfoundrespect for what it takes to edit, coordinate, publish, and basically keep authors on track.Behind every Cisco Press book is an incredible staff, and I would be remiss if I did notacknowledge their work. Chris Cleveland, again it has been great working with you. I hopethat we can work together again in the future.

vii

Without the following individuals behind the book, it would be no more than a collection ofjumbled notes and napkin sketches of networking configurations:

The sharp eyes of all our technical editors on the first and this edition: Joe Harris, SteveKalman, Alexander Marhold, and Kevin Turek.

All my students and fellow instructors at Global Knowledge. Your challenges and questionsprovide me with the drive to have a better understanding.

My wife and children for their never-ending patience and understanding during this and all ofmy projects.

Most important, God, for giving me the skills, talents, and opportunity to work in such a chal-lenging and exciting profession.

Andrew Whitaker: I would like to express my thanks to both Dave Hucaby and SteveMcQuerry for this opportunity. Brett Bartow and Chris Cleveland, it is great to work withboth of you again. Finally, to Steve Kalman and Joe Harris, I appreciate how diligently youworked to ensure a quality book.

viii Cisco Router Configuration Handbook

Contents at a Glance

Introduction xxi

Part I: Configuration Fundamentals

Chapter 1 Configuration Basics 1

Chapter 2 Interface Configuration 73

Chapter 3 Dial Solutions 121

Part II: Network Protocols

Chapter 4 IPv4 Addressing and Services 153


Chapter 6 IP Routing Protocols 227

Chapter 7 IP Multicast Routing 275

Chapter 8 IP Route Processing 293

Part III: Packet Processing

Chapter 9 Quality of Service 311

Chapter 10 Multiprotocol Label Switching 359

Part IV: Voice & Telephony

Chapter 11 Voice and Telephony 375

Part V: Security

Chapter 12 Router Security 423

Chapter 13 Virtual Private Networks 475

Chapter 14 Access Lists and Regular Expressions 519

Appendixes

Appendix A Cisco IOS Software Release and Filename Conventions 543

Appendix B Cabling Quick Reference 551

Appendix C SNMP MIB Structure 557

Appendix D Password Recovery 561

Appendix E Configuration Register Settings 569

Appendix F Well-Known IP Protocol Numbers 577

Appendix G Well-Known IP Port Numbers 587

Appendix H ICMP Type and Code Numbers 601

Appendix I Well-Known IP Multicast Addresses 605

Appendix J Tool Command Language (TCL) Reference 619

Appendix K Ethernet Type Codes 623

Index 631

ix

Contents

Introduction xxi

Part I: Configuration Fundamentals

Chapter 1 Configuration Basics 1

1-1: User Interfaces 1

Configuration 2

Navigating File Systems 19

1-2: File Management 19

Deleting Files from Flash 22

Moving System Files 23

Configuration Rollback 25

Related File Management Commands 26

Alias Commands 27

1-3: Cisco Discovery Protocol (CDP) 28

Configuration 28

Example 29

1-4: System Time 30

Configuration 30

Example 33

1-5: Logging 34

Configuration 34

Verifying Logging 37

Example 37

1-6: System Monitoring 38

Configuration 39

Example 47

1-7: Service Assurance Agent (SAA) 47

Configuration 48

Example 56

1-8: Buffer Management 56

Configuration 57

Example 61

1-9: Some Troubleshooting Tools 61

IP Connectivity Tools: Extended ping 62

IP Connectivity Tools: ping 62

IP Connectivity Tools: traceroute 63

Debugging Output from the Router 65

IP Connectivity Tools: Telnet 65

x Cisco Router Configuration Handbook

Poor Man’s Sniffer 67

Troubleshooting Router Crashes 69

Monitoring Router Activity 70

Getting Assistance from Cisco 71

Information for the Cisco Technical Assistance Center (TAC) 71

Chapter 2 Interface Configuration 73

2-1: Ethernet Interfaces 73

Configuration 74

Example 75

2-2: FDDI Interfaces 76

Configuration 76

Example 76

2-3: Loopback and Null Interfaces 77

Configuration 77

Example 77

2-4: VLAN Interfaces 78

Configuration 78

Example 79

2-5: Tunnel Interfaces 79

Configuration 80

Example 81

2-6: Synchronous Serial Interfaces 82

Configuration 82

Configuring Channelized T1/E1 Serial Interfaces 84

Configuring Synchronous Serial Interfaces 85

Example 91

2-7: Packet-Over-SONET Interfaces 91

Configuration 92

Configuring APS on POS Interfaces 93

Example 94

2-8: Frame Relay Interfaces 95

Configuration 96

Example 104

2-9: Frame Relay Switching 105

Configuration 105

Example 109

2-10: ATM Interfaces 110

Configuration 111

Example 117

xi

Further Reading 118

Ethernet 118

Fast Ethernet 118

Gigabit Ethernet 118

Frame Relay 119

ATM 119

Chapter 3 Dial Solutions 121

3-1: Modems 122

Configuration 122

3-2: ISDN 128

PRI Configuration 129

PRI Example 131

BRI Configuration 131

BRI Example 133

3-3: Dial-on-Demand Routing (DDR) 133

Configuration 134

Example 139

3-4: Dial Backup 141

Dial Backup Configuration 141

Dial Backup Example 142

Dialer Watch Configuration 143

Dialer Watch Example 143

3-5: Routing Over Dialup Networks 144

Snapshot Routing Configuration 145

Snapshot Routing Example 146

ODR Configuration 146

3-6: Point-to-Point Protocol (PPP) 148

Configuration 148

Example 152

Further Reading 152

Part II: Network Protocols


4-1: IP Addressing and Resolution 154

Configuration 154

Example 157

4-2: IP Broadcast Handling 158

Configuration 158

Example 160

xii Cisco Router Configuration Handbook

4-3: Hot Standby Router Protocol (HSRP) 160

Configuration 161

Example 164

4-4: Virtual Router Redundancy Protocol 165

Configuration 166

Example 166

4-5: Dynamic Host Configuration Protocol (DHCP) 167

Configuration 167

Example 171

4-6: Mobile IP 172

Configuration 173

Example 176

4-7: Network Address Translation (NAT) 178

Configuration 179

Examples 183

4-8: Server Load Balancing (SLB) 185

Configuration 186

Example 190


5-1: IPv6 Addressing 196

Configuration 198

Example 198

5-2: Dynamic Host Configuration Protocol (DHCP) Version 6 199

Example 201

5-3: Gateway Load Balancing Protocol Version 6 (GLBPv6) 202

Configuration 203

Example 206

5-4: Hot Standby Router Protocol for IPv6 208

Configuration 208

Example 210

5-5: Mobile IPv6 211

Configuration 212

Example 214

5-6: Network Address Translation-Protocol Translation 215

Configuration 216

Example 220

xiii

5-7: Tunneling 221

Configuration 221

Example 223

Chapter 6 IP Routing Protocols 227

6-1: Routing Information Protocol (RIP) 227

Configuration 228

RIP-2-Specific Commands 230

Example 232

6-2: Routing Information Protocol (RIP) for IPv6 233

Example 233

Configuration 233

6-3: Enhanced Interior Gateway Routing Protocol (EIGRP) 234

Configuration 235

Example 238

6-4: Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 239

Configuration 239

Example 242

6-5: Open Shortest Path First (OSPF) 242

Configuration 243

Example 249

6-6: Open Shortest Path First (OSPF) Version 3 (IPv6) 250

Configuration 251

Example 252

6-7: Integrated IS-IS 252

