CCNA2 Chapter 10 Device Discovery, Management, and Maintenance

Compare CDP and LLDP

10.1.2.4

Service Timestamp

10.2.2.4

Interpret Syslog Output

10.2.2.5

Syslog Server

A type of server used for collecting system messages from networked devices The syslog server provides a relatively user-friendly interface for viewing syslog output. The server parses the output and places the messages into pre-defined columns for easy interpretation. If timestamps are configured on the networking device sourcing the syslog messages, then the date and time of each message displays in the syslog server output, Network administrators can easily navigate the large amount of data compiled on a syslog server. One advantage of viewing syslog messages on a syslog server is the ability to perform granular searches through the data. Also, a network administrator can quickly delete unimportant syslog messages from the database.

License verification

After a new license has been installed the router must be rebooted using the reload command. As shown in Figure 1, the show version command is used after the router is reloaded to verify that license has been installed. The show license command in Figure 2 is used to display additional information about Cisco IOS software licenses. This command displays license information used to help with troubleshooting issues related to Cisco IOS software licenses. This command displays all the licenses installed in the system. In this example, both the IP Base and Security licenses have been installed. This command also displays the features that are available, but not licensed to execute, such as the Data feature set. Output is grouped according to how the features are stored in license storage. The following is a brief description of the output: Feature - Name of the feature License Type - Type of license; such as Permanent or Evaluation License State - Status of the license; such as Active or In Use License Count - Number of licenses available and in use, if counted. If non-counted is indicated, the license is unrestricted. License Priority - Priority of the license; such as high or low Note: Refer to the Cisco IOS 15 command reference guide for complete details on the information displayed in the show license command.

Step 3. Install the License

After the license has been purchased, the customer receives a license file. Installing a permanent license requires two steps: Step 1. Use the license install stored-location-url privileged exec mode command to install a license file. Step 2. Reload the router using the privileged exec command reload. A reload is not required if an evaluation license is active. Figure 1 shows the configuration for installing the permanent license for the Security package on the router. Note: Unified Communications is not supported on 1941 routers. A permanent license is a license that never expires. After a permanent license is installed on a router, it is good for that particular feature set for the life of the router, even across IOS versions. For example, when a UC, SEC, or Data license is installed on a router, the subsequent features for that license are activated even if the router is upgraded to a new IOS release. A permanent license is the most common license type used when a feature set is purchased for a device. Note: Cisco manufacturing preinstalls the appropriate permanent license on the ordered device for the purchased feature set. No customer interaction with the Cisco IOS Software Activation processes is required to enable that license on new hardware. Install the security license seck9-C1900-SPE150_K9-FAB12340099.xml from flash0 and reload the router. R2# license install flash0:seck9-C1900-SPE150_K9-FAB12340099.xml Installing licenses from "seck9-C1900-SPE150_K9-FAB12340099.xml" Installing...Feature:seck9...Successful:Supported 1/1 licenses were successfully installed 0/1 licenses were existing licenses 0/1 licenses were failed to install R2# *May 27 17:24:57.391: %LICENSE-6-INSTALL: Feature seck9 1.0 was installed in this device. UDI=1900-SPE150/K9:FAB12340099; StoreIndex=15:Primary License Storage *May 27 17:24:57.615: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = seck9 and License = seck9 R2# reload You successfully installed the Security License on R2.

TFTP Servers as a Backup Location

As a network grows, Cisco IOS Software images and configuration files can be stored on a central TFTP server. This helps to control the number of IOS images and the revisions to those IOS images, as well as the configuration files that must be maintained. Production internetworks usually span wide areas and contain multiple routers. For any network, it is good practice to keep a backup copy of the Cisco IOS Software image in case the system image in the router becomes corrupted or accidentally erased. Widely distributed routers need a source or backup location for Cisco IOS Software images. Using a network TFTP server allows image and configuration uploads and downloads over the network. The network TFTP server can be another router, a workstation, or a host system.

