Chapter 7

Basic configurations are fine for getting the line up and running, but there are always more things you will want to do with your routers. Cisco routers are highly configurable and have many features that will help enhance your network. These features can decrease your site's usage of IP address numbers, enable dynamic routing, and log events to a text file on another machine. You should understand why you want to use these enhancements before you start playing around with them.

The Internet is growing at a phenomenal rate. Some experts say the number of machines on it doubles every six months. Each machine on the Internet needs an Internet address. Today that includes PC's, web servers, UNIX boxes, routers, and sometimes hubs and switches. Even users dialing in from home are issued a temporary IP address. They get these from the server or router to which they connect.

Since there are only a limited number of addresses available, many different schemes have evolved to conserve address space. If you think about the T1 connection example in the Basic Configurations chapter, you will remember an entire class C network of 256 addresses was used for this connection. This would be a huge waste of address space. Since T1 lines are point-to-point, no more than two IP addresses are necessary (one for each side.) One way to conserve address space would be to divide up a class C network into many small subnetworks, each having only four addresses. Another way would be to unnumber the addresses.

When an interface has an unnumbered address, it takes the IP address of a different interface as its own. Usually the unnumbered interface is a point-to-point WAN connection and the address it takes is that of the primary Ethernet port. In this case, we show a router with a single Ethernet and serial line in use. The serial line's IP address is shown as "unnumbered Ethernet0".

If we had two such routers connecting at separate sites (as we did in the Basic Configurations section), the diagram of the network would look like the one below. In this configuration, you can see that the serial ports have the IP addresses 208.213.188.1 and 208.213.188.2.

If the routers were converted over to an unnumbered IP address scheme, they would be more properly displayed as having one IP address for each router and no specific IP addresses for either LAN or WAN port.

In this configuration, you have saved a whole class C IP address by using "IP unnumbered" on your WAN interfaces. In most cases, you will save only a small number of IP addresses. However, those IP addresses do add up, and make a real difference in keeping the Internet running. You may think of it as your civic duty to optimize the use of your IP addresses space.

The final configuration that needs to be done is to route the class C network on the Ethernet ports to their destinations. Since those destinations no longer have IP addresses of their own, the remote network is routed to the local WAN ports themselves. Site B's configuration would look like this:

Site A's configuration would look like this:

Multiple IP addresses on the same interface may not make sense at first. The key is to separate the physical network topology from the logical network. One Ethernet interface on a router can only hook to one port on a hub--this is the physical aspect of the Ethernet port. However, that hub may have traffic for many IP networks traveling over it--this is the logical network aspect. If you are like most people, your physical and logical networks are the same, but there are times when you may want to separate them and add additional logical networks to an existing physical network.

The two most common reasons for having multiple IP addresses on a single interface are for hosting multiple logical sites on one router and to aid in the transition from one logical network to another. If you want to host multiple sites on one router, you can configure the Ethernet interface to live on multiple logical networks. Machines on one logical network (although on the same physical network) cannot see machines on the other. This helps insure security, while adding more flexibility to the network configuration. A diagram of this network would look like this:

The basic configuration for multiple IP addresses on a single interface looks like this. The keyword secondary after the normal IP address information tells the router that this is an additional interface and not replacement information for the existing interface.

.

The transition from one logical IP network to another is a time intensive task. This happens most often when companies switch to a different ISP and lose their old class C network. Most administrators in this situation are forced to switch the router's IP address to the new network first and then start moving stations over one by one. This means all machines on the network are down until an administrator can visit them and get their addresses and gateways changed over to the new network.

By adding a second IP address to the router, a second logical network is added to the existing physical network. The administrator can then keep the site up as he visits each machine and move it to the new network at a leisurely pace. This also allows for greater testing of a new ISP connection by letting you keep the existing network in place while the problems with the new one are debugged. This takes care of the LAN side, but on the WAN side you will likely want to go through the added expense of adding the new connection before you take down the old one. In the case of a leased line WAN connection, you will probably have to buy or borrow an additional router cable and CSU/DSU. In the case of ISDN, you may be out of luck if your router only supports a single BRI. If it supports multiple BRIs then you can add an additional NT-1 and keep both connections active at the same time.