Configuration 253

Example 255

6-8: Integrated IS-IS for IPv6 257

Configuration 257

6-9: Border Gateway Protocol (BGP) 257

Configuration 259

Example 268

6-10: Multiprotocol Border Gateway Protocol (BGP) for IPv6 270

Configuration 270

Example 271

Chapter 7 IP Multicast Routing 275

7-1: Protocol Independent Multicast (PIM) 275

Configuration 277

Example 279

xiv Cisco Router Configuration Handbook

7-2: Internet Group Management Protocol (IGMP) 280

Configuration 281

Example 283

7-3: Multiprotocol BGP (MBGP) 284

Configuration 285

Example 286

7-4: Multicast Source Discovery Protocol (MSDP) 287

Configuration 288

Example 289

7-5: IPv6 Multicast 290

Configuration 290

Example 291

Chapter 8 IP Route Processing 293

8-1: Manually Configuring Routes 293

Configuration 294

Example 295

8-2: Policy Routing 296

Configuration 296

Example 298

8-3: Redistributing Routing Information 298

Configuration 298

Example 304

8-4: Filtering Routing Information 305

Configuration 306

Example 308

8-5: Load Balancing 308

Configuration 308

Example 309

Part III: Packet Processing

Chapter 9 Quality of Service 311

9-1: Modular QoS Command-Line Interface (MQC) 314

Configuration 315

MQC Example 321

9-2: Network-Based Application Recognition (NBAR) 322

Configuration 323

NBAR Example 327

9-3: Policy-Based Routing (PBR) 327

Configuration 328

PBR Example 329

xv

9-4: Quality of Service for VPNs 329

Configuration 329

QoS for VPNs Example 330

9-5: QoS Policy Propagation via BGP 330

Configuration 330

QoS Policy Propagation via BGP Example 331

9-6: Priority Queuing (PQ) 332

Configuration 332

Priority Queuing Example 333

9-7: Custom Queuing (CQ) 333

Configuration 334

Custom Queuing Example 336

9-8: Weighted Fair Queuing (WFQ) 337

Configuration 337

Weighted Fair Queuing Example 339

9-9: Weighted Random Early Detection (WRED) 340

Configuration 340

Weighted Random Early Detection Example 341

9-10: Committed Access Rate (CAR) 342

Configuration 342

Committed Access Rate Example 343

9-11: Generic Traffic Shaping (GTS) 344

Configuration 344

Generic Traffic Shaping Example 345

9-12: Frame Relay Traffic Shaping (FRTS) 345

Configuration 346

Frame Relay Traffic Shaping Example 347

9-13: Use RSVP for QoS Signaling 348

Configuration 348

Using RSVP for QoS Signaling Example 351

9-14: Link Efficiency Mechanisms 351

Configuration 352

Link Efficiency Mechanism Example 353

9-15: AutoQoS for the Enterprise 353

Configuration 354

Example 356

xvi Cisco Router Configuration Handbook

Chapter 10 Multiprotocol Label Switching 359

10-1: Configuring Basic MPLS 359

Configuration 360

Example 362

10-2: MPLS Traffic Engineering 364

Configuration 365

Example 368

10-3: MPLS Virtual Private Networks (VPN) 369

Configuration 369

Example 371

Part IV: Voice & Telephony

Chapter 11 Voice and Telephony 375

11-1: Quality of Service for Voice 376

11-2: Voice Ports 381

Configuration 382

11-3: Dialing 395

Configuration 396

11-4: H.323 Gateways 405

Configuration 406

11-5: H.323 Gatekeepers 408

Configuration 408

Example 414

11-6: Interactive Voice Response (IVR) 415

Configuration 415

11-7: Survivable Remote Site (SRS) Telephony 417

Configuration 417

Example 420

Part V: Security

Chapter 12 Router Security 423

12-1: Suggested Ways to Secure a Router 424

User Authentication on the Router 424

Control Access to the Router Lines 424

Configure Login Timing Options 425

Use Warning Banners to Inform Users 426

Router Management 426

Implement Logging on the Router 427

Control Spoofed Information 427

Control Unnecessary Router Services 428

xvii

12-2: Authentication, Authorization, and Accounting (AAA) 429

Configuration 430

Example 437

12-3: Dynamically Authenticate and Authorize Users with AuthenticationProxy 438

Configuration 439

Example 442

12-4: Controlling Access with Lock and Key Security 442

Configuration 442

Example 445

12-5: Filtering IP Sessions with Reflexive Access Lists 446

Configuration 446

Example 448

12-6: Prevent DoS Attacks with TCP Intercept 448

Configuration 449

Example 451

12-7: Intelligent Filtering with Context-Based Access Control (CBAC) 451

Configuration 451

Example 456

12-8: Detect Attacks and Threats with the IOS Intrusion Prevention System 458

Configuration 458

Example 471

12-9: Control Plane Security 471

Configuration 472

Example 472

12-10: AutoSecure 473

Configuration 473

Example 474

Chapter 13 Virtual Private Networks 475

13-1: Using Internet Key Exchange (IKE) for VPNs 476

Configuration 476

Example 482

13-2: IPSec VPN Tunnels 483

Configuration 484

Example 490

13-3: High Availability Features 493

Configuration 494

Example 497

xviii Cisco Router Configuration Handbook

13-4: Dynamic Multipoint VPN (DMVPN) 504

Configuration 505

Example 511

13-5: Secure Socket Layer VPNs 514

Configuration 515

Example 517

Further Reading 517

Chapter 14 Access Lists and Regular Expressions 519

14-1: IP Access Lists 521

Configuration 521

Examples 530

14-2: MAC Address and Protocol Type Code Access Lists 532

Configuration 532

Examples 533

14-3: IPv6 Access Lists 533

Configuration 534

Examples 538

14-4: Regular Expressions 539

Configuration 539

Examples 540

Appendixes

Appendix A Cisco IOS Software Release and Filename Conventions 543

Appendix B Cabling Quick Reference 551

Appendix C SNMP MIB Structure 557

Appendix D Password Recovery 561

Appendix E Configuration Register Settings 569

Appendix F Well-Known IP Protocol Numbers 577

Appendix G Well-Known IP Port Numbers 587

Appendix H ICMP Type and Code Numbers 601

Appendix I Well-known IP Multicast Addresses 605

Appendix J Tool Command Language (TCL) Reference 619

Appendix K Ethernet Type Codes 623

Index 631

xix

Icons Used in This Book

Throughout this book, you see the following icons used for networking devices:

The following icons are used for peripherals and other devices:

DSU/CSU

Router Bridge Hub DSU/CSU

CatalystSwitch

MultilayerSwitch

ATMSwitch

ISDN/Frame RelaySwitch

CommunicationServer

Gateway AccessServer

PC PC withSoftware

SunWorkstation

Macintosh

Terminal File Server

WebServer

Cisco WorksWorkstation

Printer Laptop IBMMainframe

Front EndProcessor

ClusterController

xx Cisco Router Configuration Handbook

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventionsused in the IOS Command Reference. The Command Reference describes these conventionsas follows:

■ Boldface indicates commands and keywords that are entered literally as shown. Inactual configuration examples and output (not general command syntax), boldfaceindicates commands that are manually input by the user (such as a show command).

■ Italic indicates arguments for which you supply actual values.

■ Vertical bars (|) separate alternative, mutually exclusive elements.

■ Square brackets ([ ]) indicate an optional element.

■ Braces ({ }) indicate a required choice.

