cisco router configuration handbook -...
Post on 20-Aug-2018
214 Views
Preview:
TRANSCRIPT
Cisco Router Configuration Handbook Second Edition
Dave Hucaby, CCIE No. 4594
Steve McQuerry, CCIE No. 6108
Andrew Whitaker
Cisco Press
800 East 96th Street
Indianapolis, IN 46240
ii Cisco Router Configuration Handbook
Cisco Router Configuration Handbook, Second Edition
Dave Hucaby, Steve McQuerry, Andrew Whitaker
Copyright © 2010 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by
any means, electronic or mechanical, including photocopying, recording, or by any informa-
tion storage and retrieval system, without written permission from the publisher, except for
the inclusion of brief quotations in a review.
Printed in the United States of America
Second Printing August 2012
Library of Congress Cataloging-in-Publication data is on file.
ISBN-13: 978-1-58714-116-4
ISBN-10: 1-58714-116-7
Warning and Disclaimer
This book is designed to provide information about configuring Cisco routers. Every effort
has been made to make this book as complete and as accurate as possible, but no warranty or
fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems,
Inc. shall have neither liability nor responsibility to any person or entity with respect to any
loss or damages arising from the information contained in this book or from the use of the
discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of
Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been
appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of
this information. Use of a term in this book should not be regarded as affecting the validity of
any trademark or service mark.
iii
Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk pur-chases or special sales, which may include electronic versions and/or custom covers and con-tent particular to your business, training goals, marketing focus, and branding interests. Formore information, please contact: U.S. Corporate and Government Sales 1-800-382-3419corpsales@pearsontechgroup.com
For sales outside the United States, please contact: International Salesinternational@pearsoned.com
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value.Each book is crafted with care and precision, undergoing rigorous development that involvesthe unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regard-ing how we could improve the quality of this book, or otherwise alter it to better suit yourneeds, you can contact us through e-mail at feedback@ciscopress.com. Please make sure toinclude the book title and ISBN in your message.
We greatly appreciate your assistance.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the
Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step,
Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,
Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and
the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
Americas HeadquartersCisco Systems, Inc.
San Jose, CA
Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.
Singapore
Europe HeadquartersCisco Systems International BV
Amsterdam, The Netherlands
Publisher: Paul Boger Manager, Global Certification: Erik Ullanderson
Associate Publisher: Dave Dusthimer Business Operation Manager, Cisco Press: Anand Sundaram
Executive Editor: Brett Bartow Senior Development Editor: Christopher Cleveland
Managing Editor: Sandra Schroeder Project Editor: Seth Kerney
Copy Editor: Apostrophe Editing Services Technical Editors: Steve Kalman, Joe Harris
Editorial Assistant: Vanessa Evans Indexer: WordWise Publishing Services
Book Designer: Louisa Adair Proofreaders: Sheri Cain and Water Crest Publishing
Composition: Mark Shirar
iv Cisco Router Configuration Handbook
Dedications
Dave Hucaby: This book is dedicated to my wife, Marci, and my daughters, Lauren and Kara.I am blessed to have three wonderful girls in the house; their love, encouragement, and sup-port carry me along. God is good!
Steve McQuerry: I dedicate this work to my beautiful wife and love of my life, Becky. Also,to my wonderful children, Katie, Logan, and Cameron. You are all my inspiration. Yourpatience, love, and support give me the courage and strength needed to spend the requiredtime and energy on a project like this. Even through the long hours, I want you to know I loveyou all very much.
v
About the Authors
David Hucaby, CCIE #4594, is a lead network engineer for the University of Kentucky,where he designs, implements, and maintains campus networks using Cisco products. Prior tohis current position, he was a senior network consultant, providing design and implementationconsulting, focusing on Cisco-based VPN and IP telephony solutions. Hucaby has bachelor ofscience and master of science degrees in electrical engineering from the University ofKentucky. He is also the author of CCNP Switching Exam Certification Guide by CiscoPress.
Stephen McQuerry, CCIE #6108, is an instructor and consultant with more than ten years ofnetworking industry experience. He is a certified Cisco Systems instructor (CCSI) and acourse director/developer, teaching routing and switching concepts for Global Knowledge.McQuerry regularly teaches Cisco Enterprise courses. Additionally, he has developed andtaught custom Cisco switching courses. McQuerry holds a bachelor of science degree in engi-neering physics from Eastern Kentucky University. He is also the author of Interconnecting
Cisco Network Devices by Cisco Press.
Andrew Whitaker has been teaching and developing Cisco courses for more than seven yearsand holds the following certifications: CCNP, CCVP, CCSP, CCDP, CCNA:Security, MCT,CEI, CISSP, LPT, CEH, ECSA, MCTS, MCSE, CNE, A+, Network+, Security+, Convergence+,CTP, CICP, CHFI, EMCPA. He is the author of several books, including Penetration Testing
and Network Defense by Cisco Press.
About the Technical Reviewers
Steven Kalman is the principal officer at Esquire Micro Consultants, which offers lecturing,writing, and consulting services. He has more than 30 years of experience in data processing,with strengths in network design and implementation. Kalman is an instructor and author forLearning Tree International. He has written and reviewed many networking-related titles. Heholds CCNA, CCDA, ECNE, CEN, and CNI certifications.
Joe Harris, CCIE No. 6200 (R/S, Security & SP), is a Triple CCIE working for Cisco as a systemsengineer within the Wireline and Emerging Providers organization, where he specializes insecurity and MPLS-related technologies. With more than 16 years of extensive experiencefocusing on advance technologies within the IT arena, Joe has been primarily focused onsupporting various enterprise-sized networks revolving around all aspects of Cisco technology.He has also provided high-end consulting for both large and small corporations, as well aslocal government and federal agencies. Joe holds a bachelor of science degree from LouisianaTech University and resides with his wife and two children in Frisco, Texas.
vi Cisco Router Configuration Handbook
Acknowledgments
Dave Hucaby: I am very grateful for another opportunity to work on a Cisco Press project.Getting to dabble in technical writing has been great fun, a highlight in my career, and a lot ofwork, too! Naturally, these good folks at Cisco Press have gone the extra mile to make writingenjoyable and achievable: Brett Bartow, who kindly accepted my idea for a book like this andkindly prodded us along to meet deadlines we didn’t think we could, and Chris Cleveland,who is a superb development editor. As a matter of fact, every Cisco Press person I have metalong the way has been so nice, encouraging, and excited about their work!
Thanks to our technical reviewers: Steve Kalman and Joe Harris. Working on a book of thisnature has been challenging. The sheer volume and scope of the Cisco IOS Software com-mands and features are a little overwhelming. I truly appreciate reviewers who can help us seea bigger picture of better organization and accuracy while we’re writing in the depths of con-figuration commands. This book is also a testimony to the great number of things you can dowith a router, thanks to the Cisco IOS Software. I don’t know how many hundreds of com-mands we have covered in this book, but we had to leave out many more lesser-used com-mands just to keep a handle on the book’s size and scope. I’m amazed at the robustness of thesoftware and its dynamic nature.
I would like to express my thanks to my friend and coauthor Steve McQuerry. We’ve followedeach other around for many years, and it has been great to work on this project with him.Hopefully, we Kentucky boys can work on more things like this.
Lastly, I would like to acknowledge the person who stole my laptop computer halfwaythrough the first edition of this book project. Whoever you are, you left me a victim of myown lack of current backups. I made up a silly joke many years ago: “A backup is worth a mil-lion bytes, especially if you have to type them all back in.” Indeed.
Steve McQuerry: About 20 years ago, the late Rodger Yockey gave me an opportunity as afield engineer in the computer industry. Since then, several people have been there at keymoments to help my career go in certain directions. I owe a great debt to these people, asthey have helped me reach the level I am at today. It is not often that one has the opportunityto thank those who have been instrumental in molding his career. In addition to Rodger, Iwould like to take a moment to also thank Ted Banner for his guidance and mentoring. I wouldalso like to thank Chuck Terrien for giving me the opportunity to work as an instructor in theCisco product line. I would like to thank Brett Bartow for the opportunity to begin sharingmy experiences with the network community by writing for Cisco Press. Last but not least, Ihave to thank my friend and coauthor, Dave Hucaby. This book was his concept, and I thankhim for the opportunity work with him once again. I hope we will always find a way to con-tinue working together in the future.
Since I began working on book and course projects a couple of years ago, I have a newfoundrespect for what it takes to edit, coordinate, publish, and basically keep authors on track.Behind every Cisco Press book is an incredible staff, and I would be remiss if I did notacknowledge their work. Chris Cleveland, again it has been great working with you. I hopethat we can work together again in the future.
vii
Without the following individuals behind the book, it would be no more than a collection ofjumbled notes and napkin sketches of networking configurations:
The sharp eyes of all our technical editors on the first and this edition: Joe Harris, SteveKalman, Alexander Marhold, and Kevin Turek.