Default Logging

By default, Cisco routers and switches send log messages for all severity levels to the console. On some IOS versions, the device also buffers log messages by default. To enable these two settings, use the logging console and logging buffered global configuration commands, respectively. The show logging command displays the default logging service settings on a Cisco router, as shown in the figure. The first lines of output list information about the logging process, with the end of the output listing log messages. The first highlighted line states that this router logs to the console and includes debug messages. This actually means that all debug level messages, as well as any lower level messages (such as notification level messages), are logged to the console. On most Cisco IOS routers, the default severity level is 7, debugging. The output also notes that 32 such messages have been logged. The second highlighted line states that this router logs to an internal buffer. Because this router has enabled logging to an internal buffer, the show logging command also lists the messages in that buffer. You can view some of the system messages that have been logged at the end of the output.

LLDP Overview

Cisco devices also support Link Layer Discovery Protocol (LLDP), which is a vendor-neutral neighbor discovery protocol similar to CDP. LLDP works with network devices, such as routers, switches, and wireless LAN access points. This protocol advertises its identity and capabilities to other devices and receives the information from a physically connected Layer 2 device.

Configure and Verify NTP

Display the clock using the detail option on R1. R1# show clock detail .18:11:26.172 UTC Tue Dec 1 2015 No time source R1# Enter Global Configuration mode on R1 to configure the following: Set the clock time zone to PST (Pacific Standard Time), which is 8 hours later than GMT (-8). Set PDT (Pacific Daylight Time) to summer time recurring. Use end command to exit Global Configuration mode. Re-display the clock using the detail option. R1# configure terminal R1(config)# clock timezone PST -8 R1(config)# Clock summer-time PDT recurring R1(config)# end R1# show clock detail .10:25:36.304 PST Tue Dec 1 2015 No time source Summer time starts 02:00:00 PST Sun Mar 13 2016 Summer time ends 02:00:00 PDT Sun Nov 6 2016 Enter Global Configuration mode to configure the following: Configure R1 to use an external public NTP server with an IP address of 209.165.200.225. Use end command to exit Global Configuration mode. Re-display the clock using the detail option. R1# configure terminal R1(config)# ntp server 209.165.200.225 R1(config)# end R1# show clock detail 13:23:32.648 PST Tue Dec 1 2015 Time source is NTP Summer time starts 02:00:00 PST Sun Mar 13 2016 Summer time ends 02:00:00 PDT Sun Nov 6 2016 Verify that R1 is associated with the NTP server at IP address 209.165.200.225. R1# show ntp associations address ref clock st when poll reach delay offset disp *~209.165.200.225 .GPS. 1 61 64 377 0.481 7.480 4.261 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured Verify that R1 is synchronized with the NTP server at IP address 209.165.200.225. R1# show ntp status Clock is synchronized, stratum 2, reference is 209.165.200.225 nominal freq is 250.0000 Hz, actual freq is 249.9995 Hz, precision is 2**19 ntp uptime is 589900 (1/100 of seconds), resolution is 4016 reference time is DA088DD3.C4E659D3 (13:21:23.769 PST Tue Dec 1 2015) clock offset is 7.0883 msec, root delay is 99.77 msec root dispersion is 13.43 msec, peer dispersion is 2.48 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000001803 s/s system poll interval is 64, last update was 169 sec ago. You have successfully configured and verified NTP.