■ Braces within brackets () indicate a required choice within an optional element.

xxi

Introduction

There are many sources of information and documentation for configuring Cisco networkingdevices, but few provide a quick and portable solution for networking professionals. Thisbook is designed to provide a quick-and-easy reference guide for a wide range of commonlyused features that can be configured on Cisco routers. In essence, the subject matter from anentire bookshelf of Cisco IOS Software documentation, along with other networking refer-ence material, has been “squashed” into one handy volume that you can take with you.

This idea for this book began with my study habits for the CCIE written and lab exam. Overtime, I found that I had put together a whole notebook of handwritten notes about how toconfigure a variety of Cisco router features. I also found that I began carrying this notebookwith me into the field as a network consultant. When you’re on the job and someone requiresyou to configure a feature you’re not too familiar with, it’s nice to have your handy referencenotebook in your bag! Hopefully, this book will be that handy reference for you.

Features and Organization

This book is meant to be used as a tool in your day-to-day tasks as a network administrator orengineer. As such, we have avoided presenting a large amount of instructional informa-tion ortheory on the operation of protocols or commands. That is better handled in other textbooksdedicated to a more limited subject matter.

Instead, this book is divided into parts that present quick facts, configuration steps, andexplanations of configuration options for each feature in the Cisco IOS Software.

How to Use This Book

All the information in this book has been designed to follow a quick-reference format. If youknow what feature or technology you want to use, you can turn right to the section that dealswith it. Sections are numbered with a quick-reference index, showing both chapter and sectionnumber. For example, 13-3 is Chapter 13, Section 3. You'll also find shaded index tabs on eachpage, listing the section number, the chapter subject, and the topic dealt with in that section.

Facts About a Feature

Each section in a chapter includes a bulleted list of quick facts about the feature, technol-ogy,or protocol. Refer to these lists to quickly learn or review how the feature works. Immediatelyfollowing, we have placed a note that details what protocol or port number the feature uses. Ifyou are configuring filters or firewalls and you need to know how to al-low or block trafficfrom the feature, look for these notes.

xxii Cisco Router Configuration Handbook

Configuration Steps

Each feature covered in a section includes the required and optional commands used for com-mon configuration. The difference is that the configuration steps are presented in an outlineformat. If you follow the outline, you can configure a complex feature or technol-ogy. If youfind that you don't need a certain feature option, skip over that level in the out-line.

Sample Configurations

Each section includes an example of how to implement the commands and their options. Wehave tried to present the examples with the commands listed in the order you would actuallyenter them to follow the outline. Many times, it is more difficult to study and un-derstand aconfiguration example from an actual router, because the commands are dis-played in a prede-fined order, not in the order you entered them. Where possible, the ex-amples have also beentrimmed to show only the commands presented in the section.

Further Reading

Each chapter ends with a recommended reading list to help you find more in-depth sources ofinformation for the topics discussed.

Chapter 10

Multiprotocol Label Switching

This chapter covers the background and configuration of frame mode Multiprotocol LabelSwitching (MPLS). The following common configurations and features are discussed:

■ 10-1: Configuring Basic MPLS—MPLS is a high-performance packet forwardingtechnology that is based on Layer 2 switching instead of relying only on Layer 3 rout-ing. Routers use labels added between the Layer 2 and Layer 3 headers for forwardingdecisions.

■ 10-2: MPLS Traffic Engineering—Service providers can use traffic engineering onMPLS-enabled routers to route a customer’s network traffic based on throughputand delay. Tunnels are created for label switch paths (LSP) using the ResourceReservation Protocol (RSVP).

■ 10-3: MPLS Virtual Private Networks (VPN)—MPLS VPNs have separate virtualrouting and forwarding (VRF) instances for each customer in addition to a globalrouting table that is used to reach other routers in the provider network. Each VRFhas a 64-bit route distinguisher (RD) to keep each customer’s IP subnet separate fromother routing and forwarding tables. BGP route target communities are used in ex-changing route information between routers.

10-1: Configuring Basic MPLS

Multiprotocol Label Switching (MPLS) is a high-performance packet forwarding tech-nology based on Layer 2 switching instead of Layer 3 routing. Routers are configuredfor MPLS forward frames based on labels instead of traditional Layer 3 IP unicast rout-ing that performs Layer 3 lookups on the destination address at each hop. MPLS labelsare inserted between the Layer 2 and Layer 3 headers and can be pushed (added),popped (removed), swapped, or aggregated (removing the top label and performing aLayer 3 lookup).

360 Cisco Router Configuration Handbook

■ MPLS is attractive to service providers because of its scalability and features.Providers can scale easier with MPLS than using Asynchronous Transfer Mode(ATM) or Frame Relay permanent virtual circuits (PVC). The traffic engineering fea-tures of MPLS enable providers to route traffic not just on a destination address butalso on other factors such as bandwidth requirements and quality of service (QoS).

■ A label switch router (LSR) is any router or switch that implements label distributionand can forward packets based on labels. An edge-LSR is any router that performslabel imposition (push) or label disposition (pop). An ATM LSR is an ATM switchthat can act as an LSR. With ATM LSRs, cell switching is used for the label forward-ing table.

■ MPLS-enabled routers communicate with each other using the Label DistributionProtocol (LDP). LSRs discover each other using hello packets, and peer relationshipsare maintained using keepalives. LSRs share label binding information with otherLSRs. The label bindings build a forwarding equivalence class (FEC). A forwardingequivalence class is a group of IP packets forwarded in the same manner, over thesame path, with the same forwarding treatment.

■ Routers still rely on Layer 3 routing protocols for determining the path a packetshould take. However, routing information, along with VPN, traffic engineering, andQoS information, is sent to the data plane to build a label forwarding informationbase (LFIB) for optimal forwarding performance.

Note The commands that follow are based on the IETF Label Distribution Protocol(LDP) that uses a different syntax for commands than the older proprietary TagDistribution Protocol (TDP). Prior to Cisco IOS Software Release 12.4(2)T, LDP-relatedcommands were saved in the configuration in the older syntax. Starting with Cisco IOSSoftware Release 12.4(2)T, commands are saved in the configuration as they are entered.

Configuration

1. (Required) Enable Cisco Express Forwarding (CEF):

(global) ip cef [distributed]

CEF must be enabled on all routers running MPLS and on interfaces receiving unla-beled IP packets. Core routers do not perform CEF switching but must have CEFenabled globally to exchange labels. Enter the distributed keyword if your routersupports distributed CEF (dCEF). Use dCEF when you want your line cards (forexample, VIP cards) to perform the express forwarding so that the route processor(RP) can handle routing protocols.

Note dCEF is not compatible with the RSVP. If you plan on configuring MPLS trafficengineering with RSVP, you must use CEF and not dCEF.

Chapter 10: Multiprotocol Label Switching 361

Se

ctio

n 1

0-1

2. (Required) Start MPLS packet switching:

(global and interface) mpls ip

You must enable MPLS forwarding both globally and on the router interfaces forwhich you want to participate in MPLS forwarding. This command enables labelswitching of IPv4 packets according to normally routed paths. (Additional configura-tion is needed to support traffic engineering, QoS, and VPNs.) When this commandis entered, Label Distribution Protocol (LDP) hello and keepalives are sent andreceived on the interfaces enabled for MPLS.

3. (Optional) Select the distribution protocol either globally or on a particular interface:

(global) mpls label protcol {ldp | tdp}

-or-

(interface) mpls label protocol {ldp | tdp | both}

Starting with Cisco IOS Software Release 12.4(3), the default protocol changed fromCisco Tag Distribution Protocol (TDP) to the IETF LDP. When changing the proto-col on an interface, you have the option of enabling both TDP and LDP. LSRs mustrun the same distribution protocol to establish a peer session and exchange labelinformation.

