Chapter 7

Syslog (cont)

- A syslog server saves copies of console messages and can time-stamp them so you can view them at a later time. Here would be your configuration on the SF router: SF(config)#service timestamps log datetime msec - To make sure all devices are synchronized with the same time information, we'll configure our devices to receive the accurate time information from a centralized server, as shown in Figure 7.5: SF(config)#ntp server 172.16.10.1 version 4

Syslog

- Allows you to display, sort, and even search messages, all of which makes it a really great troubleshooting tool. - All system messages and debug output generated by the IOS go out only the console port by default and are also logged in buffer in RAM.

Correct network time within the network is important

- Correct time allows the tracking of events in the network in the correct order - Clock synchronization is critical for the correct interpretation of events within the syslog data. - Clock synchronization is critical for digital certificates.

Debugging

- Debug is a useful troubleshooting command that's available from the privileged exec mode of Cisco IOS. It's used to display information about various router operations and the related traffic generated or received by the router, plus any error messages. - Debug is regarded as a very high-overhead task because it can consume a huge amount of resources and the router is forced to process-switch the packets being debugged.

LLDP has the following configuration guidelines and limitations

- LLDP must be enabled on the device before you can enable or disable it on any interface - LLDP is supported only on physical interfaces - LLDP can discover up to one device per port - LLDP can discover Linux servers

Network Time Protocol (NTP)

- Provides pretty much what it describes: time to all your network devices. To be more precise, NTP synchronizes clocks of computers systems over packet-switched, variable-latency data networks. Typically you'll have an NTP server that connects through the Internet to an atomic clock. This time can be synchronized through the network to keep all routers, switches, servers, etc. receiving the same time information.

LLDP (cont)

- The IEEE created a new standardized discovery protocol called 802.1AB for station and Media Access Control Connectivity Discovery. - LLDP defines basic discovery capabilities, but it was also enhanced to specifically address the voice application, and this version is called LLDP-MED (Media endpoint discovery). - To turn LLDP off or on for an interface, use the lldp transmit and lldp receive commands SW-3(config-if)#no lldp transmit SW-3(config-if)#no lldp receive SW-3(config-if)#lldp transmit SW-3(config-if)#lldp receive

Using DNS to Resolve Names

- The first command is ip domain-lookup, which is turned on by default. It needs to be entered only if you previously turned it off with the no ip domain-lookup command. The command can be used without the hyphen as well with the syntax ip domain lookup. - The second command is ip name-server. This sets the IP address of the DNS server. You can enter the IP addresses of up to six servers. - The last command is ip domain-name. Although this command is optional, you really need to set it because it appends the domain name to the hostname you type in. Since DNS uses a fully qualified domain name (FQDN) system, you must have a second-level DNS name, in the form domain.com

Getting CDP Timers and holdtime information

- The show cdp command (sh cdp for short) gives you information about two CDP global parameters that can be configured on Cisco devices: - CDP timer delimits how often CDP packets are transmitted out all active interfaces. - CDP holdtime delimits the amount of time that the device will hold packets received from neighbor devices. - To turn off or on for an interface, use the no cdp enable and cdp enable commands.

Getting Neighbor information

- The show cdp neighbor command (sh cdp nei for short) deliver information about directly connected devices. It's important to remember that CDP packets aren't passed through a Cisco switch and that you only see what's directly attached. So this means that if your router is connected to a switch, you won't see any of the Cisco devices connected beyond that switch. - The following out shows the show cdp neighbor command: SW-3#sh cdp neighbors

show process

- The show process (or show process cpu) is a good tool for determining a given router's CPU utilization. Plus, it'll give you a list of active processes along with their corresponding process ID, priority, scheduler test (status), CPU time used, number of times invoked, and so on. Example: SW-1#sh processes

Checking Network Connectivity and Troubleshooting

- You can use the ping and traceroute commands to test connectivity to remote devices, and both of them can be used with many protocols, not just IP. But don't forget that the show ip route command is a great troubleshooting command for verifying your routing table and showing interfaces commands will reveal the status of each interface to you • ping • traceroute (windows), tracert (IOS) • show ip route