All my students and fellow instructors at Global Knowledge. Your challenges and questionsprovide me with the drive to have a better understanding.
My wife and children for their never-ending patience and understanding during this and all ofmy projects.
Most important, God, for giving me the skills, talents, and opportunity to work in such a chal-lenging and exciting profession.
Andrew Whitaker: I would like to express my thanks to both Dave Hucaby and SteveMcQuerry for this opportunity. Brett Bartow and Chris Cleveland, it is great to work withboth of you again. Finally, to Steve Kalman and Joe Harris, I appreciate how diligently youworked to ensure a quality book.
viii Cisco Router Configuration Handbook
Contents at a Glance
Introduction xxi
Part I: Configuration Fundamentals
Chapter 1 Configuration Basics 1
Chapter 2 Interface Configuration 73
Chapter 3 Dial Solutions 121
Part II: Network Protocols
Chapter 4 IPv4 Addressing and Services 153
Chapter 5 IPv6 Addressing and Services 195
Chapter 6 IP Routing Protocols 227
Chapter 7 IP Multicast Routing 275
Chapter 8 IP Route Processing 293
Part III: Packet Processing
Chapter 9 Quality of Service 311
Chapter 10 Multiprotocol Label Switching 359
Part IV: Voice & Telephony
Chapter 11 Voice and Telephony 375
Part V: Security
Chapter 12 Router Security 423
Chapter 13 Virtual Private Networks 475
Chapter 14 Access Lists and Regular Expressions 519
Appendixes
Appendix A Cisco IOS Software Release and Filename Conventions 543
Appendix B Cabling Quick Reference 551
Appendix C SNMP MIB Structure 557
Appendix D Password Recovery 561
Appendix E Configuration Register Settings 569
Appendix F Well-Known IP Protocol Numbers 577
Appendix G Well-Known IP Port Numbers 587
Appendix H ICMP Type and Code Numbers 601
Appendix I Well-Known IP Multicast Addresses 605
Appendix J Tool Command Language (TCL) Reference 619
Appendix K Ethernet Type Codes 623
Index 631
ix
Contents
Introduction xxi
Part I: Configuration Fundamentals
Chapter 1 Configuration Basics 1
1-1: User Interfaces 1
Configuration 2
Navigating File Systems 19
1-2: File Management 19
Deleting Files from Flash 22
Moving System Files 23
Configuration Rollback 25
Related File Management Commands 26
Alias Commands 27
1-3: Cisco Discovery Protocol (CDP) 28
Configuration 28
Example 29
1-4: System Time 30
Configuration 30
Example 33
1-5: Logging 34
Configuration 34
Verifying Logging 37
Example 37
1-6: System Monitoring 38
Configuration 39
Example 47
1-7: Service Assurance Agent (SAA) 47
Configuration 48
Example 56
1-8: Buffer Management 56
Configuration 57
Example 61
1-9: Some Troubleshooting Tools 61
IP Connectivity Tools: Extended ping 62
IP Connectivity Tools: ping 62
IP Connectivity Tools: traceroute 63
Debugging Output from the Router 65
IP Connectivity Tools: Telnet 65
x Cisco Router Configuration Handbook
Poor Man’s Sniffer 67
Troubleshooting Router Crashes 69
Monitoring Router Activity 70
Getting Assistance from Cisco 71
Information for the Cisco Technical Assistance Center (TAC) 71
Chapter 2 Interface Configuration 73
2-1: Ethernet Interfaces 73
Configuration 74
Example 75
2-2: FDDI Interfaces 76
Configuration 76
Example 76
2-3: Loopback and Null Interfaces 77
Configuration 77
Example 77
2-4: VLAN Interfaces 78
Configuration 78
Example 79
2-5: Tunnel Interfaces 79
Configuration 80
Example 81
2-6: Synchronous Serial Interfaces 82
Configuration 82
Configuring Channelized T1/E1 Serial Interfaces 84
Configuring Synchronous Serial Interfaces 85
Example 91
2-7: Packet-Over-SONET Interfaces 91
Configuration 92
Configuring APS on POS Interfaces 93
Example 94
2-8: Frame Relay Interfaces 95
Configuration 96
Example 104
2-9: Frame Relay Switching 105
Configuration 105
Example 109
2-10: ATM Interfaces 110
Configuration 111
Example 117
xi
Further Reading 118
Ethernet 118
Fast Ethernet 118
Gigabit Ethernet 118
Frame Relay 119
ATM 119
Chapter 3 Dial Solutions 121
3-1: Modems 122
Configuration 122
3-2: ISDN 128
PRI Configuration 129
PRI Example 131
BRI Configuration 131
BRI Example 133
3-3: Dial-on-Demand Routing (DDR) 133
Configuration 134
Example 139
3-4: Dial Backup 141
Dial Backup Configuration 141
Dial Backup Example 142
Dialer Watch Configuration 143
Dialer Watch Example 143
3-5: Routing Over Dialup Networks 144
Snapshot Routing Configuration 145
Snapshot Routing Example 146
ODR Configuration 146
3-6: Point-to-Point Protocol (PPP) 148
Configuration 148
Example 152
Further Reading 152
Part II: Network Protocols
Chapter 4 IPv4 Addressing and Services 153
4-1: IP Addressing and Resolution 154
Configuration 154
Example 157
4-2: IP Broadcast Handling 158
Configuration 158
Example 160
xii Cisco Router Configuration Handbook
4-3: Hot Standby Router Protocol (HSRP) 160
Configuration 161
Example 164
4-4: Virtual Router Redundancy Protocol 165
Configuration 166
Example 166
4-5: Dynamic Host Configuration Protocol (DHCP) 167
Configuration 167
Example 171
4-6: Mobile IP 172
Configuration 173
Example 176
4-7: Network Address Translation (NAT) 178
Configuration 179
Examples 183
4-8: Server Load Balancing (SLB) 185
Configuration 186
Example 190
Chapter 5 IPv6 Addressing and Services 195
5-1: IPv6 Addressing 196
Configuration 198
Example 198
5-2: Dynamic Host Configuration Protocol (DHCP) Version 6 199
Example 201
5-3: Gateway Load Balancing Protocol Version 6 (GLBPv6) 202
Configuration 203
Example 206
5-4: Hot Standby Router Protocol for IPv6 208
Configuration 208
Example 210
5-5: Mobile IPv6 211
Configuration 212
Example 214
5-6: Network Address Translation-Protocol Translation 215
Configuration 216
Example 220
xiii
5-7: Tunneling 221
Configuration 221
Example 223
Chapter 6 IP Routing Protocols 227
6-1: Routing Information Protocol (RIP) 227
Configuration 228
RIP-2-Specific Commands 230
Example 232
6-2: Routing Information Protocol (RIP) for IPv6 233
Example 233
Configuration 233
6-3: Enhanced Interior Gateway Routing Protocol (EIGRP) 234
Configuration 235
Example 238
6-4: Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 239
Configuration 239
Example 242
6-5: Open Shortest Path First (OSPF) 242
Configuration 243
Example 249
6-6: Open Shortest Path First (OSPF) Version 3 (IPv6) 250
Configuration 251
Example 252
6-7: Integrated IS-IS 252
Configuration 253
Example 255
6-8: Integrated IS-IS for IPv6 257
Configuration 257
6-9: Border Gateway Protocol (BGP) 257
Configuration 259
Example 268
6-10: Multiprotocol Border Gateway Protocol (BGP) for IPv6 270
Configuration 270
Example 271
Chapter 7 IP Multicast Routing 275
7-1: Protocol Independent Multicast (PIM) 275
Configuration 277
Example 279
xiv Cisco Router Configuration Handbook
7-2: Internet Group Management Protocol (IGMP) 280
Configuration 281
Example 283
7-3: Multiprotocol BGP (MBGP) 284
Configuration 285
Example 286
7-4: Multicast Source Discovery Protocol (MSDP) 287
Configuration 288
Example 289
7-5: IPv6 Multicast 290
Configuration 290
Example 291
Chapter 8 IP Route Processing 293
8-1: Manually Configuring Routes 293
Configuration 294
Example 295
8-2: Policy Routing 296
Configuration 296
Example 298
8-3: Redistributing Routing Information 298
Configuration 298
Example 304
8-4: Filtering Routing Information 305
Configuration 306
Example 308
8-5: Load Balancing 308
Configuration 308
Example 309
Part III: Packet Processing
Chapter 9 Quality of Service 311
9-1: Modular QoS Command-Line Interface (MQC) 314
Configuration 315
MQC Example 321
9-2: Network-Based Application Recognition (NBAR) 322
Configuration 323
NBAR Example 327
9-3: Policy-Based Routing (PBR) 327
Configuration 328
PBR Example 329
xv
9-4: Quality of Service for VPNs 329
Configuration 329
QoS for VPNs Example 330
9-5: QoS Policy Propagation via BGP 330
Configuration 330
QoS Policy Propagation via BGP Example 331
9-6: Priority Queuing (PQ) 332
Configuration 332
Priority Queuing Example 333
9-7: Custom Queuing (CQ) 333
Configuration 334
Custom Queuing Example 336
9-8: Weighted Fair Queuing (WFQ) 337
Configuration 337
Weighted Fair Queuing Example 339
9-9: Weighted Random Early Detection (WRED) 340
Configuration 340
Weighted Random Early Detection Example 341
9-10: Committed Access Rate (CAR) 342
Configuration 342
Committed Access Rate Example 343
9-11: Generic Traffic Shaping (GTS) 344
Configuration 344
Generic Traffic Shaping Example 345
9-12: Frame Relay Traffic Shaping (FRTS) 345