Assuming a leased line connection, your router configuration might look like the box below. It shows a leased line connection to each of two ISPs. It also shows a single Ethernet with IP addresses from each class C given to you from each ISP. Note that a default route to both ISPs is in use. This splits up all outbound traffic evenly between them. If they don't allow packets out to the Internet from each other's networks, you may have problems with this type of configuration. Since this is only a temporary setup, it may not matter much.

The network diagram for this configuration looks like this:

Routing between the IP networks connected to the Ethernet interface is automatic and needs no special routing statements. However, you must be careful of other machines that sit on both networks. The so-called dual-homed systems may have IP routing turned on by default. Almost all of today’s modern operating systems (UNIX, Windows 95, Windows NT) are capable of acting as IP routers. To avoid problems caused by more than one router between two networks, you should make sure that routing is turned off on all these routers. In the case of UNIX systems make sure "IPFORWARDING" and "IPSENDREDIRECTS" are turned off in the kernel. In Windows operating systems, simply make sure the "IP Routing" box is not checked.

Dynamic routing protocols allow routers to agree among themselves on the best way to route packets through your network. Many different protocols exist, and each has their own characteristics (making some more valuable to your network than others.) Some, like RIP (Routing Information Protocol) and OSPF (Open Shortest Path First) are standards and can be used in a heterogeneous router environment. Others, like IGRP (Interior Gateway Routing Protocol) and EIGRP (Enhanced Interior Gateway Routing Protocol) were invented by Cisco and may not work with non-Cisco equipment.

The dynamic routing protocols send out their own packets attempting to contact other routers on the network. Those routers respond with information about their interfaces and routes. In this way, all routers are able to build a uniform picture of the network. Each protocol has different default times when it sends out inquiry packets. They also have different algorithms for determining the best method of routing to another network.

Some of the routing protocols supported by Cisco include:

• BGP Border Gateway Protocol (BGP)
• EGP Exterior Gateway Protocol (EGP)
• EIGRP Enhanced Interior Gateway Routing Protocol (EIGRP)
• IGRP Interior Gateway Routing Protocol (IGRP)
• ISIS ISO IS-IS
• OSPF Open Shortest Path First (OSPF)
• RIP Routing Information Protocol (RIP)

Before choosing a routing protocol you should learn more about it, as not all routing protocols are created equal. For example, OSPF does exactly what its name says: it routes through the shortest number of hops from the source to the destination. This particular protocol does not take into account the speeds of the different links between the routers. In the case where four sites were connected together in a box with three T1 lines and a 56 Kbps line, OSPF would choose to communicate from Site A to Site D through the 56 Kbps line. Clearly you would not want to use it in this type of WAN setup. However, if your WAN links were all about the same speed, it might serve you adequately.

Dynamic routing protocols are most useful when there are multiple routers on a network or multiple paths between remote sites. If you do not have such as set-up, they will probably have no value to you.

Two more widely used dynamic routing protocols are RIP and EIGRP. RIP is one of the oldest routing protocols, and one of its advantages is that UNIX systems running the routing daemon (routed) can communicate via RIP. This allows those systems to have a better picture of the network routing tables and communicate more efficiently with other systems. It also lets them be routers themselves and participate in updating the routing protocols. EIGRP, on the other hand, is one of the newest protocols. It is a Cisco proprietary protocol which figures in latency, throughput, and number of hops when determining the best way to route packets.

The first step in configuring a dynamic routing protocol is to add the protocol in global configuration mode. The next step is to add all the networks that your site belongs to. If you have subnetted your network, you should add the main network number and not the subnet number. You can determine what networks your router belongs to by looking at the IP addresses and netmasks of all of your interfaces. A sample configuration is shown below:

In this example, the router belongs to two different networks: 204.176.117.0 and 204.176.118.0. Those would be added as networks below the "router rip" or "router eigrp" statement.

This tells the router to announce that it is connected to these networks using RIP. If you wanted to use EIGRP or some other dynamic routing protocol, you would substitute its name for RIP. Unlike RIP, you must specify an autonomous system number to use EIGRP. This allows you to have groups of routers on the same networks that belong to different groups for the purpose of exchanging routing information. Most sites will usually only use one, and then static route to the Internet. Some may have two; one for the internal network, and one which they are assigned by their ISP.

