CCNAv5 - S4: Chapter8 monitoring the network

© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Chapter 8: Monitoring
the Network
Connecting Networks

Presentation_ID 2© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Chapter 8
8.0 Introduction
8.1 Syslog
8.2 SNMP
8.3 NetFlow
8.4 Summary

Chapter 8: Objectives
 Explain syslog operation in a small-to-medium-sized business
network.
 Configure syslog to compile messages on a small-to-medium-sized
business network management device.
 Explain syslog operation in small-to-medium-sized business
network.
 Configure SNMP to compile messages on a small-to-medium-sized
business network.
 Describe NetFlow operation in a small-to-medium-sized business
network.
 Configure NetFlow data export on a router.
 Examine sample NetFlow data to determine traffic patterns.

8.1 Syslog

Syslog Operation
Introduction to Syslog

Syslog Operation
Syslog Operation

Syslog Operation
Syslog Message Format

Syslog Operation
Service Timestamp
 Log messages can be time-stamped and the source address of
syslog messages can be set. This enhances real-time debugging
and management.
 The service timestamps log datetime command entered
in global configuration mode should be entered on the device.
 In this chapter, it is assumed that the clock has been set and the
service timestamps log datetime command has been
configured on all devices.

Configuring Syslog
Syslog Server
 The syslog server provides a relatively user-friendly interface for
viewing syslog output.
 The server parses the output and places the messages into pre-
defined columns for easy interpretation. If timestamps are
configured on the networking device sourcing the syslog
messages, then the date and time of each message displays in the
syslog server output.
 Network administrators can easily navigate the large amount of
data compiled on a syslog server.

Configuring Syslog
Default Logging

Configuring Syslog
Router and Switch Commands for Syslog Clients

Configuring Syslog
Verifying Syslog

8.2 SNMP

SNMP Operation
Introduction to SNMP

SNMP Operation
SNMP Operation

SNMP Operation
SNMP Agent Traps

SNMP Operation
SNMP Versions
There are several versions of SNMP, including:
 SNMPv1 - The Simple Network Management Protocol, a Full
Internet Standard, defined in RFC 1157.
 SNMPv2c - Defined in RFCs 1901 to 1908; utilizes community-
string-based Administrative Framework.
 SNMPv3 - Interoperable standards-based protocol originally
defined in RFCs 2273 to 2275; provides secure access to devices
by authenticating and encrypting packets over the network. It
includes these security features: message integrity to ensure that a
packet was not tampered with in transit; authentication to
determine that the message is from a valid source, and encryption
to prevent the contents of a message from being read by an
unauthorized source.

SNMP Operation
Community Strings
There are two types of community strings:
 Read-only (ro) – Provides access to the MIB variables, but does
not allow these variables to be changed, only read. Because
security is so weak in version 2c, many organizations use
SNMPv2c in read-only mode.
 Read-write (rw) – Provides read and write access to all objects in
the MIB.

SNMP Operation
Management Information Base Object ID

Configuring SNMP
Steps for Configuring SNMP
Step 1. (Required) Configure the community string and access level
(read-only or read-write) with the snmp-server
community string ro | rw command.
Step 2. (Optional) Document the location of the device using the
snmp-server location text command.
Step 3. (Optional) Document the system contact using the snmp-
server contact text command.

Configuring SNMP
Steps for Configuring SNMP (cont.)
Step 4. (Optional) Restrict SNMP access to NMS hosts (SNMP
managers) that are permitted by an ACL. Define the ACL
and then reference the ACL with the snmp-server
community string access-list-number-or-name
command.
Step 5. (Optional) Specify the recipient of the SNMP trap operations
with the snmp-server host host-id [version {1 |
2c | 3 [auth | noauth | priv]}] community-
string command. By default, no trap manager is defined.
Step 6. (Optional) Enable traps on an SNMP agent with the snmp-
server enable traps notification-types
command.

Configuring SNMP
Verifying SNMP Configuration

Configuring SNMP
Security Best Practices

8.3 NetFlow

NetFlow Operation
Introduction to NetFlow

NetFlow Operation
Purpose of NetFlow
Most organizations use NetFlow for some or all of the following key
data collection purposes:
 Efficiently measuring who is using what network resources for what
purpose.
 Accounting and charging back according to the resource utilization
level.
 Using the measured information to do more effective network
planning so that resource allocation and deployment is well-
aligned with customer requirements.
 Using the information to better structure and customize the set of
available applications and services to meet user needs and
customer service requirements.

NetFlow Operation
Network Flows
NetFlow technology has seen several generations that provide more
sophistication in defining traffic flows, but “original NetFlow”
distinguished flows using a combination of seven key fields.
 Source and destination IP address
 Source and destination port number
 Layer 3 protocol type
 Type of service (ToS) marking
 Input logical interface

Configuring NetFlow
NetFlow Configuration Tasks

Examining Traffic Patterns
Verifying NetFlow

NetFlow Collector Functions

NetFlow Analysis with a NetFlow
Collector

Chapter 8: Summary
 Syslog, SNMP, and NetFlow are the tools a network administrator
uses in a modern network to manage the collection, display, and
analysis of events associated with the networking devices.
 Syslog provides a rudimentary tool for collecting and displaying
messages as they appear on a Cisco device console display.
 SNMP has a very rich set of data records and data trees to both set
and get information from networking devices.
 NetFlow and its most recent iteration, Flexible NetFlow, provides a
means of collecting IP operational data from IP networks.
 NetFlow provides data to enable network and security monitoring,
network planning, traffic analysis, and IP accounting.
 NetFlow collectors provide sophisticated analysis options for
NetFlow data.

CCNAv5 - S4: Chapter8 monitoring the network

More Related Content

What's hot (20)

Similar to CCNAv5 - S4: Chapter8 monitoring the network (20)

More from Vuz Dở Hơi (20)

Recently uploaded (20)

CCNAv5 - S4: Chapter8 monitoring the network