Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 10: Network Management - Coggle Diagram
Module 10: Network Management
10.2 Device Discovery with LLDP
10.2.1 LLDP Overview
Link Layer Discovery Protocol (LLDP) performs the same function as CDP but is vendor-neutral, meaning it works with devices from various manufacturers, including Cisco. It advertises device identity and capabilities to other connected devices, helping to create a network map.
10.2.2 Configure and verify LLDP
10.4 SNMP
10.4.6 Community Strings
SNMPv1 and SNMPv2c use community strings as plaintext passwords for MIB access:
Read-only (ro): Allows viewing but not modifying MIB variables; commonly used for SNMPv2c due to limited security.
Read-write (rw): Allows both viewing and modifying MIB variables.
10.4.7 MIB Object ID
The MIB organizes variables hierarchically as OIDs, which uniquely identify each managed object in a tree structure. This structure includes both common variables (RFC-defined) and vendor-specific branches, such as those defined by Cisco. For example, Cisco's OID path is
1.3.6.1.4.1.9
.
10.4.4 SNMP Versions
SNMPv1: Defined in RFC 1157, this legacy version is rarely used today.
SNMPv2c: Defined in RFCs 1901–1908, adds bulk data retrieval and better error reporting but uses minimal, community-string-based security.
SNMPv3: Defined in RFCs 3410–3415, offers advanced security with authentication, encryption, and message integrity.
10.4.8 SNMP Polling Scenario
SNMP allows network administrators to monitor CPU utilization over time by polling devices. This data is compiled, creating a baseline, and threshold alerts can be set. If CPU usage exceeds the threshold, notifications are sent to the administrator, as shown in periodic CPU usage samples over weeks.
10.4.3 SNMP Agent Traps
An NMS periodically polls SNMP agents on devices using "get" to monitor performance, configure verification, and set thresholds. Polling delays detection of events and uses bandwidth, so SNMP traps are used for immediate alerts on critical events like link failures or restarts, reducing the need for constant polling.
10.4.9 SNMP Object Navigator
"The
snmpget
utility demonstrates SNMP's basic functionality, but long MIB variable names like 1.3.6.1.4.1.9.2.1.58.0 can be difficult for users. Typically, network operations staff use a network management tool with a GUI that hides the complexity of MIB variable naming. The Cisco SNMP Object Navigator tool helps administrators research OID details, such as information for the
whyReload
object."
10.4.2 SNMP Operation
SNMP agents on managed devices store data in the MIB, which the SNMP manager accesses using "get" to retrieve data and "set" to modify configurations or initiate actions. The agent responds to "get" requests by providing requested values and to "set" requests by applying changes and confirming the new settings.
10.4.1 Introduction to SNMP
SNMP helps administrators manage network devices like routers and switches by monitoring performance and troubleshooting. It consists of an SNMP manager, SNMP agents (nodes), and a Management Information Base (MIB). The manager communicates with agents using "get" to collect data, "set" to configure, and "traps" for alerts.
10.7 IOS Image Management
10.7.2 TFTP Servers as a Backup Location
10.7.3 Backup IOS Image to TFTP Server Example
10.7.4 Copy an IOS Image to a Device Example
10.7.5 The boot system Command
To upgrade to the copied IOS image after that image is saved on the flash memory of the router, configure the router to load the new image during bootup by using the boot system command, as shown in the example. Save the configuration. Reload the router to boot the router with new image. At the [confirm] prompt, press Enter to continue. Otherwise press Control-C to cancel.
If there are no boot system commands in the configuration, the router defaults to loading the first valid Cisco IOS image in flash memory and runs it.
10.3 NTP
10.3.2 NTP Operation
NTP uses a hierarchy called stratums: stratum 0 (precise clocks) connects to stratum 1 (primary network time sources), which syncs lower strata. Lower stratum numbers mean closer to the time source. Stratum 16 is unsynchronized.
10.3.3 Configure and Verify NTP
10.3.1 Time and Calendar Services
Synchronizing time across all network devices is essential for accurate event tracking. Routers and switches can be set manually or via Network Time Protocol (NTP). NTP, using UDP port 123, provides a more consistent time source by syncing devices to a master clock or public NTP server, crucial for larger networks.
10.5 Syslog
10.5.2 Syslog Operation
Popular destinations for syslog messages include the following:
Logging buffer (RAM inside a router or switch)
Console line
Terminal line
Syslog server
10.5.1 Introduction to Syslog
Like a Check Engine light on your car dashboard, the components in your network can tell you if there is something wrong.
The syslog protocol was designed to ensure that you can receive and understand these messages.
The most common method of accessing system messages is to use a protocol called syslog
The syslog protocol was developed for UNIX systems in the 1980s but was first documented as RFC 3164 by IETF in 2001.
Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors, as shown in the figure.
10.5.3 Syslog Message Format
10.5.4 Syslog Facilities
Some common syslog message facility codes reported on Cisco IOS routers include:
IF - Identifies that the syslog message was generated by an interface.
IP - Identifies that the syslog message was generated by IP.