Configuration steps for DHCP

1. Exclude the addresses you want to reserve. The reason you do this step first is because as soon as you set a network ID, the DHCP service will start responding to Client request. 2. Create your pool for each LAN using a unique name. 3. Choose the network ID and subnet mask for the DHCP pool that the server will use to provide addresses to hosts. 4. Add the address used for the default gateway of the subnet 5. Provide the DNS server addresses 6. If you don't want to use the default lease time of 24 hours, you need to set the lease time in days, hours, and minutes Example: Router# config t Router(config)#ip dhcp included-address 192.168.1.101 192.168.1.150 Router(config)#ip dhcp pool Router(dhcp-config)#domain-name cisco.com Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#default-router 192.168.1.1 Router(dhcp-config)#exit Router(config)#service dhcp vlan1

The Router and Switch Boot sequence

1. The IOS device performs a POST, which tests the hardware to verify that all components of the device are present and operational. The POST takes stock of the different interfaces on the switch or router, and it's stored in and runs from read-only memory (ROM) 2. The bootstrap in ROM then locates and loads the Cisco IOS software by executing programs responsible for finding where each IOS program is located. Once they are found, it then loads the proper files. By default, the IOS software is loaded from flash memory in all Cisco devices 3. The IOS software then looks for a valid configuration file stored in NVRAM. This file is called startup-config and will be present only if an administrator has copied the running-config file in NVRAM. 4. If a startup-config file is found in NVRAM, the router or switch will copy it, place it in RAM, and name the file the running-config. The device will use this file to run, and the router/switch should now be operational. If a startup-config file is not in NVRAM, the router will broadcast out any interface that detects carrier detect (CD) for a TDTP host looking for a configuration, and when that fails (typically it will fail -- most people won't even realize the router has attempted this process), it will start the setup mode configuration process. - The default order of an IOS loading from a Cisco device begins with flash, then TFTP server, and finally, ROM.

POST(power-on self-test)

Also stored in the microcode of the ROM, the POST is used to check the basic functionality of the router hardware and determines which interfaces are present.

Build a static host table on a router

By using the global configuration command ip host_name ip_address, you can build a static host table on your router. You can apply multiple IP addresses against the same host entry.

Mini-IOS

Called RXBOOT or bootloader by Cisco, the mini-IOS is a small IOS in ROM that can be sued to bring up interface and load a Cisco IOS into flash memory. The mini-IOS can also perform a few other maintenance operations.

Describe the value of CDP and LLDP

Cisco Discovery Protocol can be used to help you document as well as troubleshoot your network; also, LLDP is a nonproprietary protocol that can provide the same information as CDP

Define the Cisco Router components.

Describe the functions of the bootstrap, POST, ROM monitor, mini-IOS, RAM, ROM, flash memory, NVRAM, and the configuration register.

What are the eight option in syslog

Emergency(severity 0) - System is unusable Alert(severity 1) - Immediate action is needed Critical (Severity 2) - Critical condition Error(severity 3) - Error condition Warning(severity 4) - Warning condition Notification(severity 5) - Normal but significant condition Informational(severity 6) - Normal information message Debugging(severity 7) - Debugging message

Configuring a DNS to resolve Names

Here's an example of using the three command listed in the last note card: SW-1#config t SW-1(config)#ip domain-lookup SW-1(config)#ip name-server ? SW-1(config)#ip name-server 4.4.4.4 SW-1(config)#ip domain-name lammle.com - After the DNS configuration have been set, you can test the DNS server by using a hostname or ping to telnet into a device like this: SW-1#ping SW-3

show ip dhcp conflict

If someone statically configures an IP address on a LAN and the DHCP server hands out that same address, you'll end up with a duplicate address.

DHCP Relay

If you need to provide addresses from a DHCP server to hosts that aren't on the same LAN as the DHCP server, you can configure your router interface to relay or forward the DHCP client request. Example: Router#config t Router(config)#interface fa0/0 Router(config)#ip helper-address 10.10.10.254

Understand how to establish a Telnet session with multiple routers simultaneously

If you telnet to a router or switch, you can end the connection by typing exit at any time. However, if you want to keep your connection to a remote device but still come back to your original router console, you can press the Ctrl+Shift+6 key combination, release it, and then press X.

Cisco Discovery Protocol (CDP)

Is a proprietary layer 2 protocol designed by Cisco to help administrators collect information about locally attached Cisco devices. Armed with CDP, you can gather hardware and protocol information about neighbor devices, which is crucial information to have when troubleshooting and documenting the network.