Configuration 346
Frame Relay Traffic Shaping Example 347
9-13: Use RSVP for QoS Signaling 348
Configuration 348
Using RSVP for QoS Signaling Example 351
9-14: Link Efficiency Mechanisms 351
Configuration 352
Link Efficiency Mechanism Example 353
9-15: AutoQoS for the Enterprise 353
Configuration 354
Example 356
xvi Cisco Router Configuration Handbook
Chapter 10 Multiprotocol Label Switching 359
10-1: Configuring Basic MPLS 359
Configuration 360
Example 362
10-2: MPLS Traffic Engineering 364
Configuration 365
Example 368
10-3: MPLS Virtual Private Networks (VPN) 369
Configuration 369
Example 371
Part IV: Voice & Telephony
Chapter 11 Voice and Telephony 375
11-1: Quality of Service for Voice 376
11-2: Voice Ports 381
Configuration 382
11-3: Dialing 395
Configuration 396
11-4: H.323 Gateways 405
Configuration 406
11-5: H.323 Gatekeepers 408
Configuration 408
Example 414
11-6: Interactive Voice Response (IVR) 415
Configuration 415
11-7: Survivable Remote Site (SRS) Telephony 417
Configuration 417
Example 420
Part V: Security
Chapter 12 Router Security 423
12-1: Suggested Ways to Secure a Router 424
User Authentication on the Router 424
Control Access to the Router Lines 424
Configure Login Timing Options 425
Use Warning Banners to Inform Users 426
Router Management 426
Implement Logging on the Router 427
Control Spoofed Information 427
Control Unnecessary Router Services 428
xvii
12-2: Authentication, Authorization, and Accounting (AAA) 429
Configuration 430
Example 437
12-3: Dynamically Authenticate and Authorize Users with AuthenticationProxy 438
Configuration 439
Example 442
12-4: Controlling Access with Lock and Key Security 442
Configuration 442
Example 445
12-5: Filtering IP Sessions with Reflexive Access Lists 446
Configuration 446
Example 448
12-6: Prevent DoS Attacks with TCP Intercept 448
Configuration 449
Example 451
12-7: Intelligent Filtering with Context-Based Access Control (CBAC) 451
Configuration 451
Example 456
12-8: Detect Attacks and Threats with the IOS Intrusion Prevention System 458
Configuration 458
Example 471
12-9: Control Plane Security 471
Configuration 472
Example 472
12-10: AutoSecure 473
Configuration 473
Example 474
Chapter 13 Virtual Private Networks 475
13-1: Using Internet Key Exchange (IKE) for VPNs 476
Configuration 476
Example 482
13-2: IPSec VPN Tunnels 483
Configuration 484
Example 490
13-3: High Availability Features 493
Configuration 494
Example 497
xviii Cisco Router Configuration Handbook
13-4: Dynamic Multipoint VPN (DMVPN) 504
Configuration 505
Example 511
13-5: Secure Socket Layer VPNs 514
Configuration 515
Example 517
Further Reading 517
Chapter 14 Access Lists and Regular Expressions 519
14-1: IP Access Lists 521
Configuration 521
Examples 530
14-2: MAC Address and Protocol Type Code Access Lists 532
Configuration 532
Examples 533
14-3: IPv6 Access Lists 533
Configuration 534
Examples 538
14-4: Regular Expressions 539
Configuration 539
Examples 540
Appendixes
Appendix A Cisco IOS Software Release and Filename Conventions 543
Appendix B Cabling Quick Reference 551
Appendix C SNMP MIB Structure 557
Appendix D Password Recovery 561
Appendix E Configuration Register Settings 569
Appendix F Well-Known IP Protocol Numbers 577
Appendix G Well-Known IP Port Numbers 587
Appendix H ICMP Type and Code Numbers 601
Appendix I Well-known IP Multicast Addresses 605
Appendix J Tool Command Language (TCL) Reference 619
Appendix K Ethernet Type Codes 623
Index 631
xix
Icons Used in This Book
Throughout this book, you see the following icons used for networking devices:
The following icons are used for peripherals and other devices:
DSU/CSU
Router Bridge Hub DSU/CSU
CatalystSwitch
MultilayerSwitch
ATMSwitch
ISDN/Frame RelaySwitch
CommunicationServer
Gateway AccessServer
PC PC withSoftware
SunWorkstation
Macintosh
Terminal File Server
WebServer
Cisco WorksWorkstation
Printer Laptop IBMMainframe
Front EndProcessor
ClusterController
xx Cisco Router Configuration Handbook
Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventionsused in the IOS Command Reference. The Command Reference describes these conventionsas follows:
■ Boldface indicates commands and keywords that are entered literally as shown. Inactual configuration examples and output (not general command syntax), boldfaceindicates commands that are manually input by the user (such as a show command).
■ Italic indicates arguments for which you supply actual values.
■ Vertical bars (|) separate alternative, mutually exclusive elements.
■ Square brackets ([ ]) indicate an optional element.
■ Braces ({ }) indicate a required choice.
■ Braces within brackets () indicate a required choice within an optional element.
xxi
Introduction
There are many sources of information and documentation for configuring Cisco networkingdevices, but few provide a quick and portable solution for networking professionals. Thisbook is designed to provide a quick-and-easy reference guide for a wide range of commonlyused features that can be configured on Cisco routers. In essence, the subject matter from anentire bookshelf of Cisco IOS Software documentation, along with other networking refer-ence material, has been “squashed” into one handy volume that you can take with you.
This idea for this book began with my study habits for the CCIE written and lab exam. Overtime, I found that I had put together a whole notebook of handwritten notes about how toconfigure a variety of Cisco router features. I also found that I began carrying this notebookwith me into the field as a network consultant. When you’re on the job and someone requiresyou to configure a feature you’re not too familiar with, it’s nice to have your handy referencenotebook in your bag! Hopefully, this book will be that handy reference for you.
Features and Organization
This book is meant to be used as a tool in your day-to-day tasks as a network administrator orengineer. As such, we have avoided presenting a large amount of instructional informa-tion ortheory on the operation of protocols or commands. That is better handled in other textbooksdedicated to a more limited subject matter.
Instead, this book is divided into parts that present quick facts, configuration steps, andexplanations of configuration options for each feature in the Cisco IOS Software.
How to Use This Book
All the information in this book has been designed to follow a quick-reference format. If youknow what feature or technology you want to use, you can turn right to the section that dealswith it. Sections are numbered with a quick-reference index, showing both chapter and sectionnumber. For example, 13-3 is Chapter 13, Section 3. You'll also find shaded index tabs on eachpage, listing the section number, the chapter subject, and the topic dealt with in that section.
Facts About a Feature
Each section in a chapter includes a bulleted list of quick facts about the feature, technol-ogy,or protocol. Refer to these lists to quickly learn or review how the feature works. Immediatelyfollowing, we have placed a note that details what protocol or port number the feature uses. Ifyou are configuring filters or firewalls and you need to know how to al-low or block trafficfrom the feature, look for these notes.
xxii Cisco Router Configuration Handbook
Configuration Steps
Each feature covered in a section includes the required and optional commands used for com-mon configuration. The difference is that the configuration steps are presented in an outlineformat. If you follow the outline, you can configure a complex feature or technol-ogy. If youfind that you don't need a certain feature option, skip over that level in the out-line.
Sample Configurations
Each section includes an example of how to implement the commands and their options. Wehave tried to present the examples with the commands listed in the order you would actuallyenter them to follow the outline. Many times, it is more difficult to study and un-derstand aconfiguration example from an actual router, because the commands are dis-played in a prede-fined order, not in the order you entered them. Where possible, the ex-amples have also beentrimmed to show only the commands presented in the section.
Further Reading
Each chapter ends with a recommended reading list to help you find more in-depth sources ofinformation for the topics discussed.