Configure and Verify CDP

Display the status of CDP on R1. R1# show cdp % CDP is not enabled R1# Enter Global Configuration mode to configure the following: Enable CDP globally on R1. Disable CDP on interface S0/0/0. Use end command to exit Global Configuration mode. R1# configure terminal R1(config)# cdp run R1(config)# interface s0/0/0 R1(config-if)# no cdp enable R1(config-if)# end R1# Display the list of CDP neighbors on R1. R1# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID S1 Gig 0/1 122 S I WS-C2960- Fas 0/5 Display more details from the list of CDP neighbors on R1. R1# show cdp neighbors detail ------------------------- Device ID: S1 Entry address(es): IP address: 192.168.1.2 Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5 Holdtime : 136 sec Version : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 23-Oct-14 14:49 by prod_rel_team advertisement version: 2 Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF010221FF000000000000002291210380FF0000 VTP Management Domain: '' Native VLAN: 1 Duplex: full Management address(es): IP address: 192.168.1.2 Total cdp entries displayed : 1

Configure and Verify LLDP

Display the status of LLDP on R1. R1# show lldp % LLDP is not enabled R1# Enter Global Configuration mode to configure the following: Enable LLDP globally on R1. Disable LLDP on interface S0/0/0. Use end command to exit Global Configuration mode. R1# configure terminal R1(config)# lldp run R1(config)# interface s0/0/0 R1(config-if)# no lldp transmit R1(config-if)# end R1# Display the list of LLDP neighbors on S1. S1# show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID R1 Fa0/5 99 R Gi0/1 Total entries displayed: 1 Display more details from the list of LLDP neighbors on S1. S1# show lldp neighbors detail ------------------------------------------------ Chassis id: c471.fe45.73a0 Port id: Gi0/1 Port Description: GigabitEthernet0/1 System Name: R1 System Description: Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team Time remaining: 106 seconds System Capabilities: B,R Enabled Capabilities: R Management Addresses - not advertised Auto Negotiation - not supported Physical media capabilities - not advertised Media Attachment Unit type - not advertised Vlan ID: - not advertised Total entries displayed: 1

Steps to Copy an IOS Image to a Device

Follow these steps to upgrade the software on the Cisco router: Step 1. Select a Cisco IOS image file that meets the requirements in terms of platform, features, and software. Download the file from cisco.com and transfer it to the TFTP server. Step 2. Verify connectivity to the TFTP server. Ping the TFTP server from the router. The output in Figure 2 shows the TFTP server is accessible from the router. Step 3. Ensure that there is sufficient flash space on the router that is being upgraded. The amount of free flash can be verified using the show flash0: command. Compare the free flash space with the new image file size. The show flash0: command in Figure 3 is used to verify free flash size. Free flash space in the example is 182,394,880 bytes. Step 4. Copy the IOS image file from the TFTP server to the router using the copy command shown in Figure 4. After issuing this command with specified source and destination URLs, the user will be prompted for IP address of the remote host, source file name, and destination file name. The transfer of the file will begin.

Syslog Message Format

Here are the Syslog Message Levels: Emergency Messages level 0 -System is unavailable and unusable (Could be a "panic" condition due to a natural disaster) Alert Messages Level 1-Action needs to be taken immediately (an example is loss of backup ISP connection) Critical Messages level 2 -Critical conditions (this could be a loss of primary ISP connection) Error Messages Level 3-Error conditions (must be resolved within a specified time frame) Warning Level 4 - Emergency Level 0: These messages are error messages about software or hardware malfunctions; these types of messages mean that the functionality of the device is affected. The severity of the issue determines the actual syslog level applied. Notification Level 5: The notifications level is for normal, but significant events. For example, interface up or down transitions, and system restart messages are displayed at the notifications level. Informational Level 6: A normal information message that does not affect device functionality. For example, when a Cisco device is booting, you might see the following informational message: %LICENSE-6-EULA_ACCEPT_ALL: The Right to Use End User License Agreement is accepted. Debugging Level 7: This level indicates that the messages are output generated from issuing various debug commands.