4. (Optional) Manually configure the LDP identifier:

(global) mpls ldp router-id interface [force]

MPLS-enabled routers identify themselves in LDP messages using an identifier. Bydefault, the identifier is the highest IP address of all loopback interfaces. If there areno loopback interfaces, the router uses the highest IP address of all active interfaces.You can manually configure the LDP identifier with this command. The router thenuses whatever IP address is configured on the interface you specify. The IP addressentered must be reachable by adjacent LSRs. A common symptom of having anunreachable LDP ID IP address is that the forwarding information base (FIB) is popu-lated, but there is no information in the label information forwarding base (LFIB). Bydefault, a router ID is not changed until the interface currently used for the router IDis shut down, the IP address on that interface changes or is removed, or the router isrebooted. You can use the force keyword to force the router to change the router ID.

5. (Optional) Enable the distribution of labels associated with the IP default route:

(global) mpls ip default-route

By default, Cisco routers will not distribute labels for the IP default route. Enter thiscommand to enable dynamic switching of labels for a router’s default route.

6. (Optional) Enable MD5 authentication between peers:

(global) mpls ldp neighbor ip-address password password-string

MD5 authentication can be configured to verify TCP communication between twoLDP peers. Both peers must be configured to use the same password.


Fa0/1Fa0/0Fa0/1Fa0/0 Fa0/1Fa0/0

Router BRouter A Router C

2.2.2.21.1.1.1 3.3.3.3

Figure 10-1 Basic MPLS Configuration Example

7. (Optional) Enable the MPLS LDP autoconfiguration feature for OSPF interfaces:

(router) mpls ldp autoconfig [area area-id]

Normally, you must enter the mpls ip command both globally and on each interfacefor which you want to send and receive LDP packets. This process might be time-consuming and prone to human errors when configuring a router with many inter-faces. The autoconfiguration feature helps with these issues by automaticallyenabling LDP on every interface associated with an OSPF or IS-IS instance. Notethat you still need to enable LDP globally. When configuring LDP autoconfigurationfor OSPF, you can choose to only enable LDP for interfaces belonging to a particulararea by entering the area keyword followed by the area number.

8. (Optional) Enable the MPLS LDP autoconfiguration feature for IS-IS interfaces:

(router) mpls ldp autoconfig [level-1 | level-2]

Like autoconfiguration for OSPF, you must first enter the global mpls ip commandbefore you can allow the autoconfiguration feature. Optionally, you can allow auto-configuration on interfaces configured for level-1 or level-2 routing by entering thelevel-1 or level-2 keywords, respectively.

Example

Figure 10-1 is used for this example. The three routers are configured for MPLS withmanually configured LDP identifiers and MD5 peer authentication. Additionally, RouterBis configured for OSPF autoconfiguration for Area 0, and LDP is disabled on RouterA’sFastEthernet0/0 interface.

RouterA

hostname RouterA

!

ip cef

mpls ip

mpls ldp router-id 1.1.1.1

mpls ldp neighbor 2.2.2.2 password C1sc0

!

interface fastethernet0/0

ip address 172.16.0.1 255.255.0.0

no mpls ip

!


Se

ctio

n 1

0-1


ip address 172.17.0.1 255.255.0.0

mpls ip

!

interface loopback 0

ip address 10.1.1.1 255.255.255.255

!


ip address 1.1.1.1 255.255.255.255

!

router ospf 1

router-id 10.1.1.1

network 172.16.0.0 0.0.255.255 area 0

network 172.17.0.0 0.0.255.255 area 0

network 10.1.1.1 0.0.0.0 area 0

network 1.1.1.1 0.0.0.0 area 0

RouterB

hostname RouterB

!

mpls ip




!


ip address 172.17.0.2 255.255.0.0

!


ip address 172.18.0.1 255.255.0.0

!

interface loopback0

ip address 10.2.2.2 255.255.255.255

!

interface loopback1

ip address 2.2.2.2 255.255.255.255

!

router ospf 1

router-id 10.2.2.2

network 172.17.0.0 0.0.255.255 area 0

network 172.18.0.0 0.0.255.255 area 0

network 10.2.2.2 0.0.0.0 area 0

network 2.2.2.2 0.0.0.0 area 0

mpls ldp autoconfig area 0


RouterC

hostname RouterC

!

mpls ip



!


ip address 172.18.0.2 255.255.0.0

mpls ip

!


ip address 172.19.0.1 255.255.0.0

mpls ip

!

interface loopback0

ip address 10.3.3.3 255.255.255.255

!

interface loopback1

ip address 3.3.3.3 255.255.255.255

!

router ospf 1

router-id 10.3.3.3

network 172.18.0.0 0.0.255.255 area 0

network 172.19.0.0 0.0.255.255 area 0

network 10.3.3.3 0.0.0.0 area 0

network 3.3.3.3 0.0.0.0 area 0

10-2: MPLS Traffic Engineering

Service providers can use traffic engineering on MPLS-enabled routers to route a cus-tomer’s network traffic based on throughput and delay. Traffic engineering (TE) tunnelsare created for label switch paths (LSP) using the RSVP. A tunnel interface represents thehead of the LSP and is configured with a set of resource requirements (for example,bandwidth requirements, media requirements, and priority):

■ Topology and resource information is flooded using either IS-IS or OSPF. Traffic engi-neering extensions are added to the routing process to enable MPLS traffic engineering.

■ IS-IS routers must be configured to use the new style of IS-IS metric to support newtype, length, and value objects (TLV) for traffic engineering. The new TLVs are 22and 135 and have sub-TLVs that enable you to add properties to a link for purposesof traffic engineering.


Se

ctio

n 1

0-2

■ The Shortest Path First (SPF) algorithm used by IS-IS and OSPF chooses the tunnelinterface before choosing an alternative path over main interfaces.

■ Multiple tunnels might be configured to load-share traffic.

Configuration

1. (Required) Allow CEF and LDP as explained in Section 10-1.

2. (Required) Allow the MPLS traffic engineering feature:

(global) mpls traffic-eng tunnels

Before you can allow interfaces for traffic engineering, you must first allow trafficengineering globally.

3. (Required) Allow traffic engineering on interfaces:

(interface) mpls traffic-eng tunnels

When you have allowed MPLS traffic engineering globally, you can then allow it oninterfaces. Configuring this command causes its resource information to be floodedinto the appropriate interior gateway protocol (IGP) link-state database (either IS-ISor OSPF). This command also enables the interface to accept traffic engineering tun-nel signaling requests.

4. (Required when using CAC with RSVP) Allow RSVP on an interface and specify theamount of bandwidth to reserve:

(interface) ip rsvp bandwidth [bandwidth]

This command enables the resource reservation protocol (RSVP) on the interface.You must enter this command if you use Call Admission Control (CAC) with RSVP.If you do not specify a bandwidth value, a default bandwidth value of 75 percentwill be used.

5. Configure OSPF for MPLS traffic engineering.

a. (Required) Allow traffic engineering for each area:

(router) mpls traffic-eng area area-number

b. (Required) Set the traffic engineering router identifier:

(router) mpls traffic-eng router-id interface

Unlike OSPF and MPLS router IDs, MPLS traffic engineering will not automati-cally set a router ID. The router ID will be the IP address on the interface youenter in this command. It is recommended that you use a loopback interface andthat it match that of the interface used for the OSPF process router ID. The routerID is flooded to other routers and is used as the tunnel destination IP address.