Chapter 10
Multiprotocol Label Switching
This chapter covers the background and configuration of frame mode Multiprotocol LabelSwitching (MPLS). The following common configurations and features are discussed:
■ 10-1: Configuring Basic MPLS—MPLS is a high-performance packet forwardingtechnology that is based on Layer 2 switching instead of relying only on Layer 3 rout-ing. Routers use labels added between the Layer 2 and Layer 3 headers for forwardingdecisions.
■ 10-2: MPLS Traffic Engineering—Service providers can use traffic engineering onMPLS-enabled routers to route a customer’s network traffic based on throughputand delay. Tunnels are created for label switch paths (LSP) using the ResourceReservation Protocol (RSVP).
■ 10-3: MPLS Virtual Private Networks (VPN)—MPLS VPNs have separate virtualrouting and forwarding (VRF) instances for each customer in addition to a globalrouting table that is used to reach other routers in the provider network. Each VRFhas a 64-bit route distinguisher (RD) to keep each customer’s IP subnet separate fromother routing and forwarding tables. BGP route target communities are used in ex-changing route information between routers.
10-1: Configuring Basic MPLS
Multiprotocol Label Switching (MPLS) is a high-performance packet forwarding tech-nology based on Layer 2 switching instead of Layer 3 routing. Routers are configuredfor MPLS forward frames based on labels instead of traditional Layer 3 IP unicast rout-ing that performs Layer 3 lookups on the destination address at each hop. MPLS labelsare inserted between the Layer 2 and Layer 3 headers and can be pushed (added),popped (removed), swapped, or aggregated (removing the top label and performing aLayer 3 lookup).
360 Cisco Router Configuration Handbook
■ MPLS is attractive to service providers because of its scalability and features.Providers can scale easier with MPLS than using Asynchronous Transfer Mode(ATM) or Frame Relay permanent virtual circuits (PVC). The traffic engineering fea-tures of MPLS enable providers to route traffic not just on a destination address butalso on other factors such as bandwidth requirements and quality of service (QoS).
■ A label switch router (LSR) is any router or switch that implements label distributionand can forward packets based on labels. An edge-LSR is any router that performslabel imposition (push) or label disposition (pop). An ATM LSR is an ATM switchthat can act as an LSR. With ATM LSRs, cell switching is used for the label forward-ing table.
■ MPLS-enabled routers communicate with each other using the Label DistributionProtocol (LDP). LSRs discover each other using hello packets, and peer relationshipsare maintained using keepalives. LSRs share label binding information with otherLSRs. The label bindings build a forwarding equivalence class (FEC). A forwardingequivalence class is a group of IP packets forwarded in the same manner, over thesame path, with the same forwarding treatment.
■ Routers still rely on Layer 3 routing protocols for determining the path a packetshould take. However, routing information, along with VPN, traffic engineering, andQoS information, is sent to the data plane to build a label forwarding informationbase (LFIB) for optimal forwarding performance.
Note The commands that follow are based on the IETF Label Distribution Protocol(LDP) that uses a different syntax for commands than the older proprietary TagDistribution Protocol (TDP). Prior to Cisco IOS Software Release 12.4(2)T, LDP-relatedcommands were saved in the configuration in the older syntax. Starting with Cisco IOSSoftware Release 12.4(2)T, commands are saved in the configuration as they are entered.
Configuration
1. (Required) Enable Cisco Express Forwarding (CEF):
(global) ip cef [distributed]
CEF must be enabled on all routers running MPLS and on interfaces receiving unla-beled IP packets. Core routers do not perform CEF switching but must have CEFenabled globally to exchange labels. Enter the distributed keyword if your routersupports distributed CEF (dCEF). Use dCEF when you want your line cards (forexample, VIP cards) to perform the express forwarding so that the route processor(RP) can handle routing protocols.
Note dCEF is not compatible with the RSVP. If you plan on configuring MPLS trafficengineering with RSVP, you must use CEF and not dCEF.
Chapter 10: Multiprotocol Label Switching 361
Se
ctio
n 1
0-1
2. (Required) Start MPLS packet switching:
(global and interface) mpls ip
You must enable MPLS forwarding both globally and on the router interfaces forwhich you want to participate in MPLS forwarding. This command enables labelswitching of IPv4 packets according to normally routed paths. (Additional configura-tion is needed to support traffic engineering, QoS, and VPNs.) When this commandis entered, Label Distribution Protocol (LDP) hello and keepalives are sent andreceived on the interfaces enabled for MPLS.
3. (Optional) Select the distribution protocol either globally or on a particular interface:
(global) mpls label protcol {ldp | tdp}
-or-
(interface) mpls label protocol {ldp | tdp | both}
Starting with Cisco IOS Software Release 12.4(3), the default protocol changed fromCisco Tag Distribution Protocol (TDP) to the IETF LDP. When changing the proto-col on an interface, you have the option of enabling both TDP and LDP. LSRs mustrun the same distribution protocol to establish a peer session and exchange labelinformation.
4. (Optional) Manually configure the LDP identifier:
(global) mpls ldp router-id interface [force]
MPLS-enabled routers identify themselves in LDP messages using an identifier. Bydefault, the identifier is the highest IP address of all loopback interfaces. If there areno loopback interfaces, the router uses the highest IP address of all active interfaces.You can manually configure the LDP identifier with this command. The router thenuses whatever IP address is configured on the interface you specify. The IP addressentered must be reachable by adjacent LSRs. A common symptom of having anunreachable LDP ID IP address is that the forwarding information base (FIB) is popu-lated, but there is no information in the label information forwarding base (LFIB). Bydefault, a router ID is not changed until the interface currently used for the router IDis shut down, the IP address on that interface changes or is removed, or the router isrebooted. You can use the force keyword to force the router to change the router ID.
5. (Optional) Enable the distribution of labels associated with the IP default route:
(global) mpls ip default-route
By default, Cisco routers will not distribute labels for the IP default route. Enter thiscommand to enable dynamic switching of labels for a router’s default route.
6. (Optional) Enable MD5 authentication between peers:
(global) mpls ldp neighbor ip-address password password-string
MD5 authentication can be configured to verify TCP communication between twoLDP peers. Both peers must be configured to use the same password.
362 Cisco Router Configuration Handbook
Fa0/1Fa0/0Fa0/1Fa0/0 Fa0/1Fa0/0
Router BRouter A Router C
2.2.2.21.1.1.1 3.3.3.3
Figure 10-1 Basic MPLS Configuration Example
7. (Optional) Enable the MPLS LDP autoconfiguration feature for OSPF interfaces:
(router) mpls ldp autoconfig [area area-id]
Normally, you must enter the mpls ip command both globally and on each interfacefor which you want to send and receive LDP packets. This process might be time-consuming and prone to human errors when configuring a router with many inter-faces. The autoconfiguration feature helps with these issues by automaticallyenabling LDP on every interface associated with an OSPF or IS-IS instance. Notethat you still need to enable LDP globally. When configuring LDP autoconfigurationfor OSPF, you can choose to only enable LDP for interfaces belonging to a particulararea by entering the area keyword followed by the area number.
8. (Optional) Enable the MPLS LDP autoconfiguration feature for IS-IS interfaces:
(router) mpls ldp autoconfig [level-1 | level-2]
Like autoconfiguration for OSPF, you must first enter the global mpls ip commandbefore you can allow the autoconfiguration feature. Optionally, you can allow auto-configuration on interfaces configured for level-1 or level-2 routing by entering thelevel-1 or level-2 keywords, respectively.
Example
Figure 10-1 is used for this example. The three routers are configured for MPLS withmanually configured LDP identifiers and MD5 peer authentication. Additionally, RouterBis configured for OSPF autoconfiguration for Area 0, and LDP is disabled on RouterA’sFastEthernet0/0 interface.
RouterA
hostname RouterA
!
ip cef
mpls ip
mpls ldp router-id 1.1.1.1
mpls ldp neighbor 2.2.2.2 password C1sc0
!
interface fastethernet0/0
ip address 172.16.0.1 255.255.0.0
no mpls ip
!