NTP Operation

NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum level is defined as the number of hop counts from the authoritative source. The synchronized time is distributed across the network using NTP. The figure displays a sample NTP network. NTP servers arranged in three levels showing the three strata. Stratum 1 is connected to Stratum 0 clocks. Stratum 0 An NTP network gets the time from authoritative time sources. These authoritative time sources, also referred to as stratum 0 devices, are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them. Stratum 0 devices are represented by the clock in the figure. Stratum 1 The stratum 1 devices are directly connected to the authoritative time sources. They act as the primary network time standard. Stratum 2 and Lower The stratum 2 servers are connected to stratum 1 devices through network connections. Stratum 2 devices, such as NTP clients, synchronize their time using the NTP packets from stratum 1 servers. They could also act as servers for stratum 3 devices. Smaller stratum numbers indicate that the server is closer to the authorized time source than larger stratum numbers. The larger the stratum number, the lower the stratum level. The max hop count is 15. Stratum 16, the lowest stratum level, indicates that a device is unsynchronized. Time servers on the same stratum level can be configured to act as a peer with other time servers on the same stratum level for backup or verification of time.

Syslog Operation

On Cisco network devices, the syslog protocol starts by sending system messages and debug output to a local logging process internal to the device. How the logging process manages these messages and outputs is based on device configurations. For example, syslog messages may be sent across the network to an external syslog server. These messages can be retrieved without the need of accessing the actual device. Log messages and outputs stored on the external server can be pulled into various reports for easier reading. Alternatively, syslog messages may be sent to an internal buffer. Messages sent to the internal buffer are only viewable through the CLI of the device. Finally, the network administrator may specify that only certain types of system messages are sent to various destinations. For example, the device may be configured to forward all system messages to an external syslog server. However, debug-level messages are forwarded to the internal buffer and are only accessible by the administrator from the CLI. As shown in the figure, popular destinations for syslog messages include: Logging buffer (RAM inside a router or switch) Console line Terminal line Syslog server It is possible to remotely monitor system messages by viewing the logs on a syslog server, or by accessing the device through Telnet, SSH, or through the console port.

Activate an Evaluation Right-To-Use License

On router R2 perform the following tasks: Accept the End User Agreement for the license Install the Data Technology package for evaluation - 'datak9' Return to privileged EXEC mode R2(config)# license accept end user agreement R2(config)# license boot module c1900 technology-package datak9 % use 'write' command to make license boot config take effect on next boot *Apr 27 01:27:01.703: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c1900 Next reboot level = datak9 and License = datak9 *Apr 27 01:27:02.331: %LICENSE-6-EULA_ACCEPTED: EULA for feature datak9 1.0 has been accepted. UDI=CISCO1941/K9:FTX16368491; StoreIndex=1:Built-In License Storage R2(config)# end R2# *Apr 27 01:27:20.811: %SYS-5-CONFIG_I: Configured from console by console Verify the installation of the package. R2# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 3 Feature: datak9 Period left: 8 weeks 4 days Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Active, Not in Use, EULA accepted License Count: Non-Counted License Priority: Low Index 4 Feature: SSL_VPN Period left: Not Activated Period Used: 0 minute 0 second R2# You successfully activated an evaluation Right-To-Use license.

Uninstall the License

On router R2 perform the following tasks: Disable the technology package 'seck9' Return to privileged EXEC mode with the 'exit' command Reload the router for changes to take effect R2(config)# license boot module c1900 technology-package seck9 disable R2(config)# exit R2# reload <Simulated reload> Now perform the following tasks: Clear the 'seck9' license Enter configuration mode and remove the boot option for the license Return to privileged EXEC mode with the 'exit' command Reload the router for changes to take effect R2# license clear seck9 R2# configure terminal R2(config)# no license boot module c1900 technology-package seck9 disable R2(config)# exit R2# reload <Simulated reload> You successfully uninstalled the security license on R2.

Back up the License

On router R2 perform the following tasks: Save all licenses to flash0:R2_license_files Verify the file has been saved to flash0 R2# license save flash0:R2_license_files license lines saved ..... to flash0:R2_license_files R2# show flash0: -#- --length-- -----date/time------ path 1 68831808 Apr 2 2013 21:50:32 +00:00 c1900-universalk9 -mz.SPA.152-4.M3.bin 2 1153 Apr 27 2013 01:34:32 +00:00 R2_license_files 182398976 bytes available (68832961 bytes used) R2# You successfully backed up the license on R2.