Not many sites run multiple routing protocols. This would be redundant, and might even cause problems. As noted above, there are some cases where this might appeal to you, or even be necessary. For example, you might want to run RIP on your internal network, but communicate with your ISP via EIGRP. This is certainly possible, but it is quite an advanced configuration. Those who choose to use multiple routing protocols should make sure they have a good grip on their RIPs and EIGRPs (or other protocols) before they begin.

If you were using multiple routing protocols and your wanted to pass information learned from one to the other, you need to specify this explicitly. You could be running EIGRP between your routers and RIP among UNIX systems, which may be acting as routers (or not). If you want the UNIX systems to have the full EIGRP routing information in their local routing tables (and thus route more efficiently), you must tell your routers to redistribute their EIGRP routing tables via RIP. This will send out the updates to your UNIX systems using RIP without stopping your routers from using EIGRP among themselves.

Enabling this is as simple as using the "redistribute" command under the routing section. However, it might seem a little backwards at first. The proper configuration is for RIP to broadcast information that the router has learned through EIGRP, not the other way around.

If you also wanted the routers to learn about any routes learned by the UNIX systems through RIP, you would tell EIGRP to broadcast that information using "redistribute rip".

Occasionally, you may find one of your routers connected to a device, which does not support your routing protocol. Whether the remote router is incapable of it, or it has simply been turned off, you can still map their networks into your dynamic routing tables. To make this happen, simply add the "redistribute static" command into your routing configuration and make sure you have static routes pointing to these networks. In this case, static routes are treated as just another routing information protocol like RIP or EIGRP. The "redistribute" command is used to propagate information this router knows via a specific routing protocol so that other routers will also learn about it.

When you run the "show ip route" command on another router, you will see the routes that have propagated to it via the dynamic routing protocol. These are the routing entries below whose lines begin with a "R" for RIP.

One very popular static route is the one that leaves your network and goes to the Internet. If you have multiple routers on a network, only the one directly connected to the Internet should have a static route to your ISP. If you redistribute it via a dynamic routing protocol, all the other routers on the network will use it as their default route (this saves you from having to do it manually.) The default route is a network of all zeros with a netmask of all zeros. In this case, it is routed to the remote side of serial port 1. This serial port has an IP address of 208.213.185.5 and is subnetted in such a way that the remote side can only be 208.213.185.6.

Another item of concern with dynamic routing protocols is how to block the information passing between two locations. With some routing protocols, you have a routing group number (sometimes called an autonomous system number or process ID). This group defines which routers listen to other routers about routing information. Hence, two routers on the same physical network with two different group numbers will not pay attention to each other. Routers with the same group number will pay attention to each other and exchange routing information.

But what do you do if a site you connect to is already using a group number you use as well? Worse yet, what if you are using RIP, which has no group numbers and listens to all sources and transmits to all destinations? You need to be able to block routing information received from unwanted sources in order to keep your network running properly. You may also want to block the transmission of routing information outside your network for security purposes as well as to keep that information from messing up someone else's network.

You can easily block a router from transmitting routing information on a specific interface by using the "passive-interface" command. This command (under the "router" configuration) tells the router not to send any routing information out that interface. It can be set on any type of interface, LAN or WAN.

Ignoring routing information received on a particular interface is more difficult. It is a two-step process, which touches on access lists. Access lists are the building blocks of network security in Cisco routers, and can be quite confusing to the uninitiated. In this case, we will use a basic access list to block EIGRP from receiving information through serial interface 0. The first step is to create the access list. This is done with the "access-list" command.

The first option is the basic IP access list number. This is an arbitrary number between 1 and 99. There are other types of access lists which use different number ranges, but since we are using a basic IP access list, we are limited to this range of numbers. For our example, we will use the number "23". The next option is to select whether to permit or deny packets with this access list. In our case, we want to deny packets. Finally, we use the keyword "any" to deny packets from any machine.