Chapter 10: Multiprotocol Label Switching 363
Se
ctio
n 1
0-1
interface fastethernet0/1
ip address 172.17.0.1 255.255.0.0
mpls ip
!
interface loopback 0
ip address 10.1.1.1 255.255.255.255
!
interface loopback 1
ip address 1.1.1.1 255.255.255.255
!
router ospf 1
router-id 10.1.1.1
network 172.16.0.0 0.0.255.255 area 0
network 172.17.0.0 0.0.255.255 area 0
network 10.1.1.1 0.0.0.0 area 0
network 1.1.1.1 0.0.0.0 area 0
RouterB
hostname RouterB
!
mpls ip
mpls ldp router-id 2.2.2.2
mpls ldp neighbor 1.1.1.1 password C1sc0
mpls ldp neighbor 3.3.3.3 password C1sc0
!
interface fastethernet0/0
ip address 172.17.0.2 255.255.0.0
!
interface fastethernet0/1
ip address 172.18.0.1 255.255.0.0
!
interface loopback0
ip address 10.2.2.2 255.255.255.255
!
interface loopback1
ip address 2.2.2.2 255.255.255.255
!
router ospf 1
router-id 10.2.2.2
network 172.17.0.0 0.0.255.255 area 0
network 172.18.0.0 0.0.255.255 area 0
network 10.2.2.2 0.0.0.0 area 0
network 2.2.2.2 0.0.0.0 area 0
mpls ldp autoconfig area 0
364 Cisco Router Configuration Handbook
RouterC
hostname RouterC
!
mpls ip
mpls ldp router-id 3.3.3.3
mpls ldp neighbor 2.2.2.2 password C1sc0
!
interface fastethernet0/0
ip address 172.18.0.2 255.255.0.0
mpls ip
!
interface fastethernet0/1
ip address 172.19.0.1 255.255.0.0
mpls ip
!
interface loopback0
ip address 10.3.3.3 255.255.255.255
!
interface loopback1
ip address 3.3.3.3 255.255.255.255
!
router ospf 1
router-id 10.3.3.3
network 172.18.0.0 0.0.255.255 area 0
network 172.19.0.0 0.0.255.255 area 0
network 10.3.3.3 0.0.0.0 area 0
network 3.3.3.3 0.0.0.0 area 0
10-2: MPLS Traffic Engineering
Service providers can use traffic engineering on MPLS-enabled routers to route a cus-tomer’s network traffic based on throughput and delay. Traffic engineering (TE) tunnelsare created for label switch paths (LSP) using the RSVP. A tunnel interface represents thehead of the LSP and is configured with a set of resource requirements (for example,bandwidth requirements, media requirements, and priority):
■ Topology and resource information is flooded using either IS-IS or OSPF. Traffic engi-neering extensions are added to the routing process to enable MPLS traffic engineering.
■ IS-IS routers must be configured to use the new style of IS-IS metric to support newtype, length, and value objects (TLV) for traffic engineering. The new TLVs are 22and 135 and have sub-TLVs that enable you to add properties to a link for purposesof traffic engineering.
Chapter 10: Multiprotocol Label Switching 365
Se
ctio
n 1
0-2
■ The Shortest Path First (SPF) algorithm used by IS-IS and OSPF chooses the tunnelinterface before choosing an alternative path over main interfaces.
■ Multiple tunnels might be configured to load-share traffic.
Configuration
1. (Required) Allow CEF and LDP as explained in Section 10-1.
2. (Required) Allow the MPLS traffic engineering feature:
(global) mpls traffic-eng tunnels
Before you can allow interfaces for traffic engineering, you must first allow trafficengineering globally.
3. (Required) Allow traffic engineering on interfaces:
(interface) mpls traffic-eng tunnels
When you have allowed MPLS traffic engineering globally, you can then allow it oninterfaces. Configuring this command causes its resource information to be floodedinto the appropriate interior gateway protocol (IGP) link-state database (either IS-ISor OSPF). This command also enables the interface to accept traffic engineering tun-nel signaling requests.
4. (Required when using CAC with RSVP) Allow RSVP on an interface and specify theamount of bandwidth to reserve:
(interface) ip rsvp bandwidth [bandwidth]
This command enables the resource reservation protocol (RSVP) on the interface.You must enter this command if you use Call Admission Control (CAC) with RSVP.If you do not specify a bandwidth value, a default bandwidth value of 75 percentwill be used.
5. Configure OSPF for MPLS traffic engineering.
a. (Required) Allow traffic engineering for each area:
(router) mpls traffic-eng area area-number
b. (Required) Set the traffic engineering router identifier:
(router) mpls traffic-eng router-id interface
Unlike OSPF and MPLS router IDs, MPLS traffic engineering will not automati-cally set a router ID. The router ID will be the IP address on the interface youenter in this command. It is recommended that you use a loopback interface andthat it match that of the interface used for the OSPF process router ID. The routerID is flooded to other routers and is used as the tunnel destination IP address.
366 Cisco Router Configuration Handbook
6. Configure IS-IS for MPLS traffic engineering.
a. (Required) Allow traffic engineering:
(router) mpls traffic-eng {level-1 | level-2}
You can choose to flood traffic engineering into IS-IS level-1 or level-2.
b. (Required) Set the traffic engineering router identifier:
(router) mpls traffic-eng router-id interface
c. (Required) Configure the router to generate and accept new-style TLVs:
(router)metric-style wide
The original metric used by IS-IS does not support traffic engineering. You mustenter this command to support the new type, length, value objects (TLV), andsub-TLVs used for traffic engineering.
Note See RFC 3784, “Intermediate System to Intermediate System (IS-IS) Extensions forTraffic Engineering (TE),” for more on the new TLVs and sub-TLVs used for traffic engi-neering.
7. Create a tunnel interface:
(global) interface tunnel number
This command creates a new tunnel interface.
8. Assign an IP address to the tunnel interface:
(interface) ip unnumbered interface
Tunnel interfaces should be unnumbered because the tunnel interface represents aunidirectional link. It is recommended that you use a loopback interface for theinterface value.
9. Set the tunnel destination IP address:
(interface) tunnel destination ip-address
The tunnel destination IP address should be set to the far-end router’s IP address thatwas configured with the mpls traffic-eng router-id command under the IS-IS orOSPF router process.
10. Set the tunnel type to MPLS traffic engineering:
(interface) tunnel mode mpls traffic-eng
There are many types of tunnel interfaces (for example, GRE, 6to4, and so on), soyou must manually set the interface type.
11. Configure the bandwidth for the tunnel:
(interface) tunnel mpls traffic-eng bandwidth bandwidth
Chapter 10: Multiprotocol Label Switching 367
Se
ctio
n 1
0-2
The range of valid bandwidth values is 1–4294967295.
12. Configure a dynamic or explicit path option:
(interface) tunnel mpls traffic-eng path-option number { dynamic | explicit
{name path-name | identifier path-number}}
You can configure the tunnel to be dynamic, meaning the router will rely on the IS-IS or OSPF routing information to determine the best path for the tunnel. You canalso manually define the path using the explicit option. If you choose to explicitlymap out the tunnel path, you need to enter either a name or identifier to referencethe configured path. The steps for configuring an explicit path follow:
a. Configure the explicit path (if applicable).
■ Enter IP explicit path configuration mode:
(global) ip explicit-path {name path-name | identifier path-number}
The path-name or path-number should match what you configured with thetunnel mpls traffic-eng path-option command earlier.
■ Enter the IP addresses for each hop:
(explicit-path-configuration) next-address [loose | strict] ip-address
Enter the next IP addresses one at a time for the path you want the tunneled trafficto take. The loose and strict keywords are optional. The loose option tells therouter that the previous address in the explicit path does not need to be directlyconnected to the next address. The router is therefore free to determine the pathfrom the previous address to the next. The strict option tells the router that theprevious address must be directly connected to the next address.
Note The next IP address can be either the link (interface) IP address of the next-hoprouter or the MPLS node address (set with the mpls traffic-eng router-id interface routerprocess command). However, for Cisco IOS releases 12.4(24)T and earlier, you cannot use alink address as the first hop followed by node addresses for subsequent hops. You do nothave this restriction for releases after 12.4(24).
13. Allow the IGP (that is, IS-IS or OSPF) to use the tunnel when performing its SPFroute calculation:
(interface) tunnel mpls traffic-eng autoroute announce
The only way to forward traffic onto a tunnel is to allow this feature or to configurea static route to the interface.
14. (Optional) Manually configure the metric used by the SPF calculation:
(interface) tunnel mpls traffic-eng autoroute metric absolute metric
368 Cisco Router Configuration Handbook
Lo 1.1.1.1 Lo 3.3.3.3
Lo 4.4.4.410.1.1.4/3010.1.1.8/30
10.1.1.12/30
10.1.1.16/30
Lo 2.2.2.2
Tunnel
Router A Router C
Router B
Router D
Figure 10-2 MPLS Traffic Engineering Example
You can allow the IGP to automatically assign the metric for the tunnel or manuallyconfigure the metric value using this command.