Setting the System Clock

R1# clock set 15:18:00 dec 11 2015 R1#

Verifying Syslog

R1(config)# logging 192.168.1.3 R1(config)# logging trap 4 R1(config)# logging source-interface gigabitEthernet 0/0 R1(config)# interface loopback 0 R1(config-if)# *Jun 12 22:06:02.902: %LINK-3-UPDOWN: Interface Loopback0, changed state to up *Jun 12 22:06:03.902: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up *Jun 12 22:06:03.902: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.3 port 514 started - CLI initiated R1(config-if)# shutdown R1(config-if)# *Jun 12 22:06:49.642: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down *Jun 12 22:06:50.642: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down R1(config-if)# no shutdown R1(config-if)# *Jun 12 22:09:18.210: %LINK-3-UPDOWN: Interface Loopback0, changed state to up *Jun 12 22:09:19.210: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up Return to privileged EXEC mode Filter the 'show logging' output to include 'changed state to up' R1(config-if)# end R1# show logging | include changed state to up *Jun 12 17:46:26.143: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up *Jun 12 17:46:26.143: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to up *Jun 12 17:46:27.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up *Jun 12 17:46:27.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up *Jun 12 20:28:43.427: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up *Jun 12 20:28:44.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Jun 12 22:04:11.862: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up *Jun 12 22:06:02.902: %LINK-3-UPDOWN: Interface Loopback0, changed state to up *Jun 12 22:06:03.902: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up *Jun 12 22:09:18.210: %LINK-3-UPDOWN: Interface Loopback0, changed state to up *Jun 12 22:09:19.210: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up *Jun 12 22:35:55.926: %LINK-3-UPDOWN: Interface Loopback0, changed state to up *Jun 12 22:35:56.926: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up Filter the 'show logging' output to begin with 'Jun 12 22:35'. R1# show logging | begin Jun 12 22:35

Router and Switch Commands for Syslog Clients

Step 1. In global configuration mode, use the logging command toconfigure the destination hostname or IPv4 address of the syslog. Step 2. Control the messages that will be sent to the syslog server with the logging trap level global configuration mode command. For example, to limit the messages to levels 4 and lower (0 to 4), use one of the two equivalent commands. Step 3. Optionally, configure the source interface with the logging source-interface interface-type interface-number global configuration mode command. This specifies that syslog packets contain the IPv4 or IPv6 address of a specific interface, regardless of which interface the packet uses to exit the router.

Using USB Ports on a Cisco Router

The Universal Serial Bus (USB) storage feature enables certain models of Cisco routers to support USB flash drives. The USB flash feature provides an optional secondary storage capability and an additional boot device. Images, configurations, and other files can be copied to or from the Cisco USB flash memory with the same reliability as storing and retrieving files using the Compact Flash card. In addition, modular integrated services routers can boot any Cisco IOS Software image saved on USB flash memory. Ideally, USB flash can hold multiple copies of the Cisco IOS and multiple router configurations. Use the dir command to view the contents of the USB flash drive.

Password Recovery

The break sequence was issued during boot up on a router. Enter the following ROMMON commands to have the router ignore the startup configuration file during startup. Issue the ROMMON command to set the register to 0x2142. Issue the command to restart the router. rommon 1 > confreg 0x2142 rommon 2 > reset System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2010 by cisco Systems, Inc. From Privileged EXEC mode, copy the startup configuration to the running configuration. Router# copy startup-config running-config Destination filename [running-config]? 1450 bytes copied in 0.156 secs (9295 bytes/sec) Issue the following commands to reset the enable password and reset the router to run the startup configuration upon startup. Enter Global Configuration mode. Set the enable password to cisco. Change the configuration register back to 0x2102. Return to Privilege EXEC mode using the end command. Copy the running configuration to the startup configuration. Reload the router. Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# enable secret cisco Router(config)# config-register 0x2102 Router(config)# end Router# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router# reload