The access list does nothing by itself; rather, it is used only when referenced by another command. In this case, we want it to block all EIGRP information coming in on serial interface 0. To do this, use the "distribute-list" command to invoke the access list on the interface. The first option to this command is the arbitrary number used to create the access list (in this case, "23"). Next, select the direction in which you wish the access list to be effective (in or out). Since we are already blocking routing information from going out the interface with the "passive-interface" command, we want to use the inbound direction for the access list. Finally, list the interface on which the access list will take effect (in this case, serial interface 0.)

The final configuration for EIGRP group 2 would look like this:

The routing tables are the only way to know how your router is currently routing packets. Routes are added and deleted automatically when interfaces go up and down. You need to check the routing tables from time to time to make sure thing are as they should be. The routing table is displayed using the "show ip route" command. A typical small routing table for an EIGRP based network is shown below.

The letter codes at the beginning of each line tell us whether the route is directly connected to the router (C), statically routed (s), EIGRP (D), or EIGRP external (EX). If the route is directly connected, it will tell you which interface is on that network. If the route is static, it will tell you the destination gateway. If the route is learned through a dynamic routing protocol, it will tell you the destination gateway (which should also be the router that announced the information to it), the time since the route was last updated, and the interface pointing to the destination gateway.

All lines show the route and the netmask as the string xxx.xxx.xxx.xxx/yy, where the x's are the network portion of the IP address and yy is the number of bits in the netmask. In this example, you see a class C network number 208.213.190.0. Class C networks have the netmask 255.255.255.0, so how do they get 24 from this? The answer is simple. Each number in the dotted quad notation of the netmask is eight bits long. If all eight bits are set to one (instead of zero) then they would add up to 255 (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255). Since you have three sets of eight bits set to one, you have 24 total bits in the netmask field ( 8 * 3 = 24 ).

That is all you really need to know; however, some may be curious about the numbers inside the square brackets. These numbers (e.g., [170/307200] are the administrative distance of the information source and the metric for the route. This probably won't mean a lot to you until you learn more about dynamic routing protocols and how they work.

You can verify routes are operating properly using the "traceroute" command. This command attempts to locate all routers between the local router and the destination. Each intermediate router is called a hop. If domain name service has been configured, the router will try to display the name of each router in the middle of the route well. Depending on your DNS response times, this may slow down the execution of the command. "Traceroute" displays the IP address (and sometimes name) of each router as well as the amount of time in milliseconds it took for each system to respond. An asterisk (*) is displayed if no response was available.

If you have problems reaching a host, you may get line after line of asterisks. This will continue until the maximum number of 30 hops is reached. This can take some time and cause you much consternation. If you want to stop this, you simply need to enter the abort sequence. This is usually one of the following three key sequences:

1. Ctrl-X
1. Ctrl + Shift + 6 (Hold down Control and Shift and press 6)
1. Ctrl + Shift + 6 (Hold down Control and Shift and press 6), then release them and press x.

Other common errors you run into are "!H" (bang H) which means no route to host, and "!A" (bang A) which means no such address.

Dynamic routing protocols on the Cisco 700 series routers are much simpler than in IOS. Henry Ford said, "You can have it any color you want, as long as it's black," in the same vein, you can use any routing protocol you want, as long as it's RIP. This is a quaint way of saying that RIP is the only dynamic routing protocol available.

Since Cisco 700 series routers are usually used as edge routing devices for SOHO/RO (Small Office Home Office/Remote Office) networks, dynamic routing is not really a requirement. If the remote network is only connected to a single corporate or ISP network via ISDN, the need for dynamic routing protocols is nonexistent. A simple default route to the upstream network will suffice.

There are, however, many situations where dynamic routing protocols are needed, and not all are immediately visible. The most obscure might be the use of a network management system (NMS) such as HP (Hewlett Packard) Openview Node Manager. Openview and other NMSs may require the use of a routing protocol such as RIP version 2 to automatically map your network.

A less obscure reason for running RIP on a Cisco 700 series router is a site with more than one internal or external network. In this case, route maintenance is best maintained by a dynamic routing protocol like RIP. This allows the network routing tables to adjust to the state of the network.