Example
Figure 10-2 is used for this example. RouterA is configured for MPLS traffic engineering.An explicit tunnel is configured with a backup dynamic tunnel. The tunnel is configuredwith a metric of 10 and announced to IS-IS so that IS-IS will consider the tunnel when itperforms its SPF calculation.
hostname RouterA
!
ip cef
mpls ip
mpls ldp router-id 1.1.1.1
mpls traffic-eng tunnels
!
interface fastethernet0/0
ip address 10.1.1.5 255.255.255.252
mpls ip
ip router isis
mpls traffic-eng tunnels
ip rsvp bandwidth 512
!
interface loopback 0
ip address 1.1.1.1 255.255.255.255
Chapter 10: Multiprotocol Label Switching 369
Se
ctio
n 1
0-3
ip router isis
!
router isis
net 49.0001.0000.0000.0001.00
is-type level-1
metric-style wide
mpls traffic-eng router-id loopback 0
mpls traffic-eng level-1
!
interface tunnel 0
ip unnumbered loopback 0
tunnel destination 4.4.4.4
tunnel mpls traffic-eng bandwidth 512
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng autoroute metric absolute 10
tunnel mpls traffic-eng path-option 1 explicit name TUNNEL
tunnel mpls traffic-eng path-option 2 dynamic
!
ip explicit-path name TUNNEL
next-address 2.2.2.2
next-address 4.4.4.4
10-3: MPLS Virtual Private Networks (VPN)
■ MPLS virtual private networks (VPN) offer greater scalability than Frame Relay orATM overlay VPN solutions.
■ MPLS VPNs have a separate routing and forwarding (VRF) instance for each customer.
■ Each VRF has a 64-bit route distinguisher (RD) to keep each customer’s IP subnetseparate from other routing and forwarding tables.
■ Routers maintain a global routing table that is used to reach other routers in theprovider’s network.
■ BGP route target communities are used to exchange route information between routers.
■ There is a separate CEF and routing table for each VRF.
Configuration
1. Configure MPLS according to Section 10-1.
2. Create the VRF and enter into VRF configuration mode:
(global) ip vrf name
Every customer will have their own VRF.
370 Cisco Router Configuration Handbook
Table 10-1 RD Formats
Format Example
16-bit autonomous system number: a 32-bit number 65501:1
32-bit IP address: a 16-bit number 192.168.0.1:1
3. Create a route distinguisher for the VRF:
(vrf) rd route-distinguisher
You must configure a route distinguisher for the VRF to be functional. This com-mand adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix. The RDcan be entered in one of the two formats shown in Table 10-1.
4. Create a route target for import, export, or both import and export:
(vrf) route-target {import | export | both} route-target-community-number
This command creates a list of import and export route target extended communi-ties for the VRF. Learned routes that carry the same extended community number asthe route-target-community-number you configure can be either imported into theVRF or exported out of the VRF (or both). Extended communities follow the sameformat as RDs.
5. Associate the VRF with an interface facing a customer edge (CE) router:
(interface) ip vrf forwarding vrf-name
This command associates the VRF instance you created earlier in Step 2 with aninterface. Configuring this command removes the IP address so you need to recon-figure the IP address after applying this command.
6. Configure the VRF instance under the BGP process:
a. Enter BGP configuration mode:
(global) router bgp autonomous-system-number
b. Enter the address family configuration mode for the VRF instance:
(router) address-family ipv4 vrf vrf-name
Enter the VRF name you created earlier in Step 2.
c. Configure the customer edge neighbor:
(address-family) neighbor ip-address remote-as autonomous-system-number
This command goes on the provider edge (PE) router and associates the VRFcreated in Step 2 with the BGP neighbor defined here under the VRF addressfamily mode.
Chapter 10: Multiprotocol Label Switching 371
Se
ctio
n 1
0-3
d. Activate the CE BGP neighbor:
(address-family) neighbor ip-address activate
7. Configure the provider edge (PE) to provider edge (PE) routing:
a. Enter BGP configuration mode:
(global) router bgp autonomous-system-number
b. Configure the PE BGP neighbor:
(router) neighbor ip-address remote-as autonomous-system-number
There is a separate VRF instance for each customer and a global routing table. Theglobal routing is created here by defining the BGP peers within the provider.
c. Activate the PE BGP neighbor:
(router) neighbor ip-address activate
d. Enter the vpn4 unicast address family:
(router) address-family vpnv4 unicast
This address family configures an IPv4 unicast VPN routing instance that enablesthe PE routers to exchange BGP information with each other while still remainingseparate from the customers’ VRF instances.
e. Define and activate the PE BGP neighbors:
(address-family) neighbor ip-address remote-as autonomous-system-number
(address-family) neighbor ip-address activate
f. Allow extended communities for the PE BGP neighbor:
(address-family) neighbor ip-address send-community extended
Configuring this command activates support for extended communities. Extendedcommunities are necessary for route targets to work with VRFs.
Note For more on BGP configuration, see Chapter 6, “IP Routing Protocols.”
Example
Figure 10-3 is used in this example. The configuration that follows shows the configura-tion on the PE1 router. A VRF instance is created for Customer_A and Customer_B. ForCustomer_A, the router is configured to both import and export all routes tagged withthe extended community 100:1. For Customer_B, the router is configured to both importand export all routes tagged with the extended community 100:2:
hostname PE1
!
ip cef
!
372 Cisco Router Configuration Handbook
Provider AS100
Customer_A
Customer_B
PE1 PE2
CustB_1
CustA_1
Customer_A
Customer_B
CustB_2
CustA_2
Figure 10-3 MPLS VPN Example
ip vrf Customer_A
rd 100:1
route-target both 100:1
!
ip vrf Customer_B
rd 100:2
route-target both 100:2
!
interface serial0/0
ip address 192.168.1.5 255.255.255.252
mpls ip
description Link to PE
!
interface serial0/1
ip address 192.168.1.9 255.255.255.252
description Link to Customer_A
ip vrf forwarding Customer_A
!
interface serial0/2
ip address 192.168.1.13 255.255.255.252
description Link to Customer_B
ip vrf forwarding Customer_B
!
router bgp 100
neighbor 192.168.1.6 remote-as 100
neighbor 192.168.1.6 activate
address-family vpnv4 unicast
neighbor 192.168.1.6 remote-as 100
neighbor 192.168.1.6 activate
neighbor 192.168.1.6 send-community extended
Chapter 10: Multiprotocol Label Switching 373
address-family ipv4 unicast vrf Customer_A
redistribute connected
neighbor 192.168.1.10 remote-as 65535
neighbor 192.168.1.10 activate
address-family ipv4 unicast vrf Customer_B
redistribute connected
neighbor 192.168.1.14 remote-as 65534
neighbor 192.168.1.14 activate
References
Refer to the following recommended sources for further technical information about theMPLS topics covered here:
Definitive MPLS Network Designs, by Jim Guichard, Francois Le Faucheur, and Jean-Philippe Vasseur, Cisco Press, ISBN 1587051869.
MPLS Configuration on Cisco IOS Software, by Umesh Lakshman and Lancy Lobo,Cisco Press, ISBN 1587051990.
MPLS Fundamentals, by Luc DeGhein, Cisco Press, ISBN 1587051974.
MPLS and VPN Architectures, by Ivan Pepelnjak, Cisco Press, ISBN 1487050021.
MPLS and VPN Architectures, Volume II, by Ivan Pepelnjak, Jim Guichard, and JeffApcar, Cisco Press, ISBN 1587051125.
RFC 2547, “BGP/MPLS VPNs.”
RFC 2702, “Requirements for Traffic Engineering Over MPLS.”
RFC 2917, “A Core MPLS IP VPN Architecture.”
RFC 3031, “Multiprotocol Label Switching Architecture.”
RFC 3034, “Use of Label Switching on Frame Relay Networks Specification.”
RFC 3036, “LDP Specification.”
RFC 3063, “MPLS Loop Prevention Mechanism.”
RFC 3032, “MPLS Label Stack Encoding.”
RFC 3209, “RSVP-TE: Extensions to RSVP for LSP Tunnels.”
RFC 3784, “Intermediate System to Intermediate System (IS-IS) Extensions for TrafficEngineering.”