Step 1. Purchase the Software Package or Feature to Install

The first step is to purchase the software package or feature needed. This may be adding a package to IP Base, such as Security. Software Claim Certificates are used for licenses that require software activation. The claim certificate provides the Product Activation Key (PAK) for the license and important information regarding the Cisco End User License Agreement (EULA). In most instances, Cisco or the Cisco channel partner will have already activated the licenses ordered at the time of purchase and no Software Claim Certificate is provided. In either instance, customers receive a PAK with their purchase. The PAK serves as a receipt and is used to obtain a license. A PAK is an 11 digit alpha numeric key created by Cisco manufacturing. It defines the Feature Set associated with the PAK. A PAK is not tied to a specific device until the license is created. A PAK can be purchased that generates any specified number of licenses. As shown in the figure, a separate license is required for each package, IP Base, Data, UC, and SEC.

Step 2. Obtain a License

The second step is to obtain the license, which is actually a license file. A license file, also known as a Software Activation License, is obtained using one of the following options: Cisco License Manager (CLM) - This is a free software application available at http://www.cisco.com/go/clm. Cisco License Manager is a standalone application from Cisco that helps network administrators rapidly deploy multiple Cisco software licenses across their networks. Cisco License Manager can discover network devices, view their license information, and acquire and deploy licenses from Cisco. The application provides a GUI that simplifies installation and helps automate license acquisition, as well as perform multiple licensing tasks from a central location. CLM is free of charge and can be downloaded from CCO. Cisco License Registration Portal - This is the web-based portal for getting and registering individual software licenses, available at http://www.cisco.com/go/license. Both of these processes require a PAK number and a Unique Device Identifier (UDI). The PAK is received during purchase. The UDI is a combination of the Product ID (PID), the Serial Number (SN), and the hardware version. The SN is an 11 digit number which uniquely identifies a device. The PID identifies the type of device. Only the PID and SN are used for license creation. This UDI can be displayed using the show license udi command shown in Figure 1. This information is also available on a pull-out label tray found on the device. Figure 2 shows an example of the pull-out label on a Cisco 1941 router. After entering the appropriate information, the customer receives an email containing the license information to install the license file. The license file is an XML text file with a .lic extension.

IOS 15 System Image Packaging

There are two types of universal images supported in ISR G2: Universal images with the "universalk9" designation in the image name - This universal image offers all of the Cisco IOS Software features, including strong payload cryptography features, such as IPsec VPN, SSL VPN, and Secure Unified Communications. Universal images with the "universalk9_npe" designation in the image name - The strong enforcement of encryption capabilities provided by Cisco Software Activation satisfies requirements for the export of encryption capabilities. However, some countries have import requirements that require that the platform does not support any strong cryptography functionality, such as payload cryptography. To satisfy the import requirements of those countries, the npe universal image does not support any strong payload encryption.

Steps to Backup IOS Image to TFTP Server

To create a backup of the Cisco IOS image to a TFTP server, perform the following three steps: Step 1. Ensure that there is access to the network TFTP server. Ping the TFTP server to test connectivity, as shown in Figure 2. Step 2. Verify that the TFTP server has sufficient disk space to accommodate the Cisco IOS Software image. Use the show flash0: command on the router to determine the size of the Cisco IOS image file. The file in the example is 68831808 bytes long. Step 3. Copy the image to the TFTP server using the copy source-url destination-url command, as shown in Figure 3. After issuing the command using the specified source and destination URLs, the user is prompted for the source file name, IP address of the remote host, and destination file name. The transfer will then begin. Copy the IOS image c1900-universalk9-mz.SPA.152-4.M3.bin from flash0 to a TFTP server located at 172.16.1.100. The filename is case-sensitive. R2# copy flash0: tftp: Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin Address or name of remote host []? 172.16.1.100 Destination filename [c1900-universalk9-mz.SPA.152-4.M3.bin]? !!!!!!!!!!!!!!!!!! <output omitted> 68831808 bytes copied in 363.468 secs (269058 bytes/sec) R2# You successfully backed up the Cisco IOS to the TFTP server.