Understand how to configure NTP

It's pretty simple to configure NTP, just like it was syslog, but we don't have to remember a bunch of options! It's just telling the syslog to mark the time and date and enbaling NTP: SF(config)#service timestamp log datetime msec SF(config)#ntp server 172.16.10.1 version 4

Understand the various levels of syslog

Its rather simple to configure syslog; however, there are a bunch of options you have to remember for the exam. To configure basic syslog with debugging as the default level, it's just one command: SF(config)#logging 172.16.10.1 However, you must remember all eight options SF(config)#logging trap ?

show ip dhcp server statistics

Lists DHCP server statistics

show ip dhcp binding

Lists state information about each IP address currently leased to a client

show ip dhcp pool [poolname]

Lists the configured range of IP addresses, plus statistics for the number of currently leased addresses and the high watermark for leases for each pool.

Copying the Configuration to a TFTP server

Once the file is copied to NVRAM, you can make a second backup to a TFTP server by using the copy running-config tftp command, or copy run tftp for short. Example: Dylan#copy running-config tftp Address or name of remote host []? 10.10.10.254 Destination filename [Dylan-config]? - If you have a hostname already configured, the command will automatically use the hostname plus the extension -config as the name of the file.

Describe the function of the ping command

Packet Internet Groper (ping) uses ICMP echo request and ICMP echo replies to verify an active IP address on a network.

Configuring and Verifying Syslog

Router(config)#logging ? Router(config)#logging console Router(config)#logging buffered - If you want to disable the defaults, use the following commands: Router(config)#no logging console Router(config)#no logging buffered - You can see the buffers with the show logging command here: Router#sh logging - The deafult trap (message from device to NMS) level is debugging, but you can change this too.

Verify that our NTP client is receiving clocking information, we use the following commands

SF#sh ntp ? SF#sh ntp status SF#sh ntp associations

Saving Syslog messages to a server configuration

SF(config)#logging 172.16.10.1 SF(config)#logging informational

Configure the router to use sequence numbers

SF(config)#no service timestamps SF(config)#service sequence-numbers

ROM monitor

Stored in the microcode of the ROM, the ROM monitor is used for manufacturing, testing, and troubleshooting, as well as running a mini-IOS when the IOS in flash fails to load.

Bootstrap

Stored in the microcode of the ROM, the bootstrap is used to bring a router up during initialization. It boots the router up and then loads the IOS

Flash memory

Stores the Cisco IOS by default. Flash memory is not erased when the router is reloaded. It is EEPROM(electronically erasable programmable read-only memory) created by Intel.

Identify current Telnet sessions

The command show sessions will provide you with information about all the currently active sessions your router has with other routers

Verifying DHCP on Cisco IOS (IMPORTANT)

The following cards

List the information provided by the output of the show cdp neighbors command

The show cdp neighbors command provides the following information: device ID, local interface, holdtime, capability, platform, and port ID (remote interface).

Save the configuration of a router or switch

There are a couple of ways to do this, but the most common method, as well as the most tested, is copy running-config startup-config.

Backing up the Cisco Configuration

To copy the configuration from an IOS device to a TFTP server, you can use either the copy running-config tftp or the copy startup-config tftp command.

Erase the configuration of a router or switch.

Type the privileged-mode command erase startup-config and reload the router.

Configuration register

Used to control how the router boots up. This value can be found as the last line of the show version command output and by default is set to 0x2102, which tells the router to load the IOS from flash memory as well as to load the configuration from NVRAM.

RAM(random access memory)

Used to hold packet buffers, ARP cache, routing tables, and also the software and data structures that allow the router to function. Running-config is stored in RAM< and most routers expand the IOS from flash into RAM upon boot.

NVRAM(non-volatile RAM)

Used to hole the router and switch configuration. NVRAM is not erased when the router or switch is reloaded. Does not store an IOS. The configuration register is stored in NVRAM

ROM (read-only memory)

Used to start and maintain the router. Holds the POST and the bootstrap program as well as the mini-IOS.

Ping a valid host ID from the correct prompt

You can ping an IP address from a router's users mode or privileged mode but not from configuration mode, unless you use the do command. You must ping a valid address, such as 1.1.1.1.

Verify the host table on a router

You can verify the host table with the show hosts command