Index
Numerics
56/64 CSU/DSU connections, 555-556
6to4 tunnels, configuring, 222
A
AAA (Authentication, Authorization,and Accounting), configuring, 429-438
access lists
extended IP access lists, configuring,522-525
IPv6 access lists, configuring, 533-538
Lock and Key, configuring, 442-446
reflexive, configuring, 446-448
regular expressions, configuring,539-541
standard IP access lists, configuring,521-531
standard MAC address access lists,configuring, 532-533
access to router, configuring, 12-13
accessing privileged mode, 14-15
accounting, configuring, 436-437
address spoofing, 427-428
administrative distance, 294
default administrative distances, 307
aggregatable global addresses, 197
alias commands, 27-28
APS (Automatic ProtectionSwitching), configuring on POSinterfaces, 93-94
ARP (Address Resolution Protocol),configuring, 154-158
assigned IP protocols, 577-586
ATM (Asynchronous Transfer Mode),configuring, 110-117
attack signatures, 459-470
authentication, configuring, 433-435
authentication proxy, configuring,438-442
authorization, configuring, 435-436
AutoQoS, configuring, 353-357
AutoSecure, configuring, 473-474
B
back-to-back router connections,553-556
bandwidth, voice call requirements,380
Bc (Committed Burst Rate), 95
Be (Excess Burst Rate), 95
BECN (Backward Explicit CongestionNotification), 96
best path selection, BGP, 258
BGP (Border Gateway Protocol)
best path selection, 258
configuring, 257-270
policy propagation, configuring,330-332
BRI, configuring, 131-133
broadcast handling, configuring, 158-160
buffer management, 56-61
C
cabling distance limitations, 551-553
call fallback, configuring, 392-394
CAR (committed access rate), configuring, 342-343
CBAC (Content-Based AccessControl), configuring, 451-457
changing virtual configuration register settings, 569-576
channelized E1/T1 interfaces, configuring, 84-85
chat scripts, 126-128
choosing a Cisco IOS Softwarerelease, 546-548
CIR (Committed Information Rate),95
Cisco IOS IPS (Intrusion PreventionSystem), 458-471
attack signatures, 459-470
configuring, 458-471
Cisco IOS Packaging Initiative, 543
Cisco IOS Software
filenaming convention, 548-550
releases, 544-545
choosing, 546-548
numbering, 545-546
CoA (care of address), 211
command history, 4
commands
alias, 27-28
entering, 3
output, filtering, 4-6
show version, 71
configuration modes, 1, 2
configuration rollback, 25-26
configuring
access lists
extended IP access lists, 522-525
IPv6 access lists, 533-538
named access lists, 525-527
OGACL, 527-528
regular expressions, 539-541
standard IP access lists, 521-531
standard MAC address accesslists, 532-533
access to router, 12-13
CDP, 28-29
channelized E1/T1 interfaces, 84-85
Cisco IOS IPS, -471
DDR, 133-141
dial backup, 141-143
632 back-to-back router connections
dialer watch, 143-144
distance vector routing protocols
BGP, 257-270
EIGRP, 234-239
RIP, 232-233
H.323
gatekeepers, 408-415
gateways, 405-408
interfaces
ATM, 110-117
Ethernet, 74-75
FDDI, 76
Frame Relay, 95-104
loopback, 77
null, 77
synchronous serial interfaces,82-91
VLAN, 78-79
IP addressing
ARP, 154-158
broadcast handling, 158-160
DHCP, 167-172
HSRP, 160-165
Mobile IP, 172-178
NAT, 178-185
SLB, 185-192
VRRP, 165-166
IP multicast
IGMP, 280-284
IPv6 multicast, 290-292
MBGP, 284-287
IP route processing
load balancing, 308-309
manual route configuration,294-295
policy routing, 296-298
route filtering, 305-308
route redistribution, 298-305
IPv6 addressing, 198
DHCPv6, 199-202
GLBPv6, 202-207
HSRP version 2, 208-211
Mobile IPv6, 211-214
NAT-PT, 215-220
tunneling, 221-224
IPv6 EIGRP, 239-242
IPv6 IS-IS, 257
IPv6 RIP, 233-234
ISDN
BRI, 131-133
PRI, 129-131
IVR, 415-417
link-state routing protocols
IS-IS, 252-257
OSPF, 242-250
logging, 34-37
login authentication, 13-14
MBGP, 270
modems, 122-128
MPLS, 363-364
TE, 364-369
VPNs, 369-373
NTP, 30-34
ODR, 146-147
OSPFv3, 250-252
PIM, 277-280
POS (Packet-Over-SONET) interfaces, 91-95
PPP, 148-152
QoS
AutoQoS, 353-357
CAR, 342-343
configuring 633
CQ, 333-337
CRTP, 352-353
FRTS, 345-347
GTS, 344-345
LFI, 351-352
MQC, 314-321
NBAR, 322-327
PBR, 327-329
policy propagation, 330-332
PQ, 332-333
RSVP, 348-351
for voice, 376-381
for VPNs, 329-330
WFQ, 337-340
WRED, 340-341
SAA, 47-56
security
AAA, 429-438
authentication proxy, 438-442
AutoSecure, 473-474
CBAC, 451-457
CoPP, 471-473
Lock and Key, 442-446
login timing options, 425-426
TCP Intercept, 448-451
session menus, 16-18
snapshot routing, 145-146
SNMP, 38-47
switching, Frame Relay, 105-109
system banners, 15-16
system buffers, 57-61
telephony, SRS (Survivable RemoteSite) Telephony, 417-421
tunnel interfaces, 79-81
voice ports, 382-395
call fallback, 392-394
trunk connections, 390-392
VPNs
DMVPN, 504-514
high availability, 493-504
IKE, 476-483
IPSec VPN tunnels, 483-492
SSL VPNs, 514-517
connector pinouts, 554
context-sensitive help, 3-4
controlling access to routers, 424-425
CoPP (Control Plane Policing), configuring, 471-473
CQ (custom queuing), configuring,333-337
crashes, troubleshooting, 69
CRTP (Compressed Real-TimeProtocol), configuring, 352-353
crypto maps, 486-490
D
DDR (Dial-on-Demand Routing), configuring, 133-141
DE (Discard Eligible), 96
debugging output, 65-67
default administrative distances, 307
default routes, configuring, 294-295
deleting files from flash, 22-23
DHCP (Dynamic Host ConfigurationProtocol), configuring, 167-172
DHCPv6, configuring, 199-202
dial backup, configuring, 141-143
dial peers, configuring, 395-405
dialer watch, configuring, 143-144
dial-up networks, routing over, 144-147
DiffServe, 313
634 configuring
directed broadcast, configuring, 158-160
disabling unnecessary services, 428-429
distance limitations for cabling, 551-553
distance vector routing protocols
BGP
configuring, 257-270
policy propagation, configuring, 330-332
EIGRP, configuring, 234-239
RIP, 232-233
DLCI (Data Link ConnectionIdentifier), 95
DMVPN (Dynamic Multipoint VPN),configuring, 504-514
DoS attacks, preventing with TCPIntercept, 448-451
DPD (dead peer detection), configuring, 494
DSCP byte format, 313
dynamic port numbers, 587-599
E
Early Deployment releases, 546
EIGRP (Enhanced Interior GatewayRouting Protocol), configuring,234-239
enabling web browser interface, 18-19
Ethernet
connections, 555
interfaces, configuring, 74-75
type codes
extended IP access lists, configuring,522-525
extended ping, 62-63
F
FDDI interfaces, configuring, 76
FECN (Forward Explicit CongestionNotification), 96
file management, related commands,26-27
file systems, navigating, 19-21
filenaming convention (Cisco IOSSoftware), 548-550
files, deleting from flash, 22-23
filtering command output, 4-6
flash memory, deleting files from, 22-23
Frame Relay
interfaces, configuring, 95-104
switching, configuring, 105-109
FRTS (Frame Relay Traffic Shaping),configuring, 345-347
G
gatekeepers (H.323), configuring,408-415
gateways (H.323), configuring, 405-408
GLBPv6 (Gateway Load BalancingProtocol Version 6), 202-207
GRE tunnels, configuring, 221-222
GTS (Generic Traffic Shaping), configuring, 344-345
H
H.323
gatekeepers, configuring, 408-415
gateways, configuring, 405-408
H.323 635
high availability for VPNs, configuring, 493-504
HSRP (Hot Standby Routing Protocol)
configuring, 160-165
for IPSec VPNs, configuring, 495
HSRP version 2, configuring, 208-211
hub and spoke topologies, DMVPNconfiguration, 504-514
I
IANA (Internet Assigned NumbersAuthority)
well-known IP port numbers, 587-599
well-known IP protocol numbers,577-586
ICMP (Internet Control MessageProtocol) type codes, 601-604
IGMP (Internet Group ManagementProtocol), 276
configuring, 280-284
IK (Internet Key Exchange), configuring, 476-483
image files, naming conventions, 548-550
interfaces, configuring
ATM, 110-117
Ethernet, 74-75
FDDI, 76
Frame Relay, 95-104
loopback, 77
null, 77
POS, 91-95
synchronous serial interfaces, 82-91
tunnel interfaces, 79-81
VLAN, 78-79
IP addressing
ARP, configuring, 154-158
broadcast handling, 158-160
DHCP, configuring, 167-172
HSRP, configuring, 160-165
Mobile IP, configuring, 172-178
NAT, configuring, 178-185
SLB, configuring, 185-192
unicast addresses, 197
VRRP, configuring, 165-166
IP multicast
IGMP, configuring, 280-284
IPv6 multicast, configuring, 290-292
MBGP, configuring, 284-287
