22. Implementing Network Services

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What additional information might be added to an IP flow?

-Flow time stamps to understand the life of a flow; time stamps are useful for calculating packets and bytes per second. -Next-hop IP addresses, including BGP routing ASs. -Subnet mask for the source and destination addresses to calculate prefixes. -TCP flags to examine TCP handshakes.

What is the default for the inactive flow timer?

15 seconds

What is the default for the active flow timer?

30 seconds

What is the most common format of NetFlow? What is the latest format?

5 is most common, 9 is newest and has some advantages

What is a MIB? How is it relevant to SNMP?

A Management Information Base (MIB) is a collection of definitions of managed objects; SNMP agents on managed devices collect device information and translate it into a compatible SNMP format according to the MIB.

What are the two methods to access NetFlow data?

There are two primary methods to access NetFlow data: the CLI with Cisco IOS Software show commands, or using an application reporting tool called a NetFlow Collector.

What is the command to configure a server as a syslog server fora. given router?

conf t logging <server IP>

What is the command to set a minimal severity threshold to informational?

conf t logging trap informational

What does NTP do?

The Network Time Protocol (NTP) is designed to synchronize the time on a network of machines.

What is the main feature of NetFlow 9?

The main feature of NetFlow Version 9 export format is that it is template-based. A template describes a NetFlow record format and attributes of fields (such as type and length) within the record.

How many IP packet fields did NetFlow track? Flexible NetFlow?

With traditional NetFlow, typically seven IP packet fields are tracked to create NetFlow information and the fields used to create the flow information are not configurable. In Flexible NetFlow the user configures what to track and the result is fewer flows produced increasing scalability of hardware and software resources.

What secure transmission features were added in SNMPv3?

authentication, encryption, integrity, authorization, and access control

What is the special push mode of NTP?

broadcast/multicast

What command limits messages logged based on severity?

(conf)# logging trap

What are the rules for expiring NetFlow cache entries?

-Flows that have been idle for a specified time are expired and removed from the cache. -Long lived flows are expired and removed from the cache. (Flows are not allowed to live for more than 30 minutes by default; the underlying packet conversation remains undisturbed.) -As the cache becomes full, various heuristics are applied to aggressively age groups of flows simultaneously. -TCP connections that have reached the end of the byte stream (FIN) or have been reset (RST) are expired.

Traditionally, an IP flow is based on what five to seven IP packet attributes?

-IP source address -IP destination address -Source port -Destination port -Layer 3 protocol type -CoS -Router or switch interface

What capabilities to NTPv4 provide?

-IPv6 support -better security: provides a whole security framework that is based on public key cryptography and standard X.509 certificates. -automatically calculates its time-distribution hierarchy

How does NTP avoid synchronizing to a machine whose time may not be accurate?

-NTP never synchronizes to a machine that is not synchronized itself. -NTP compares the time that is reported by several machines, and it will not synchronize to a machine whose time is significantly different from the others, even if its stratum is lower.

What are the restrictions for NetFlow Version 9 data export?

-NetFlow consumes additional memory -version 9 is not backward compatible with versions 5 or 8 -export bandwidth increases for version 9 -version 9 slightly decreases overall performance because templates require additional processing

What are the two main components of SNMP.

-Network Manager Server -SNMP Agent

What does SNMP define? What protocol does it use?

-SNMP defines how management information is exchanged between SNMP managers and SNMP agents. -It uses the UDP transport mechanism to retrieve and send management information, such as Management Information Base (MIB) variables.

What can network services be categorized as?

-The collection of information on demand, driven by incidents -The continuous collection of information to establish a baseline -The notification of network events

What are the two purposes of EEM?

-To help troubleshoot an issue—When you need to troubleshoot problems of an intermittent nature, EEM scripts can be particularly useful. They allow you to automate the collection process of show command outputs and debug commands which allows you to capture data that would otherwise be extremely hard to gather. -To help provide a solution—In cases where a temporary workaround is required while the Technical Assistance Center (TAC) does a root cause analysis. Take, for example, a situation where the problem is intermittent, but the reset of an interface fixes the problem. EEM scripts can be used to trigger this action when the problem begins.