There are two parts main parts to setting up RIP on a 700 series router: sending and receiving. You must determine if you want your router to send out RIP updates and receive them on a per-profile basis. By default, the reception and transmission of RIP packets is turned off. To enable them on a WAN connection, change directory into that profile, and enter the following commands:

The first command (set ip rip receive v2) tells the router to listen for RIP version 2 packets on the WAN. If you are running RIP version 1, you can change the keyword "v2" to "v1". The keyword "off" disables the reception of RIP packets by the router profile.

The second command (set ip rip update demand) tells the router to send RIP updates when the ISDN line first connects and when changes occur in the RIP tables. Use this keyword for WAN connections to avoid bringing up the ISDN line unnecessarily. Other options for this command are "periodic", "snapshot", and "linkup". The "periodic" keyword tells the router to send updates periodically and when the RIP tables are updated. This is mostly used for LAN connections, but can be used on WAN connections to help insure the ISDN connection stays up full time. Make sure your ISDN billing has been setup for a full time connection before you do this, or you could be in for a very large phone bill.

The two periods for "snapshot" routing updates are "quiet" and "active". During the active period, routing updates occur normally over a particular interface. Once the active period expires, the quiet period begins and the routing table is frozen in that state. There is no RIP activity until the quiet period expires. The "set ip rip snapshot client" and "set ip rip snapshot server" commands are used to configure the quiet and active periods. Those who truly understand dynamic routing protocols and how to configure them should be the only ones using snapshot routing for RIP. Most others, especially accidental administrators will want to trust the more automatic commands "periodic", "demand", and "linkup".

The "linkup" option is useful on WAN connections. The RIP packets are sent as soon as a connection is established and every 30 seconds thereafter. As long as the connection exists, packets will continue to be sent. If the connection does not exist, RIP updates cease. This prevents the line from being brought up by RIP packets as in the case of the periodic update. Unfortunately, this may keep the line up all the time, as idle counters will be reset every 30 seconds as the RIP updates occur. Later (in "Advanced Configurations") you can learn how to make the router's idle timer ignore RIP packets so that this doesn't happen.

Once you have chosen your RIP update method, you choose the version you want to use with the "set ip rip version" command. Choose either "1" or "2" (unless you are using periodic updates, in which case you also have the option to choose "both"). Whichever version you choose should match the one you chose to receive.

An example of a good LAN configuration would be:

Most configurations will not require that routes learned over the Ethernet be announced over the WAN. This is because most 700 series network configurations are simple, supporting only SOHO/RO networks. However, in more complex networks you may want to use this feature and by default, it is turned on. You can double-check this by looking for this command in your LAN and WAN profiles:

Static routes are usually all you need to configure 700 series routers, especially in simple SOHO/RO networks. Typically, a single default route is configured to a corporate backbone or ISP in the WAN profile. In some circumstances, you may also want to add other static routes to the configuration. Each one will have its own line in the configuration.

Setting up static routes is fairly simple. The command "set ip route destination" is used. Next, enter the IP network number (and optionally, the number of subnet bits (i.e. 204.176.117.0/24).) For the default route use 0.0.0.0/0. Finally, use the keyword "gateway" to define the IP address of the router/server which will know how to route this network (i.e. "gateway 198.17.21.4"). This command also has two options: "propagate" and "cost". By default, "propagate" will be enabled and the cost will be "1". Enabling propagation will make the router announce the static route in RIP packets.

The cost associated with a route determines when that route will be used. Lower cost routes take precedence over ones with higher costs. This gives you finer control over when a route will be used. For example, you may have two 700 series routers on a small office network. One connects to the corporate network and is operational 24 hours a day. The other is directly connected to the Internet. Both routers only use one B channel for communications, but can bring up a second one if there is sufficient need. They both have WAN profiles for corporate and Internet connections.

Each of these would have two static routes. The first router would have a gateway to the local ISP and a cost of 1. The second would have the same gateway and higher cost (probably 10) and would, therefore, become the backup connection. If the first router went down, Internet traffic could begin flowing over its idle B channel. The reverse would allow you to backup the connection to the corporate network. The first router would have a high cost and the second one would have a low cost. If the second router failed, the first would take over for it.