Backing up and Restoring TFTP

To save the running configuration or the startup configuration to a TFTP server, use either the copy running-config tftp or copy startup-config tftp command as shown in the figure. Follow these steps to backup the running configuration to a TFTP server: Step 1. Enter the copy running-config tftp command. Step 2. Enter the IP address of the host where the configuration file will be stored. Step 3. Enter the name to assign to the configuration file. Step 4. Press Enter to confirm each choice. Restoring Configurations with TFTP To restore the running configuration or the startup configuration from a TFTP server, use either the copy tftp running-config or copy tftp startup-config command. Use these steps to restore the running configuration from a TFTP server: Step 1. Enter the copy tftp running-config command. Step 2. Enter the IP address of the host where the configuration file is stored. Step 3. Enter the name to assign to the configuration file. Step 4. Press Enter to confirm each choice.

The boot system Command

To upgrade to the copied IOS image after that image is saved on the router's flash memory, configure the router to load the new image during bootup using the boot system command, as shown in Figure 1. Save the configuration. Reload the router to boot the router with new image. After the router has booted, to verify the new image has loaded, use the show version command, as shown in Figure 2. During startup, the bootstrap code parses the startup configuration file in NVRAM for the boot system commands that specify the name and location of the Cisco IOS Software image to load. Several boot system commands can be entered in sequence to provide a fault-tolerant boot plan. If there are no boot system commands in the configuration, the router defaults to loading the first valid Cisco IOS image in flash memory and running it.

Introduction to Syslog

When certain events occur on a network, networking devices have trusted mechanisms to notify the administrator with detailed system messages. These messages can be either non-critical or significant. Network administrators have a variety of options for storing, interpreting, and displaying these messages, and for being alerted to those messages that could have the greatest impact on the network infrastructure. The most common method of accessing system messages is to use a protocol called syslog. Syslog is a term used to describe a standard. It is also used to describe the protocol developed for that standard. The syslog protocol was developed for UNIX systems in the 1980s, but was first documented as RFC 3164 by IETF in 2001. Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors, as illustrated in the figure. Many networking devices support syslog, including: routers, switches, application servers, firewalls, and other network appliances. The syslog protocol allows networking devices to send their system messages across the network to syslog servers. There are several different syslog server software packages for Windows and UNIX. Many of them are freeware. The syslog logging service provides three primary functions: The ability to gather logging information for monitoring and troubleshooting The ability to select the type of logging information that is captured The ability to specify the destinations of captured syslog messages

Switch File Systems

With the Cisco 2960 switch flash file system, you can copy configuration files, and archive (upload and download) software images. The command to view the file systems on a Catalyst switch is the same as on a Cisco router: show file systems

Router File Systems

e show file systems command, which lists all of the available file systems on a Cisco 1941 router. This command provides useful information such as the amount of available and free memory, the type of file system, and its permissions. Permissions include read only (ro), write only (wo), and read and write (rw), shown in the Flags column of the command output. Although there are several file systems listed, of interest to us will be the tftp, flash, and nvram file systems. Notice that the flash file system also has an asterisk preceding it. This indicates that flash is the current default file system. The bootable IOS is located in flash; therefore, the pound symbol (#) is appended to the flash listing, indicating that it is a bootable disk. The Flash File System Figure 2 displays the output from the dir (directory) command. Because flash is the default file system, the dir command lists the contents of flash. Several files are located in flash, but of specific interest is the last listing. This is the name of the current Cisco IOS file image that is running in RAM. The NVRAM File System To view the contents of NVRAM, you must change the current default file system using the cd (change directory) command, as shown in Figure 3. The pwd (present working directory) command verifies that we are viewing the NVRAM directory. Finally, the dir command lists the contents of NVRAM. Although there are several configuration files listed, of specific interest is the startup-configuration file.

CDP Overview

isco Discovery Protocol (CDP) is a Cisco proprietary Layer 2 protocol that is used to gather information about Cisco devices which share the same data link. CDP is media and protocol independent and runs on all Cisco devices, such as routers, switches, and access servers. The device sends periodic CDP advertisements to connected devices, as shown in the figure. These advertisements share information about the type of device that is discovered, the name of the devices, and the number and type of the interfaces. Because most network devices are connected to other devices, CDP can assist in network design decisions, troubleshooting, and making changes to equipment. CDP can also be used as a network discovery tool to determine the information about the neighboring devices. This information gathered from CDP can help build a logical topology of a network when documentation is missing or lacking in detail.

Discover Devices Using CDP

show cdp neighbors show cdp neighbors detail With CDP enabled on the network, the show cdp neighbors command can be used to determine the network layout. For example, consider the lack of documentation in the topology shown in Figure 1. No information is available regarding the rest of the network. The show cdp neighbors command provides helpful information about each CDP neighbor device, including the following: Device identifiers - The host name of the neighbor device (S1) Port identifier - The name of the local and remote port (Gig 0/1 and Fas 0/5, respectively) Capabilities list - Whether the device is a router or a switch (S for switch; I for IGMP is beyond scope for this course) Platform - The hardware platform of the device (WS-C2960 for Cisco 2960 switch) If more information is needed, the show cdp neighbors detail command can also provide information, such as the neighbors' IOS version and IPv4 address.

Backing Up and Restoring Using a USB

show file systems copy run usbflash0: dir usbflash0: Restore Configurations with a USB Flash Drive copy usbflash0:/R1-Config

IOS Image Filenames

show flash different parts of an IOS 15 system image file on an ISR G2 device: Image Name (c1900) - Identifies the platform on which the image runs. In this example, the platform is a Cisco 1900 router. universalk9 - Specifies the image designation. The two designations for an ISR G2 are universalk9 and universalk9_npe. Universalk9_npe does not contain strong encryption and is meant for countries with encryption restrictions. Features are controlled by licensing and can be divided into four technology packages. These are IP Base, Security, Unified Communications, and Data. mz - Indicates where the image runs and if the file is compressed. In this example, mz indicates that the file runs from RAM and is compressed. SPA - Designates that file is digitally signed by Cisco. 152-4.M3 - Specifies the filename format for the image 15.2(4)M3. This is the version of IOS, which includes the major release, minor release, maintenance release, and maintenance rebuild numbers. The M indicates this is an extended maintenance release. bin - The file extension. This extension indicates that this file is a binary executable file. The most common designation for memory location and compression format is mz. The first letter indicates the location where the image is executed on the router. The locations can include: f - flash m - RAM r - ROM l - relocatable The compression format can be either z for zip or x for mzip. Zipping is a method Cisco uses to compress some run-from-RAM images that is effective in reducing the size of the image. It is self-unzipping, so when the image is loaded into RAM for execution, the first action is to unzip. Note: The Cisco IOS Software naming conventions, field meaning, image content, and other details are subject to change. Memory Requirements On most Cisco routers including the integrated services routers, the IOS is stored in compact flash as a compressed image and loaded into DRAM during boot-up. The Cisco IOS Software Release 15.0 images available for the Cisco 1900 and 2900 ISR require 256MB of flash and 512MB of RAM. The 3900 ISR requires 256MB of flash and 1GB of RAM. This does not include additional management tools such as Cisco Configuration Professional (Cisco CP). For complete details, refer to the product data sheet for the specific router.

Discover Devices Using LLDP

show lldp neighbors show lldp neighbors detail