OSPF - Identifies that the syslog message was generated by the OSPF routing protocol.
SYS - Identifies that the syslog message was generated by the device operating system.
IPSEC - Identifies that the syslog message was generated by the IP Security encryption protocol.
10.5.5 Configure Syslog Timestamp
Use the command service timestamps log datetime to force logged events to display the date and time.
10.1 Device Discovery with CDP
10.1.1 CDP Overview
Cisco Discovery Protocol (CDP) is a proprietary Layer 2 protocol that helps create a network map by gathering information about connected Cisco devices. It is media and protocol independent, sending periodic advertisements to connected devices.
10.1.2 Configure and Verify CDP
10.6 Router and Switch File Maintenance
10.6.5 Use TFTP to Back Up and Restore a Configuration
Copies of configuration files should be stored as backup files in the event of a problem. Configuration files can be stored on a Trivial File Transfer Protocol (TFTP) server, or a USB drive. A configuration file should also be included in the network documentation.
To save the running configuration or the startup configuration to a TFTP server, use either the copy running-config tftp or copy startup-config tftp command, as shown in the example.
10.6.6 USB Ports on a Cisco Router
The Universal Serial Bus (USB) storage feature enables certain models of Cisco routers to support USB flash drives. The USB flash feature provides an optional secondary storage capability and an additional boot device. Images, configurations, and other files can be copied to or from the Cisco USB flash memory with the same reliability as storing and retrieving files by using the Compact Flash card. In addition, modular integrated services routers can boot any Cisco IOS Software image saved on USB flash memory. Ideally, USB flash can hold multiple copies of the Cisco IOS and multiple router configurations.
10.6.4 Use a Text File to Restore a Configuration
A configuration can be copied from a file and then directly pasted to a device. The IOS executes each line of the configuration text as a command. This means that the file will require editing to ensure that encrypted passwords are in plaintext, and that non-command text such as --More-- and IOS messages are removed. In addition, you may want to add enable and configure terminal to the beginning of the file or enter global configuration mode before pasting the configuration. This process is discussed in the lab later is this topic.
Step 1. On the File menu, click Send file.
Step 2. Locate the file to be copied into the device and click Open.
Step 3. Tera Term will paste the file into the device.
The text in the file will be applied as commands in the CLI and become the running configuration on the device.
10.6.7 Use USB to Back Up and Restore a Configuration
When backing up to a USB port, it is a good idea to issue the show file systems command to verify that the USB drive is there and confirm the name, as shown in the example.
Notice the last line of output shows the USB port and name: “usbflash0:”.
Next, use the copy run usbflash0:/ command to copy the configuration file to the USB flash drive. Be sure to use the name of the flash drive, as indicated in the file system. The slash is optional but indicates the root directory of the USB flash drive.
The IOS will prompt for the filename. If the file already exists on the USB flash drive, the router will prompt to overwrite, as shown in the examples.
Use the dir command to see the file on the USB drive and use the more command to see the contents, as shown in the example.
10.6.3 Use a Text File to Back Up a Configuration
Step 1. On the File menu, click Log.
Step 2. Choose the folder location and filename to save the file and click Save. Tera Term will open Tera Term: Log window and will now capture all commands and output generated in the terminal window.
Step 3. To capture the current configuration, enter the show running-config or show startup-config command privileged EXEC command. The text displayed in the terminal window will also be directed to the chosen file.
Step 4. When the capture is complete, select Close in the Tera Term: Log window.
Step 5. Open the file to verify that the configuration was captured properly and not corrupt.
10.6.8 Password Recovery Procedures
Passwords on devices are used to prevent unauthorized access. For encrypted passwords, such as the enable secret passwords, the passwords must be replaced after recovery. Depending on the device, the detailed procedure for password recovery varies. However, all the password recovery procedures follow the same principle:
Step 1. Enter the ROMMON mode.
Step 2. Change the configuration register.
Step 3. Copy the startup-config to the running-config.
Step 4. Change the password.
Step 5. Save the running-config as the new startup-config.
Step 6. Reload the device.
10.6.2 Switch File Systems
With the Cisco 2960 switch flash file system, you can copy configuration files, and archive (upload and download) software images.
10.6.1 Router File Systems
The Cisco IOS File System (IFS) allows the administrator to navigate to different directories and list the files in a directory. The administrator can also create subdirectories in flash memory or on a disk. The directories available depend on the device.
The example displays the output of the show file systems command, which lists all of the available file systems on a Cisco 4221 router.
This command provides useful information such as the amount of total and free memory, the type of file system, and its permissions. Permissions include read only (ro), write only (wo), and read and write (rw). The permissions are shown in the Flags column of the command output.
The Flash File System
Because flash is the default file system, the dir command lists the contents of flash. Several files are located in flash, but of specific interest is the last listing. This is the name of the current Cisco IOS file image that is running in RAM.
The NVRAM File System
The present working directory command is pwd. This command verifies that we are viewing the NVRAM directory. Finally, the dir command lists the contents of NVRAM. Although there are several configuration files listed, of specific interest is the startup-configuration file.