Viewing the routing tables shows you how the router will router packets to specific network. The command to view the routing tables is "show ip route". This command will show you routing information in columns. The first column (Profile) tells you which profile a route is learned from (in this case, LAN or wan4500.) The next column (Type) tells you the interface for the route (NET for Ethernet or WAN for ISDN.) The Destination is the network being routed, and the Bits are the subnet bits for that network. The Gateway is where the packets for that network will be forwarded. Prop(agation) tells you whether this router is announcing this route via RIP. Cost displays the cost associated with a particular route. The Source column details whether the network is directly connected to a profile, statically routed, or learned from the RIP protocol. Age tells you how many minutes the route will remain in the table without being updated.

If you have watched the console output of your router for a while, you will have noticed messages scrolling by on the screen. Mostly they are just general information, but occasionally they have information you may want to see about lines going up and down. Once this information scrolls off the screen it is normally gone forever. There is no default place it is logged, but by learning the logging facility, you can change this.

Log information can be stored in router RAM. This allows you to keep some of the log history for later viewing. However, this information is not stored permanently. Since there is finite memory in the router for storing messages, a limit on their number is necessary. By default, only the last message is stored. You can increase the number of log messages stored on the router with the "logging history size N" command, where N is a number between 1 and 500. Once the log has been filled with messages, new messages will overwrite old ones, automatically rolling the log for you and keeping the last N log messages. Since this information is stored in RAM, it is not permanent. Every time the router is rebooted, the log information will be lost.

Before keeping logs on your router you should make sure you have enough RAM to store the messages. If your router is already low on RAM, this could damage your routers performance. Use the "show memory" command to get a general idea of how much memory is available for logging. Then run "show memory failures alloc" to see if any attempts to allocate memory to processes have failed. If they have, you may already be low on memory.

In this example, there is 14 MB of I/O memory free with no failures; hence, there is plenty of memory for logging messages. If it is assumed that each log entry takes up 256 bytes, and you want to save the maximum of 500 messages, then you will need 125 KB (256 bytes * 500 messages) to store your messages. Obviously 125 KB can easily fit into 14 MB, so there is no problem logging 500 messages on this router.

You may also need to allocate buffer space to log the complete messages, as the message history is only a brief description of what has been logged. This also takes up memory, and it is allocated not by number of messages, but by byte count. The default amount is 8 KB, and since we have determined we want 125 KB, the command "logging buffered 128000" can be used to override the default.

Before implementing logging on the local router, consider how the information is displayed. By default, log messages contain information about an event, but no time and date stamp. This makes them nearly worthless for troubleshooting. For example:

By using the "service timestamps log datetime" command, time and date stamps can be added to each new entry in the log. You may want to add options to this command to display the time down to the millisecond (msec), to use the local time zone information (localtime), or to show the local time zone information (show-timezone). Before using time zone commands, you will need to set the time zone in the global configuration with the "clock timezone" command. You will also want to set the date and time with the "clock set" command in enable mode.

Time stamp information is invaluable to debugging efforts and should be used for all kinds of logging, on router and off. To configure a router with all the options mentioned here, see the following example.

Running the "show logging" command now shows a synopsis of the stored log information, as well as the log messages themselves. The "show logging history" command shows a longer synopsis of the same log information. Note that only the log (and not the log history) uses the time stamp information.

As noted previously, there are some drawbacks to storing log information on routers. First, they take up memory, which could be used for something more important, and the information is lost each time the router is rebooted. If you were using the information to track someone whom you thought was breaking into your router, all they would need to do would be to reboot the router for your audit trail to be lost.

A more useful method of logging would be to send all the log messages over the network to a log server. This server would then store the messages to its hard disk where they can be stored almost indefinitely. Cisco uses the standard logging protocol, syslog, to send messages to a server. Most modern UNIX system include a syslog daemon, which is running by default. Typically the configuration file for syslog is /etc/syslog.conf.

The router can be configured to send logging information to a syslog server with the command "logging HOST", where HOST is the host name or IP address of the syslog server. You need to set up the router to resolve host names to IP address before you can use the name of the server. If you have not done this, you should use the IP address. Using the IP address is more reliable and uses less overhead because it does not rely on the DNS server being alive and does not have to resolve the host name. However, if you have a large number of routers and want the ability to change the location of your logs by changing the DNS pointer to the log server, you will want to use the host name.