6. Configure IS-IS for MPLS traffic engineering.

a. (Required) Allow traffic engineering:

(router) mpls traffic-eng {level-1 | level-2}

You can choose to flood traffic engineering into IS-IS level-1 or level-2.

b. (Required) Set the traffic engineering router identifier:

(router) mpls traffic-eng router-id interface

c. (Required) Configure the router to generate and accept new-style TLVs:

(router)metric-style wide

The original metric used by IS-IS does not support traffic engineering. You mustenter this command to support the new type, length, value objects (TLV), andsub-TLVs used for traffic engineering.

Note See RFC 3784, “Intermediate System to Intermediate System (IS-IS) Extensions forTraffic Engineering (TE),” for more on the new TLVs and sub-TLVs used for traffic engi-neering.

7. Create a tunnel interface:

(global) interface tunnel number

This command creates a new tunnel interface.

8. Assign an IP address to the tunnel interface:

(interface) ip unnumbered interface

Tunnel interfaces should be unnumbered because the tunnel interface represents aunidirectional link. It is recommended that you use a loopback interface for theinterface value.

9. Set the tunnel destination IP address:

(interface) tunnel destination ip-address

The tunnel destination IP address should be set to the far-end router’s IP address thatwas configured with the mpls traffic-eng router-id command under the IS-IS orOSPF router process.

10. Set the tunnel type to MPLS traffic engineering:

(interface) tunnel mode mpls traffic-eng

There are many types of tunnel interfaces (for example, GRE, 6to4, and so on), soyou must manually set the interface type.

11. Configure the bandwidth for the tunnel:

(interface) tunnel mpls traffic-eng bandwidth bandwidth


Se

ctio

n 1

0-2

The range of valid bandwidth values is 1–4294967295.

12. Configure a dynamic or explicit path option:

(interface) tunnel mpls traffic-eng path-option number { dynamic | explicit

{name path-name | identifier path-number}}

You can configure the tunnel to be dynamic, meaning the router will rely on the IS-IS or OSPF routing information to determine the best path for the tunnel. You canalso manually define the path using the explicit option. If you choose to explicitlymap out the tunnel path, you need to enter either a name or identifier to referencethe configured path. The steps for configuring an explicit path follow:

a. Configure the explicit path (if applicable).

■ Enter IP explicit path configuration mode:

(global) ip explicit-path {name path-name | identifier path-number}

The path-name or path-number should match what you configured with thetunnel mpls traffic-eng path-option command earlier.

■ Enter the IP addresses for each hop:

(explicit-path-configuration) next-address [loose | strict] ip-address

Enter the next IP addresses one at a time for the path you want the tunneled trafficto take. The loose and strict keywords are optional. The loose option tells therouter that the previous address in the explicit path does not need to be directlyconnected to the next address. The router is therefore free to determine the pathfrom the previous address to the next. The strict option tells the router that theprevious address must be directly connected to the next address.

Note The next IP address can be either the link (interface) IP address of the next-hoprouter or the MPLS node address (set with the mpls traffic-eng router-id interface routerprocess command). However, for Cisco IOS releases 12.4(24)T and earlier, you cannot use alink address as the first hop followed by node addresses for subsequent hops. You do nothave this restriction for releases after 12.4(24).

13. Allow the IGP (that is, IS-IS or OSPF) to use the tunnel when performing its SPFroute calculation:

(interface) tunnel mpls traffic-eng autoroute announce

The only way to forward traffic onto a tunnel is to allow this feature or to configurea static route to the interface.

14. (Optional) Manually configure the metric used by the SPF calculation:

(interface) tunnel mpls traffic-eng autoroute metric absolute metric


Lo 1.1.1.1 Lo 3.3.3.3

Lo 4.4.4.410.1.1.4/3010.1.1.8/30

10.1.1.12/30

10.1.1.16/30

Lo 2.2.2.2

Tunnel

Router A Router C

Router B

Router D

Figure 10-2 MPLS Traffic Engineering Example

You can allow the IGP to automatically assign the metric for the tunnel or manuallyconfigure the metric value using this command.

Example

Figure 10-2 is used for this example. RouterA is configured for MPLS traffic engineering.An explicit tunnel is configured with a backup dynamic tunnel. The tunnel is configuredwith a metric of 10 and announced to IS-IS so that IS-IS will consider the tunnel when itperforms its SPF calculation.

hostname RouterA

!

ip cef

mpls ip


mpls traffic-eng tunnels

!


ip address 10.1.1.5 255.255.255.252

mpls ip

ip router isis

mpls traffic-eng tunnels

ip rsvp bandwidth 512

!


ip address 1.1.1.1 255.255.255.255


Se

ctio

n 1

0-3

ip router isis

!

router isis

net 49.0001.0000.0000.0001.00

is-type level-1

metric-style wide

mpls traffic-eng router-id loopback 0

mpls traffic-eng level-1

!

interface tunnel 0

ip unnumbered loopback 0

tunnel destination 4.4.4.4

tunnel mpls traffic-eng bandwidth 512

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng autoroute metric absolute 10

tunnel mpls traffic-eng path-option 1 explicit name TUNNEL

tunnel mpls traffic-eng path-option 2 dynamic

!

ip explicit-path name TUNNEL

next-address 2.2.2.2

next-address 4.4.4.4

10-3: MPLS Virtual Private Networks (VPN)

■ MPLS virtual private networks (VPN) offer greater scalability than Frame Relay orATM overlay VPN solutions.

■ MPLS VPNs have a separate routing and forwarding (VRF) instance for each customer.

■ Each VRF has a 64-bit route distinguisher (RD) to keep each customer’s IP subnetseparate from other routing and forwarding tables.

■ Routers maintain a global routing table that is used to reach other routers in theprovider’s network.

■ BGP route target communities are used to exchange route information between routers.

■ There is a separate CEF and routing table for each VRF.

Configuration

1. Configure MPLS according to Section 10-1.

2. Create the VRF and enter into VRF configuration mode:

(global) ip vrf name

Every customer will have their own VRF.


Table 10-1 RD Formats

Format Example

16-bit autonomous system number: a 32-bit number 65501:1

32-bit IP address: a 16-bit number 192.168.0.1:1

3. Create a route distinguisher for the VRF:

(vrf) rd route-distinguisher

You must configure a route distinguisher for the VRF to be functional. This com-mand adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix. The RDcan be entered in one of the two formats shown in Table 10-1.

4. Create a route target for import, export, or both import and export:

(vrf) route-target {import | export | both} route-target-community-number

This command creates a list of import and export route target extended communi-ties for the VRF. Learned routes that carry the same extended community number asthe route-target-community-number you configure can be either imported into theVRF or exported out of the VRF (or both). Extended communities follow the sameformat as RDs.

5. Associate the VRF with an interface facing a customer edge (CE) router:

(interface) ip vrf forwarding vrf-name

This command associates the VRF instance you created earlier in Step 2 with aninterface. Configuring this command removes the IP address so you need to recon-figure the IP address after applying this command.

6. Configure the VRF instance under the BGP process:

a. Enter BGP configuration mode:

(global) router bgp autonomous-system-number

b. Enter the address family configuration mode for the VRF instance:

(router) address-family ipv4 vrf vrf-name

Enter the VRF name you created earlier in Step 2.

c. Configure the customer edge neighbor:

(address-family) neighbor ip-address remote-as autonomous-system-number

This command goes on the provider edge (PE) router and associates the VRFcreated in Step 2 with the BGP neighbor defined here under the VRF addressfamily mode.