MSDP, configuring, 287-290
PIM, 279-280
configuring, 277-280
well-known IP multicast addresses,605-617
IP route processing
load balancing, configuring, 308-309
manual route configuration, 294-295
policy routing, configuring, 296-298
route filtering, configuring, 305-308
route redistribution, configuring,298-305
IPSec VPN tunnels, configuring, 483-492
IPSec VPNs, HSRP, 495
IPv6 access lists, configuring, 533-538
IPv6 addressing, 196-198
configuring, 198
DHCPv6, configuring, 199-202
GLBPv6, configuring, 202-207
HSRP version 2, configuring, 208-211
636 high availability for VPNs, configuring
NAT-PT, configuring, 215-220
tunneling, configuring, 221-224
IPv6 EIGRP, configuring, 239-242
IPv6 IS-IS, configuring, 257
IPv6 multicast, configuring, 290-292
IPv6 RIP, configuring, 233-234
ISATAP tunnels, configuring, 222-223
ISDN, 128-133
BRI, configuring, 131-133
PRI, configuring, 129-131
IS-IS, configuring, 252-257
IVR (Interactive Voice Response),configuring, 415-417
L
Layer 2 switching, MPLS configuration, 363-364
LFI (Link Fragmentation andInterleaving)
configuring, 351-352
recommended packet sizes, 379
link efficiency mechanisms, 351-353
link-local addresses, 197
link-state routing protocols
IS-IS, configuring, 252-257
OSPF, configuring, 242-250
LLQ (Low Latency Queuing), 379
load balancing, configuring, 308-309
local voice busyout, configuring, 394-395
Lock and Key, configuring, 442-446
logging, 34-38
configuring, 34-37
verifying, 37-38
login authentication, configuring, 13-14
login timing options, configuring,425-426
loopback interfaces, configuring, 77
lost passwords, recovering, 561-568
M
manual route configuration, 294-295
MBGP (Multiprotocol BGP)
configuring, 270, 284-287
memory, buffer management, 56-61
MIB structure (SNMP), 557-559
Mobile IP, configuring, 172-178
Mobile IPv6, configuring, 211-214
modems
chat scripts, 126-128
configuring, 122-128
monitoring, router activity, 69
moving system files, 23-25
MPLS (Multiprotocol LabelSwitching)
configuring, 363-364
TE, configuring, 364-369
VPNs, configuring, 369-373
MQC (modular QoS command-lineinterface), configuring, 314-321
MSDP (Multicast Source DiscoveryProtocol), configuring, 287-290
N
named access lists, configuring, 525-527
NAT (Network Address Translation),configuring, 178-185
NAT (Network Address Translation), configuring 637
NAT-PT (Network AddressTranslation-Protocol Translation),configuring, 215-220
navigating file systems, 19-21
NBAR (Network-Based ApplicationRecognition), configuring, 322-327
network management, SNMP MIBstructure, 557-559
network media, distance limitations,551-553
NTP (Network Time Protocol), configuring, 30-34
null interfaces, configuring, 77
O
ODR (On-Demand Routing), configuring, 146-147
OGACL (Object Groups for ACLs),configuring, 527-528
OSPF (Open Shortest Path First), configuring, 242-250
OSPFv3, configuring, 250-252
output, debugging, 65-67
P
passwords, recovering, 561-568
pattern matching, configuring regularexpressions, 539-541
PBR (Policy-Based Routing), configuring, 327-329
performance, SAA configuration, 47-56
PIM (Protocol IndependentMulticast), 279-280
configuring, 277-280
ping, 62
policy propagation, configuring, 330-332
policy routing, configuring, 296-298
Poor Man’s Sniffer, 67-69
POS (Packet-Over-SONET) interfaces,configuring, 91-95
PPP (Point-to-Point Protocol), configuring, 148-152
PQ (priority queuing), configuring,332-333
preventing
DoS attacks with TCP Intercept, 448-451
password recovery, 568
PRI, configuring, 129-131
private port numbers, 587-599
privileged EXEC mode, 2
privileged mode, accessing, 14-15
Q
QoS (Quality of Service)
AutoQoS, configuring, 353-357
CAR, configuring, 342-343
CQ, configuring, 333-337
CRTP, configuring, 352-353
DiffServe, 313
FRTS, configuring, 345-347
GTS, configuring, 344-345
LFI, configuring, 351-352
MQC, configuring, 314-321
NBAR, configuring, 322-327
PBR, configuring, 327-329
PQ, configuring, 332-333
RSVP, configuring, 348-351
for voice, configuring, 376-381
for VPNs, configuring, 329-330
WFQ, configuring, 337-340
WRED, configuring, 340-341
638 NAT-PT (Network Address Translation-Protocol Translation), configuring
R
recovering lost passwords, 561-568
reflexive access lists, configuring,446-448
registered port numbers, 587-599
regular expressions, configuring,539-541
RIP (Routing Information Protocol),configuring, 232-233
route filtering, configuring, 305-308
route redistribution, configuring,298-305
routers
controlling access to, 424-425
monitoring activity, 70-71
routing over dial-up networks, 144-147
routing protocols
MPLS, configuring, 364-369
redistribution, configuring, 298-305
RRI (Reverse Route Injection), configuring, 494-495
RSVP (Resource ReservationProtocol), configuring, 348-351
S
SAA (Service Assurance Agent), configuring, 47-56
scripting, Tcl, 619-620
secure shell connections, 10-12
security, 423-424
AAA, configuring, 429-438
address spoofing, preventing, 427-428
authentication proxy, configuring,438-442
AutoSecure, configuring, 473-474
CBAC, configuring, 451-457
Cisco IOS IPS, 458-471
attack signatures, 459-470
configuring, 458-471
controlling access to routers, 424-425
CoPP, configuring, 471-473
Lock and Key, configuring, 442-446
login timing options, configuring,425-426
reflexive access lists, configuring,446-448
TCP Intercept, configuring, 448-451
unnecessary services, disabling, 428-429
user authentication, 424
warning banners, configuring, 426
services, disabling, 428-429
session menus, configuring, 16-18
show version command, 71
SLB (Server Load Balancing), configuring, 185-192
snapshot routing, configuring, 145-146
SNMP (Simple Network ManagementProtocol)
configuring, 38-47
MIB structure, 557-559
software releases (Cisco IOS), 544-545
spoofed addresses, 427-428
SRS (Survivable Remote Site)Telephony, configuring, 417-421
SSL VPNs, configuring, 514-517
SSO (stateful switchover), configuring, 495-497
SSO (stateful switchover), configuring 639
standard IP access lists, configuring,521-531
standard MAC address access lists,configuring, 532-533
static routes, configuring, 294
switching, Frame Relay configuration,105-109
synchronous serial interfaces, configuring, 82-91
system banners, configuring, 15-16
system buffers, configuring, 57-61
system files, moving, 23-25
system monitoring, SNMP configuration, 38-47
system time, NTP configuration, 30-34
T
T1/E1 CSU/DSU connections, 556
TAC (Technical Assistance Center),71-72
Tcl (Tool Command Language), 619-620
TCP Intercept, configuring, 448-451
TE (Traffic Engineering), configuring,364-369
telephony
dial peers, configuring, 395-405
SRS Telephony, configuring, 417-421
Telnet, 65
terminal sessions, 6-10
ToS byte formats, 313
traceroute, 63-65
traffic inspection, CBAC, 453-457
troubleshooting crashes, 69
troubleshooting tools
extended ping, 62-63
ping, 62
Telnet, 65
traceroute, 63-65
trunk connections, voice port configuration, 390-392
tunnel interfaces, configuring, 79-81
tunneling
configuring, 221-224
IPSec VPN tunnels, configuring,483-492
type codes
Ethernet
ICMP, 601-604
U
unicast addresses (IPv6), 197
unique local addresses, 198
unnecessary services, disabling, 428-429
user authentication, 424
user EXEC mode, 2
user interface modes, 2-3
V
verifying, logging, 37-38
virtual configuration register settings,changing, 569-576
VLAN interfaces, configuring, 78-79
voice ports, 381-395
call fallback, configuring, 392-394
local voice busyout, configuring,394-395
trunk connections, 390-392
640 standard IP access lists, configuring
voice traffic, QoS configuration, 376-381
VPNs
DMVPN, configuring, 504-514
high availability, configuring, 493-504
IKE, configuring, 476-483
IPSec VPN tunnels, configuring,483-492
MPLS, configuring, 369-373
QoS, configuring, 329-330
SSL VPNs, configuring, 514-517
VRRP (Virtual Router RedundancyProtocol), configuring, 165-166
W
warning banners, configuring, 426
web browser interface, enabling, 18-19
well-known IP multicast addresses,I.1-I.593
well-known IP port numbers, 587-599
well-known IP protocol numbers,577-586
WFQ (weighted fair queuing), configuring, 337-340
wildcards, access list regular expressions, 539-540
WRED (weighted random early detection), configuring, 340-341
WRED (weighted random early detection), configuring 641
top related