Once the router is sending logging information to the syslog server, you must make sure the server knows what to do with it. By default, the router uses the syslog definition "local7" to send out all of its alerts. There are eight levels of information used by the "local7" definition, which are listed below.

Table 7-1. The eight levels of syslog information for each log definition.

Since the default state of the syslog server is unknown, you should go to the effort to generate your own modifications to the /etc/syslog.conf file. It is recommended that a separate file be created for each of the eight levels of logging and that they all be stored separately from the normal syslog information (possibly in another directory). To do this, you should edit the syslog configuration file to look something like this.

Once the file is updated with your information, you will need to create the special directory you want to use (in this case, /usr/adm/router) and then create empty files for the logging information. By default, syslog will not create log files; only write to them if they exist. Once this is done, you can restart the syslog daemon and logging will begin immediately.

One thing you will notice immediately is that something logged to a particular level will also be logged to all other levels below it. Hence, if a log event occurs at level three (error) it will also be logged to levels four, five, six, and seven. This can be extremely obnoxious; in addition, it wastes disk space on your server. There are two ways to stop this: first, stop the router from logging anything above a certain level, and second, stop the server from writing it to the disk.

To stop the router from logging information past a certain level, simply remove those lines from the configuration file. If all you want to see are emergency through warning messages, remove the lines for notifications, information, and debugging. You may also want to change some of the system defaults, such as "*.info" or "*.debug". These will log the events for "local7.info" and "local7.debug" wherever it logs the events for the operating system which use different syslog definitions such as cron and mail. You may want to remove the asterisk in front of these lines and replace them with all other syslog definitions. Many of the syslog definitions are defined in the following table.

Table 7-2. Many of the syslog definitions available for use. Cisco uses local7 by default.

The "logging trap" command allows you to limit the types of messages sent to the server. It takes one option, a logging level keyword as listed in the table above. If you want to see only levels zero through three (emergency, alert, critical, and error) you would use the keyword "err" as the option to this command.

Log files on most UNIX systems will continue to grow forever. Eventually, they will cause the administrator big problems, usually in the form of a disk filling up and possibly a system crash. You can prevent this by rotating the log files weekly or monthly, depending on how large they get, and how much information you want to keep. You can also compress them after they have been moved aside so they take up less space. This will allow you to store more information for longer periods of time.

First, create a script like the one shown below, which will roll and compress the log files. You will need to specify the special directory name used, the number of iterations of the log file to keep, and the program used to compress the log files. You may want to place the script in a standard directory for system administration scripts like /usr/local/etc. This will help to insure that it will not be lost during operating system upgrades.

This script needs to be run periodically. This is configured in the cron tables. The standard command for editing the cron table in most modern UNIX operating system is "cron -e". Those not familiar with cron should read their UNIX manual pages before trying to edit the file. If you want to roll the log files weekly, you would use the following cron configuration line. This will cause the script to be executed at 4:01 am every Monday.

If you wanted to roll the log files monthly, you would use this next configuration line. It will execute the script at 4:01 am on the first day of each month.

As with any UNIX shell script, you need to make sure it is executable before it will work. The command shown below is all you need to do this.

Logging on the 700 series routers is extremely simple. All logging is visible on the console port and in telnet sessions to the router. There is no facility to keep logging information in router memory or send it to a syslog server. Logging is primarily used to debug PPP and LAN problems.

The default setting for logging is "log calls". Each major call event is logged and a message displays every time a channel is assigned a connection. This and all other logging is disabled with the command "log none". Another useful option is "log errors", which displays error messages that are not otherwise displayed. These include buffer allocation errors, mail delivery errors, and chip level errors. Two options to these commands are "time" and "verbose". The "time" command displays the time and date of each logged event or message. The "verbose" command modifies the other commands, causing them to give much more information. Be careful using "verbose", as you may get so much information that you can't figure out what's going on.