What IOS subsystem events can trigger an EEM policy to perform a specific action?

-application -Enhanced Cisco IOS Software CLI -counter -GOLD -Identity -Interface -IP SLA -Memory Threshold -Neighbor Discover -NetFlow -None (by run command) -Object Tracking -OIR -Remote Procedure Call -Resource -RF -Routing -SNMP -SNMP Object -SNMP Notification -Syslog -timer -IOS Watchdog -WDSysMon

How can you secure NTP?

-authentication -access lists

Where can syslog display messages?

-console -AUX/VTY ports -memory buffer -syslog server -memory buffer -syslog server -flash memory

What three components does Netflow require?

-flow exporter -flow collector -flow analyzer

What key variables does NTP make robust estimates of?

-network delay -dispersion of time packet exchange -clock offset

What four different models can NTP operate in?

-server -client -peer -broadcast/multicast

How can logging be implemented?

-syslog -netflow -SNMP traps

What NTP stratum signifies direct connection to a radio or atomic clock?

1

What are the steps in configuring NTP authentication?

1. Define the NTP authentication key or keys with the ntp authentication-key command. Every number specifies a unique NTP key. 2. Enable NTP authentication by using the ntp authenticate command. 3. Tell the device which keys are valid for NTP authentication by using the ntp trusted-key command. The only argument to this command is the key that you defined in the first step. 4. Specify the NTP server that requires authentication by using the ntp server ip_address key key_number command. You can similarly authenticate NTP peers by using the ntp server ip_address key key_number command.

What are the steps to implement NetFlow data reporting?

1. NetFlow is configured to capture flows to the NetFlow cache; it is referred to as the "NetFlow record." 2. The NetFlow export is configured to send flows to the collector. 3. The NetFlow cache is searched for flows that have terminated, which are exported to the NetFlow collector server. 4. Approximately 30 to 50 flows are bundled together and transported in UDP format to the NetFlow collector server; it is referred to as the "NetFlow Monitor." 5. The NetFlow collector software creates real-time or historical reports from the data.

How can you verify NTP authentication?

After implementing authentication for NTP, use the show ntp status command to verify that the clock is still synchronized. If a client has not successfully authenticated the NTP source, then the clock will be unsynchronized.

How often does an NTP client synchronize with its server? What is the possible interval?

An NTP client makes a transaction with its server over its polling interval (from 64 to 1024 seconds), which dynamically changes over time depending on the network conditions between the NTP server and the client. No more than one NTP transaction per minute is needed to synchronize two machines.

What is Cisco IOS EEM

Cisco IOS Embedded Event Manager (EEM) is a unique subsystem within Cisco IOS Software. EEM is a powerful and flexible tool to automate tasks and customize the behavior of Cisco IOS Software and the operation of a device.

What does Cisco EEM consist of?

EEM consists of a series of event detectors, an Embedded Event Manager server, and interfaces to allow action routines called policies to be invoke

T/F: it is possible to adjust the NTP poll interval on a router

False

What is Flexible NetFlow? What does it do?

Flexible NetFlow is an extension of NetFlow v9. It provides flexibility, scalability of flow data beyond traditional NetFlow.

Describe the components required by NetFlow

Flow Exporter- It is a router or network device that is in charge of collecting flow information and exporting it to a flow collector. Flow Collector- It is a server that receives the exported flow information. Flow Analyser- It is an application that analyzes flow information collected by the flow collector.

What message types did SNMPv2 add?

Get Bulk Request and Inform Request

What five message types did SNMPv1 introduce?

Get Request, Get Next Request, Set Request, Get Response, and Trap

What do NTP peers do if one loses its reference source?

If one of the peers loses all the reference sources or simply ceases operation, the other peers automatically reconfigure so that time values can flow from the surviving peers to all the others in the group.

What is the significance of the address 127.127.x.1?

If your device is configured as the NTP master, then you must allow access to the source IP address of 127.127.x.1. The reason is because 127.127.x.1 is the internal server that is created by the ntp master command. The value of the third octet varies between platforms.

What authentication do Cisco devices support for NTP?

MD5

How does NTP work?

NTP uses User Datagram Protocol (UDP) port 123 as both the source and destination, which in turn runs over IP.

How does NetFlow identify a traffic flow?

NetFlow identifies a traffic flow by identifying several characteristics within the packet header, such as source and destination IP addresses, source and destination ports, and Differentiated Services Code Point (DSCP) a or ToS markings.

Where is NetFlow typically used? Why?

NetFlow is typically used on a central site aggregate connection because all traffic from the remote sites is characterized and is available within NetFlow.

How can NTP broadcasting be configured?

On a Cisco device, a broadcast server is configured by using the broadcast command with a local subnet address. A Cisco device acting as a broadcast client is configured by using the broadcast client command, allowing the device to respond to broadcast messages that are received on any interface.

How do NetFlow and Flexible NetFlow determine when a new flow must be created in the cache?

Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. When the value of the data in the key field of a datagram is unique with respect to the flows that exist, a new flow is created.

What guidelines should you follow when setting up SNMP in your network?

Restrict access to read-only — NMS systems rarely need SNMP write access. Separate community credentials should be configured for systems that require write access. Restrict manager SNMP views to access only the needed set of MIBs — By default, there is no SNMP view entry. It works similar to an access list in that if you have any SNMP view on certain MIB trees, every other tree is implicitly denied. Configure ACLs to restrict SNMP access to only known managers- Access lists should be used to limit SNMP access to only known SNMP managers. Implement security mechanisms — SNMPv3 is recommended whenever possible. It provides authentication, encryption, and integrity. Be aware that the SNMPv1 or SNMPv2c community string was not designed as a security mechanism and is transmitted in cleartext. Nevertheless, community strings should not be trivial and should be changed at regular intervals.

What SNMP version added a complex security model, but was never widely accepted?

SNMPv2

What SNMP version is the community based de facto standard, widely used, but provides no security features besides a community string.

SNMPv2c

What SNMP version supports authentication and encryption. Should be used whenever possible.

SNMPv3

What is SNMP?

Simple Network Management Protocol (SNMP) has become the standard for network management.

What combinations of key fields is used to identify a flow?

Source IP address Destination IP address Source port number Destination port number Layer 3 protocol type Type of service (ToS) Input logical interface

Describe syslog.

Syslog is a protocol that allows a machine to send event notification messages across IP networks to event message collectors.

What type of device is most suited to being an NTP client?

This mode is most suited for file-server and workstation clients that are not required to provide any form of time synchronization to other local clients.

How many caches did NetFlow traditionally have? Flexible NetFlow?

Traditionally NetFlow has a single cache and all applications use the same cache information. Flexible NetFlow has the capability to create multiple flow caches or information databases to track NetFlow information.

What three levels of security did SNMPv3 introduce?

noAuthNoPriv — No authentication is required, and no privacy (encryption) is provided. authNoPriv — Authentication is based on MD5 or SHA. No encryption is provided. authPriv — In addition to authentication, CBC-DES encryption is used.

What restrictions can be configured for NTP using access lists?

peer — Time synchronization requests and control queries are allowed. A device is allowed to synchronize itself to remote systems that pass the access list. serve — Time synchronization requests and control queries are allowed. A device is not allowed to synchronize itself to remote systems that pass the access list. serve-only — It allows synchronization requests only. query-only — It allows control queries only.

What is the command to display the syslog status and local logging buffer?

show logging

What is the command to disable debugging?

undebug all


Set pelajaran terkait

Focus On Minimizing Your Risk for Diabetes

View Set

N144 EAQ Set - Women's Health/Disorders and Childbearing Health Promotion

View Set

Introduction to Compound Inequalities: Assignment

View Set

NNP Boards Random Factos to Remember

View Set

Chapter 5: Business Communication

View Set