Se

ctio

n 1

0-3

d. Activate the CE BGP neighbor:

(address-family) neighbor ip-address activate

7. Configure the provider edge (PE) to provider edge (PE) routing:

a. Enter BGP configuration mode:

(global) router bgp autonomous-system-number

b. Configure the PE BGP neighbor:

(router) neighbor ip-address remote-as autonomous-system-number

There is a separate VRF instance for each customer and a global routing table. Theglobal routing is created here by defining the BGP peers within the provider.

c. Activate the PE BGP neighbor:

(router) neighbor ip-address activate

d. Enter the vpn4 unicast address family:

(router) address-family vpnv4 unicast

This address family configures an IPv4 unicast VPN routing instance that enablesthe PE routers to exchange BGP information with each other while still remainingseparate from the customers’ VRF instances.

e. Define and activate the PE BGP neighbors:

(address-family) neighbor ip-address remote-as autonomous-system-number

(address-family) neighbor ip-address activate

f. Allow extended communities for the PE BGP neighbor:

(address-family) neighbor ip-address send-community extended

Configuring this command activates support for extended communities. Extendedcommunities are necessary for route targets to work with VRFs.

Note For more on BGP configuration, see Chapter 6, “IP Routing Protocols.”

Example

Figure 10-3 is used in this example. The configuration that follows shows the configura-tion on the PE1 router. A VRF instance is created for Customer_A and Customer_B. ForCustomer_A, the router is configured to both import and export all routes tagged withthe extended community 100:1. For Customer_B, the router is configured to both importand export all routes tagged with the extended community 100:2:

hostname PE1

!

ip cef

!


Provider AS100

Customer_A

Customer_B

PE1 PE2

CustB_1

CustA_1

Customer_A

Customer_B

CustB_2

CustA_2

Figure 10-3 MPLS VPN Example

ip vrf Customer_A

rd 100:1

route-target both 100:1

!

ip vrf Customer_B

rd 100:2

route-target both 100:2

!

interface serial0/0

ip address 192.168.1.5 255.255.255.252

mpls ip

description Link to PE

!

interface serial0/1

ip address 192.168.1.9 255.255.255.252

description Link to Customer_A

ip vrf forwarding Customer_A

!

interface serial0/2

ip address 192.168.1.13 255.255.255.252

description Link to Customer_B

ip vrf forwarding Customer_B

!

router bgp 100

neighbor 192.168.1.6 remote-as 100

neighbor 192.168.1.6 activate

address-family vpnv4 unicast



neighbor 192.168.1.6 send-community extended


address-family ipv4 unicast vrf Customer_A

redistribute connected



address-family ipv4 unicast vrf Customer_B

redistribute connected



References

Refer to the following recommended sources for further technical information about theMPLS topics covered here:

Definitive MPLS Network Designs, by Jim Guichard, Francois Le Faucheur, and Jean-Philippe Vasseur, Cisco Press, ISBN 1587051869.

MPLS Configuration on Cisco IOS Software, by Umesh Lakshman and Lancy Lobo,Cisco Press, ISBN 1587051990.

MPLS Fundamentals, by Luc DeGhein, Cisco Press, ISBN 1587051974.

MPLS and VPN Architectures, by Ivan Pepelnjak, Cisco Press, ISBN 1487050021.

MPLS and VPN Architectures, Volume II, by Ivan Pepelnjak, Jim Guichard, and JeffApcar, Cisco Press, ISBN 1587051125.

RFC 2547, “BGP/MPLS VPNs.”

RFC 2702, “Requirements for Traffic Engineering Over MPLS.”

RFC 2917, “A Core MPLS IP VPN Architecture.”

RFC 3031, “Multiprotocol Label Switching Architecture.”

RFC 3034, “Use of Label Switching on Frame Relay Networks Specification.”

RFC 3036, “LDP Specification.”

RFC 3063, “MPLS Loop Prevention Mechanism.”

RFC 3032, “MPLS Label Stack Encoding.”

RFC 3209, “RSVP-TE: Extensions to RSVP for LSP Tunnels.”

RFC 3784, “Intermediate System to Intermediate System (IS-IS) Extensions for TrafficEngineering.”

This page intentionally left blank

Index

Numerics

56/64 CSU/DSU connections, 555-556

6to4 tunnels, configuring, 222

A

AAA (Authentication, Authorization,and Accounting), configuring, 429-438

access lists

extended IP access lists, configuring,522-525

IPv6 access lists, configuring, 533-538

Lock and Key, configuring, 442-446

reflexive, configuring, 446-448

regular expressions, configuring,539-541

standard IP access lists, configuring,521-531

standard MAC address access lists,configuring, 532-533

access to router, configuring, 12-13

accessing privileged mode, 14-15

accounting, configuring, 436-437

address spoofing, 427-428

administrative distance, 294

default administrative distances, 307

aggregatable global addresses, 197

alias commands, 27-28

APS (Automatic ProtectionSwitching), configuring on POSinterfaces, 93-94

ARP (Address Resolution Protocol),configuring, 154-158

assigned IP protocols, 577-586

ATM (Asynchronous Transfer Mode),configuring, 110-117

attack signatures, 459-470

authentication, configuring, 433-435

authentication proxy, configuring,438-442

authorization, configuring, 435-436

AutoQoS, configuring, 353-357

AutoSecure, configuring, 473-474

B

back-to-back router connections,553-556

bandwidth, voice call requirements,380

Bc (Committed Burst Rate), 95

Be (Excess Burst Rate), 95

BECN (Backward Explicit CongestionNotification), 96

best path selection, BGP, 258

BGP (Border Gateway Protocol)

best path selection, 258

configuring, 257-270

policy propagation, configuring,330-332

BRI, configuring, 131-133

broadcast handling, configuring, 158-160

buffer management, 56-61

C

cabling distance limitations, 551-553

call fallback, configuring, 392-394

CAR (committed access rate), configuring, 342-343

CBAC (Content-Based AccessControl), configuring, 451-457

changing virtual configuration register settings, 569-576

channelized E1/T1 interfaces, configuring, 84-85

chat scripts, 126-128

choosing a Cisco IOS Softwarerelease, 546-548

CIR (Committed Information Rate),95

Cisco IOS IPS (Intrusion PreventionSystem), 458-471



Cisco IOS Packaging Initiative, 543

Cisco IOS Software

filenaming convention, 548-550

releases, 544-545

choosing, 546-548

numbering, 545-546

CoA (care of address), 211

command history, 4

commands

alias, 27-28

entering, 3

output, filtering, 4-6

show version, 71

configuration modes, 1, 2

configuration rollback, 25-26

configuring

access lists

extended IP access lists, 522-525

IPv6 access lists, 533-538

named access lists, 525-527

OGACL, 527-528

regular expressions, 539-541

standard IP access lists, 521-531

standard MAC address accesslists, 532-533

access to router, 12-13

CDP, 28-29

channelized E1/T1 interfaces, 84-85

Cisco IOS IPS, -471

DDR, 133-141

dial backup, 141-143

632 back-to-back router connections

dialer watch, 143-144

distance vector routing protocols

BGP, 257-270

EIGRP, 234-239

RIP, 232-233

H.323

gatekeepers, 408-415

gateways, 405-408

interfaces

ATM, 110-117

Ethernet, 74-75

FDDI, 76

Frame Relay, 95-104

loopback, 77

null, 77

synchronous serial interfaces,82-91

VLAN, 78-79

IP addressing

ARP, 154-158

broadcast handling, 158-160

DHCP, 167-172

HSRP, 160-165

Mobile IP, 172-178

NAT, 178-185

SLB, 185-192

VRRP, 165-166

IP multicast

IGMP, 280-284

IPv6 multicast, 290-292

MBGP, 284-287

IP route processing

load balancing, 308-309

manual route configuration,294-295

policy routing, 296-298

route filtering, 305-308

route redistribution, 298-305

IPv6 addressing, 198

DHCPv6, 199-202

GLBPv6, 202-207

HSRP version 2, 208-211

Mobile IPv6, 211-214

NAT-PT, 215-220

tunneling, 221-224

IPv6 EIGRP, 239-242

IPv6 IS-IS, 257

IPv6 RIP, 233-234

ISDN

BRI, 131-133

PRI, 129-131

IVR, 415-417

link-state routing protocols

IS-IS, 252-257

OSPF, 242-250

logging, 34-37

login authentication, 13-14

MBGP, 270

modems, 122-128

MPLS, 363-364

TE, 364-369

VPNs, 369-373

NTP, 30-34

ODR, 146-147

OSPFv3, 250-252

PIM, 277-280

POS (Packet-Over-SONET) interfaces, 91-95

PPP, 148-152

QoS

AutoQoS, 353-357

CAR, 342-343

configuring 633

CQ, 333-337

CRTP, 352-353

FRTS, 345-347

GTS, 344-345

LFI, 351-352

MQC, 314-321

NBAR, 322-327

PBR, 327-329

policy propagation, 330-332

PQ, 332-333

RSVP, 348-351

for voice, 376-381

for VPNs, 329-330

WFQ, 337-340

WRED, 340-341

SAA, 47-56

security

AAA, 429-438

authentication proxy, 438-442

AutoSecure, 473-474

CBAC, 451-457

CoPP, 471-473

Lock and Key, 442-446

login timing options, 425-426

TCP Intercept, 448-451

session menus, 16-18

snapshot routing, 145-146

SNMP, 38-47

switching, Frame Relay, 105-109

system banners, 15-16

system buffers, 57-61

telephony, SRS (Survivable RemoteSite) Telephony, 417-421

tunnel interfaces, 79-81

voice ports, 382-395

call fallback, 392-394

trunk connections, 390-392

VPNs

DMVPN, 504-514

high availability, 493-504

IKE, 476-483

IPSec VPN tunnels, 483-492

SSL VPNs, 514-517

connector pinouts, 554

context-sensitive help, 3-4

controlling access to routers, 424-425

CoPP (Control Plane Policing), configuring, 471-473

CQ (custom queuing), configuring,333-337

crashes, troubleshooting, 69

CRTP (Compressed Real-TimeProtocol), configuring, 352-353

crypto maps, 486-490

D

DDR (Dial-on-Demand Routing), configuring, 133-141

DE (Discard Eligible), 96

debugging output, 65-67

default administrative distances, 307

default routes, configuring, 294-295

deleting files from flash, 22-23

DHCP (Dynamic Host ConfigurationProtocol), configuring, 167-172

DHCPv6, configuring, 199-202

dial backup, configuring, 141-143

dial peers, configuring, 395-405

dialer watch, configuring, 143-144

dial-up networks, routing over, 144-147

DiffServe, 313

634 configuring

directed broadcast, configuring, 158-160

disabling unnecessary services, 428-429

distance limitations for cabling, 551-553

distance vector routing protocols

BGP


policy propagation, configuring, 330-332

EIGRP, configuring, 234-239

RIP, 232-233

DLCI (Data Link ConnectionIdentifier), 95

DMVPN (Dynamic Multipoint VPN),configuring, 504-514

DoS attacks, preventing with TCPIntercept, 448-451

DPD (dead peer detection), configuring, 494

DSCP byte format, 313

dynamic port numbers, 587-599

E

Early Deployment releases, 546

EIGRP (Enhanced Interior GatewayRouting Protocol), configuring,234-239

enabling web browser interface, 18-19

Ethernet

connections, 555

interfaces, configuring, 74-75

type codes

extended IP access lists, configuring,522-525

extended ping, 62-63

F

FDDI interfaces, configuring, 76

FECN (Forward Explicit CongestionNotification), 96

file management, related commands,26-27

file systems, navigating, 19-21

filenaming convention (Cisco IOSSoftware), 548-550

files, deleting from flash, 22-23

filtering command output, 4-6

flash memory, deleting files from, 22-23

Frame Relay

interfaces, configuring, 95-104

switching, configuring, 105-109

FRTS (Frame Relay Traffic Shaping),configuring, 345-347

G

gatekeepers (H.323), configuring,408-415

gateways (H.323), configuring, 405-408

GLBPv6 (Gateway Load BalancingProtocol Version 6), 202-207

GRE tunnels, configuring, 221-222

GTS (Generic Traffic Shaping), configuring, 344-345

H

H.323

gatekeepers, configuring, 408-415

gateways, configuring, 405-408

H.323 635

high availability for VPNs, configuring, 493-504

HSRP (Hot Standby Routing Protocol)


for IPSec VPNs, configuring, 495

HSRP version 2, configuring, 208-211

hub and spoke topologies, DMVPNconfiguration, 504-514

I

IANA (Internet Assigned NumbersAuthority)

well-known IP port numbers, 587-599

well-known IP protocol numbers,577-586

ICMP (Internet Control MessageProtocol) type codes, 601-604

IGMP (Internet Group ManagementProtocol), 276


IK (Internet Key Exchange), configuring, 476-483

image files, naming conventions, 548-550

interfaces, configuring

ATM, 110-117

Ethernet, 74-75

FDDI, 76

Frame Relay, 95-104

loopback, 77

null, 77

POS, 91-95

synchronous serial interfaces, 82-91

tunnel interfaces, 79-81

VLAN, 78-79

IP addressing

ARP, configuring, 154-158

broadcast handling, 158-160

DHCP, configuring, 167-172

HSRP, configuring, 160-165

Mobile IP, configuring, 172-178

NAT, configuring, 178-185

SLB, configuring, 185-192

unicast addresses, 197

VRRP, configuring, 165-166

IP multicast

IGMP, configuring, 280-284

IPv6 multicast, configuring, 290-292

MBGP, configuring, 284-287

MSDP, configuring, 287-290

PIM, 279-280


well-known IP multicast addresses,605-617

IP route processing

load balancing, configuring, 308-309

manual route configuration, 294-295

policy routing, configuring, 296-298

route filtering, configuring, 305-308

route redistribution, configuring,298-305

IPSec VPN tunnels, configuring, 483-492

IPSec VPNs, HSRP, 495

IPv6 access lists, configuring, 533-538

IPv6 addressing, 196-198

configuring, 198

DHCPv6, configuring, 199-202

GLBPv6, configuring, 202-207

HSRP version 2, configuring, 208-211

636 high availability for VPNs, configuring

NAT-PT, configuring, 215-220

tunneling, configuring, 221-224

IPv6 EIGRP, configuring, 239-242

IPv6 IS-IS, configuring, 257

IPv6 multicast, configuring, 290-292

IPv6 RIP, configuring, 233-234

ISATAP tunnels, configuring, 222-223

ISDN, 128-133

BRI, configuring, 131-133

PRI, configuring, 129-131

IS-IS, configuring, 252-257

IVR (Interactive Voice Response),configuring, 415-417

L

Layer 2 switching, MPLS configuration, 363-364

LFI (Link Fragmentation andInterleaving)


recommended packet sizes, 379

link efficiency mechanisms, 351-353

link-local addresses, 197

link-state routing protocols

IS-IS, configuring, 252-257

OSPF, configuring, 242-250

LLQ (Low Latency Queuing), 379

load balancing, configuring, 308-309

local voice busyout, configuring, 394-395


logging, 34-38

configuring, 34-37

verifying, 37-38

login authentication, configuring, 13-14

login timing options, configuring,425-426

loopback interfaces, configuring, 77

lost passwords, recovering, 561-568

M

manual route configuration, 294-295

MBGP (Multiprotocol BGP)

configuring, 270, 284-287

memory, buffer management, 56-61

MIB structure (SNMP), 557-559

Mobile IP, configuring, 172-178

Mobile IPv6, configuring, 211-214

modems

chat scripts, 126-128


monitoring, router activity, 69

moving system files, 23-25

MPLS (Multiprotocol LabelSwitching)


TE, configuring, 364-369

VPNs, configuring, 369-373

MQC (modular QoS command-lineinterface), configuring, 314-321

MSDP (Multicast Source DiscoveryProtocol), configuring, 287-290

N

named access lists, configuring, 525-527

NAT (Network Address Translation),configuring, 178-185

NAT (Network Address Translation), configuring 637

NAT-PT (Network AddressTranslation-Protocol Translation),configuring, 215-220

navigating file systems, 19-21

NBAR (Network-Based ApplicationRecognition), configuring, 322-327

network management, SNMP MIBstructure, 557-559

network media, distance limitations,551-553

NTP (Network Time Protocol), configuring, 30-34

null interfaces, configuring, 77

O

ODR (On-Demand Routing), configuring, 146-147

OGACL (Object Groups for ACLs),configuring, 527-528

OSPF (Open Shortest Path First), configuring, 242-250

OSPFv3, configuring, 250-252

output, debugging, 65-67

P

passwords, recovering, 561-568

pattern matching, configuring regularexpressions, 539-541

PBR (Policy-Based Routing), configuring, 327-329

performance, SAA configuration, 47-56

PIM (Protocol IndependentMulticast), 279-280


ping, 62

policy propagation, configuring, 330-332

policy routing, configuring, 296-298

Poor Man’s Sniffer, 67-69

POS (Packet-Over-SONET) interfaces,configuring, 91-95

PPP (Point-to-Point Protocol), configuring, 148-152

PQ (priority queuing), configuring,332-333

preventing

DoS attacks with TCP Intercept, 448-451

password recovery, 568

PRI, configuring, 129-131

private port numbers, 587-599

privileged EXEC mode, 2

privileged mode, accessing, 14-15

Q

QoS (Quality of Service)

AutoQoS, configuring, 353-357

CAR, configuring, 342-343

CQ, configuring, 333-337

CRTP, configuring, 352-353

DiffServe, 313

FRTS, configuring, 345-347

GTS, configuring, 344-345

LFI, configuring, 351-352

MQC, configuring, 314-321

NBAR, configuring, 322-327

PBR, configuring, 327-329

PQ, configuring, 332-333

RSVP, configuring, 348-351

for voice, configuring, 376-381

for VPNs, configuring, 329-330

WFQ, configuring, 337-340

WRED, configuring, 340-341

638 NAT-PT (Network Address Translation-Protocol Translation), configuring

R

recovering lost passwords, 561-568

reflexive access lists, configuring,446-448

registered port numbers, 587-599

regular expressions, configuring,539-541

RIP (Routing Information Protocol),configuring, 232-233

route filtering, configuring, 305-308

route redistribution, configuring,298-305

routers

controlling access to, 424-425

monitoring activity, 70-71

routing over dial-up networks, 144-147

routing protocols

MPLS, configuring, 364-369

redistribution, configuring, 298-305

RRI (Reverse Route Injection), configuring, 494-495

RSVP (Resource ReservationProtocol), configuring, 348-351

S

SAA (Service Assurance Agent), configuring, 47-56

scripting, Tcl, 619-620

secure shell connections, 10-12

security, 423-424

AAA, configuring, 429-438

address spoofing, preventing, 427-428

authentication proxy, configuring,438-442

AutoSecure, configuring, 473-474

CBAC, configuring, 451-457

Cisco IOS IPS, 458-471



controlling access to routers, 424-425

CoPP, configuring, 471-473


login timing options, configuring,425-426

reflexive access lists, configuring,446-448

TCP Intercept, configuring, 448-451

unnecessary services, disabling, 428-429

user authentication, 424

warning banners, configuring, 426

services, disabling, 428-429

session menus, configuring, 16-18

show version command, 71

SLB (Server Load Balancing), configuring, 185-192

snapshot routing, configuring, 145-146

SNMP (Simple Network ManagementProtocol)

configuring, 38-47

MIB structure, 557-559

software releases (Cisco IOS), 544-545

spoofed addresses, 427-428

SRS (Survivable Remote Site)Telephony, configuring, 417-421

SSL VPNs, configuring, 514-517

SSO (stateful switchover), configuring, 495-497

SSO (stateful switchover), configuring 639

standard IP access lists, configuring,521-531

standard MAC address access lists,configuring, 532-533

static routes, configuring, 294

switching, Frame Relay configuration,105-109

synchronous serial interfaces, configuring, 82-91

system banners, configuring, 15-16

system buffers, configuring, 57-61

system files, moving, 23-25

system monitoring, SNMP configuration, 38-47

system time, NTP configuration, 30-34

T

T1/E1 CSU/DSU connections, 556

TAC (Technical Assistance Center),71-72

Tcl (Tool Command Language), 619-620

TCP Intercept, configuring, 448-451

TE (Traffic Engineering), configuring,364-369

telephony

dial peers, configuring, 395-405

SRS Telephony, configuring, 417-421

Telnet, 65

terminal sessions, 6-10

ToS byte formats, 313

traceroute, 63-65

traffic inspection, CBAC, 453-457

troubleshooting crashes, 69

troubleshooting tools

extended ping, 62-63

ping, 62

Telnet, 65

traceroute, 63-65

trunk connections, voice port configuration, 390-392

tunnel interfaces, configuring, 79-81

tunneling


IPSec VPN tunnels, configuring,483-492

type codes

Ethernet

ICMP, 601-604

U

unicast addresses (IPv6), 197

unique local addresses, 198

unnecessary services, disabling, 428-429

user authentication, 424

user EXEC mode, 2

user interface modes, 2-3

V

verifying, logging, 37-38

virtual configuration register settings,changing, 569-576

VLAN interfaces, configuring, 78-79

voice ports, 381-395

call fallback, configuring, 392-394

local voice busyout, configuring,394-395

trunk connections, 390-392

640 standard IP access lists, configuring

voice traffic, QoS configuration, 376-381

VPNs

DMVPN, configuring, 504-514

high availability, configuring, 493-504

IKE, configuring, 476-483

IPSec VPN tunnels, configuring,483-492

MPLS, configuring, 369-373

QoS, configuring, 329-330

SSL VPNs, configuring, 514-517

VRRP (Virtual Router RedundancyProtocol), configuring, 165-166

W

warning banners, configuring, 426

web browser interface, enabling, 18-19

well-known IP multicast addresses,I.1-I.593

well-known IP port numbers, 587-599

well-known IP protocol numbers,577-586

WFQ (weighted fair queuing), configuring, 337-340

wildcards, access list regular expressions, 539-540

WRED (weighted random early detection), configuring, 340-341

WRED (weighted random early detection), configuring 641

cisco router configuration handbook · 2012. 7. 27. · ii cisco router configuration handbook...

Documents