Logging on the LAN connection can show traffic or packet information. The command "log lan packets" displays statistics on packet routing once per second. The number of packets filtered, forwarded, received, and the packet queue lengths are also displayed. The command "log lan traffic" displays a one-character indicator of each packet sent on the connection, or the whole packet when "verbose" is specified. Both methods of logging LAN information can be modified with the "channel" and "verbose" options. The "channel" option allows you to provide the channel number, which is used to log traffic on a channel before the channel is assigned to a connection. This is primarily used to debug PPP negotiation problems. The "verbose" option will give you more information. It also has two options: "inbound" and "outbound" to restrict the packet content display to either incoming or outgoing packets.

Domain name service (DNS) is the protocol which resolves host names (e.g., www.btg.com) to IP addresses (e.g., 204.176.115.69). Although not absolutely necessary for router operations, it is easier to remember names rather than long stings of numbers. It also aids in debugging router problems. For example, commands like "traceroute" are able to look up the host names of IP addresses they receive from the network. Debugging using host names is much easier than using IP addresses and having to mentally translate them to hosts or routers on the network. It is for these reasons that most people configure DNS lookup on their routers.

Setting up DNS lookups on your router is very easy. You simply need the domain name to which your network belongs and the IP addresses of your DNS servers. The domain name is added using the "ip domain-name" command. Each DNS server you want to use is entered individually using the "ip name-server" command.

The output of "traceroute 199.29.53.67" looks like this before the DNS is configured:

The following commands add DNS lookup services to the router.

Once DNS is configured, the command can be run using the host name instead of the IP address. Note that the IP addresses of the interim routers are also listed by name.

The network time protocol (NTP) is used to set and keep the proper time on your computers. Source clocks on the Internet keep extremely accurate time and usually allow anyone to access them. In fact, many large ISPs have their routers setup as NTP servers, which will allow you closer access to accurate time. One such server is "rackety.udel.edu". Normally, you would set up one router to use a source clock server on the Internet, and the rest of your routers to use the first. Your client computers could then get the proper time from their local routers. You should contact your ISP to find out the name and IP address of their NTP servers.

The first step in setting up NTP is to tell the router the timeserver's IP address. This will make the router start getting time information from the Internet immediately. If you are using a dial-up connection, it could cost you extra money, so you may want to investigate it more thoroughly. The command to set the NTP server is "ntp server HOSTNAME", where HOSTNAME is the host name or IP address of the upstream timeserver.

This will update the clock, but not the calendar on the router. You can enter the command "ntp update-calendar" to make sure the calendar gets updated as well. The final configuration necessary is to get the router to broadcast NTP packets to the network. This is done on a per interface basis. You can also tell slave routers to listen to the broadcast time packets in this way.

A master timeserver on your network would have the following NTP configuration:

A slave timeserver would have the following NTP configuration:

Configuring your computers to take advantage of time service is beyond the scope of this book. You should refer to the following Internet resources to learn more about configuring individual systems.

Table 7-3. List of Internet resources for learning more about NTP.

Nothing is more annoying that having your CLI not configured properly. For example, if you make a minor spelling mistake, the router will try to connect you to some nonexistent host. A large number of these problems and annoyances can be corrected with a few minor configuration changes.

To stop the router from trying to resolve every typo, use the command "transport preferred none". This command needs to be added to every instance of "line" in the configuration ("line" refers to a connection to your router that’s used for administration) in the following manner:

Do you keep running out of virtual terminals for telnet sessions? Just add more! Use the "line vty" command to add as many as you need.

Pagination not working right? Lines scrolling off the top before the " --More-- " prompt allows you to read them? Or maybe you're using a terminal with more than the default 25 lines? Do you like an xterm (X windows terminal program) stretched so more can be displayed on a single screen? Use the "terminal length N" command, where N is the number of lines supported by that terminal. This is done in exec mode and is only valid for that login session.

If you want to do this permanently on some terminal or vty lines, you can add it to the line profile in configuration mode. To do this use the "length N" command under the specific line you want to change.

Finally, are you tired of having the router drop your telnet connection just because you walked away for a few minutes (or went to lunch)? Change the default time-out! Use the "exec-timeout M S" command where M is minutes and S is seconds. If you want to disable automatic logout all together, set M and S to 0.

So, after mucking about with all these things, here is how your router configuration might look: