Cisco CCNP SWITCH 642-813

Monitoring: Your Pulse on the Network

by Jeremy Cioara

Start your 7-day free trial today.

This video is only available to subscribers.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

00:00:00 - Monitoring your pulse on a network, I was so excited when I saw
00:00:06 - that CISCO has finally started adding monitoring to their certification
00:00:12 - track. Up till now when somebody says, "Hey, I wanted to get
00:00:16 - CISCO certified, what does that mean?" People would say, "Oh
00:00:18 - well you will be able to configure things and troubleshoot things
00:00:21 - and set things up and all those kind of stuff," but when somebody
00:00:24 - would ask, "Well, how I do I make sure everything is running
00:00:27 - bright just day-to-day," you just hear "wsshhh" that would be
00:00:32 - the response of a tumbleweed blowing by in CISCO certification
00:00:35 - drag. It has never been there and it is such a key part of everything
00:00:38 - that you do in your day-to-day network life setting monitoring.
00:00:42 - So what we are going to do in this nugget is walk through three
00:00:46 - specific things. Setting up Syslog, which is great, setting up
00:00:50 - SNMP which is greater and then finally concluding with the pinnacle
00:00:53 - of it all IP SLA. By the time you are done with these three things
00:00:57 - you will have a very good idea of everything that is happening
00:01:00 - in your network realm so let's get going. So
00:01:03 - first up in our monitoring bag of tricks is going to be Syslog.
00:01:07 - Now chances are if you have been in the land of CISCO for any
00:01:10 - amount of time you have seen Syslog messages as you plugged into
00:01:13 - the council port of your device. As a matter of fact it is one
00:01:16 - of my favorite things to do maybe not my favorite but it is fun.
00:01:20 - When I teach you a live class with people in it that are brand
00:01:23 - new to CISCO, they get into CISCO and this is the first day.
00:01:26 - I go, "Okay, type in config t," and they go, "What?" You know
00:01:31 - once you get passed this and they are like, "Oh, okay so this
00:01:34 - is global config." "Oh, no config t" and we get there and we
00:01:37 - are kind of like, "Okay so you do your config" and they go "How
00:01:40 - do I get out of this?" And I go, "Oh, okay, well you hit control
00:01:42 - z." You go through the whole explanation. They go "Oh, okay,
00:01:45 - so now I can do a show" and they go, "Uh-mm" and you know what
00:01:50 - I am talking about. You felt that I have been there. Remember
00:01:52 - when you first got into CISCO and you are sitting here and you
00:01:54 - are going, "Okay" I was typing and okay so and
00:02:00 - I am deleting what is going and you usually finally you get frustrated
00:02:05 - and usually you get a syntax error of some sort, you know you
00:02:08 - do your show and you are like, "Oh and you know, you are like
00:02:10 - "oh" and you are like "ah" forget you know it just it messes
00:02:13 - you up. And in the first question people get is that they go,
00:02:16 - how do I turn that off and my response is always, you don't want
00:02:19 - to turn that off and they you go, "Why not, why not?" and because
00:02:22 - that is really valuable stuff and it bugs me and so I actually
00:02:26 - wait and I know I am talking a long time but it is so fun because
00:02:30 - I wait a long time to show the miss command which should be by
00:02:33 - default and I still don't know why CISCO doesn't make that by
00:02:36 - default, but you now you know they get back and they still don't
00:02:40 - care what the message say's they just care that their typing
00:02:44 - isn't interrupted and cut in half and things like that, but these
00:02:47 - messages are huge. This is a Syslog message just reported at
00:02:50 - the console of your screen. Now a little bit about Syslog. Syslog
00:02:55 - is an industry standard deal to where every device can use syslog
00:02:58 - and has ability to report things via syslog. The message is can
00:03:02 - contain and this is based on the standards that are in can contain
00:03:06 - up to 80 characters
00:03:09 - and a% sign and that is typically a percent typically divides
00:03:13 - the date and timestamp from the message itself. Now the way
00:03:17 - the message is structured when you are looking at the message
00:03:19 - is it is broken up into 4, I call them major pieces let me go
00:03:25 - back to the prompter so I can highlight. Right up front this
00:03:29 - is the facility. What generated this Syslog message? In this
00:03:32 - case it is the system. This is the severity of the message. How
00:03:37 - impactful is that message on me. Now if you haven't seen the
00:03:40 - severity before then you want to get a feel for the severity
00:03:44 - levels, let me just do logging trap question mark. Here is all
00:03:47 - the severity levels and you can see severity level 5 which is
00:03:50 - what we are at is just a straight up notification. No, not really
00:03:55 - a big deal normal, but significant conditions, you know this
00:03:58 - is normal, but significant, somebody just configured your device,
00:04:01 - you probably want to know about that, but you know below that
00:04:04 - we have like informational like you can ignore these and then
00:04:06 - we have debugs so the higher the number the less impact it has
00:04:10 - in your device. The lower the number you can see emergency system
00:04:13 - is unusable, that is a zero, you know everything is dead is what
00:04:17 - that means. So this number right here represents the severity
00:04:20 - and the reason that is good is you can see right up front it
00:04:23 - allows you to filter what levels of severity you want to see. You
00:04:27 - know and you may say, "Well, you know what, I only would want
00:04:29 - to see level 4 and below which might be a warning condition below."
00:04:34 - So that is the severity and then right next to that you have
00:04:38 - a brief description. Now this is actually what they call the
00:04:43 - brief description. This over here is the message text so 4 major
00:04:48 - pieces facility, severity, brief description, that is what CISCO
00:04:53 - came up with as a brief description for somebody who just configured
00:04:56 - you and then here is the message text for what it is all about. So
00:05:01 - all that being said Syslog is great on your device, by default
00:05:07 - most devices will log it to memory and they call that buffered
00:05:10 - loggings so if I do a show log. I am able to see all of the messages
00:05:14 - that have happened on my device since it booted up. I can see
00:05:17 - some interfaces going down, interfaces going up and all that
00:05:19 - kind of stuff. This is considered the memory buffer or the log
00:05:22 - buffer in memory. This can be configured by going, you can see
00:05:27 - by default it is 4 kilobytes which isn't much. I can go into
00:05:30 - global config mode and do logging buffered
00:05:34 - and you can see right here is how big do you want make that buffer
00:05:40 - and on this device by default it is 4k, but you can get up and
00:05:44 - you know a lot of space and memory and then what level of warnings
00:05:47 - do you want to log in the memory buffer. Now the buffer is great,
00:05:52 - now I will tell you it has bailed me out a lot of times because
00:05:54 - I get on the device. I have no idea what is going on I just do
00:05:57 - a quick show of log and the look at the most recent timestamps
00:06:01 - which if you haven't set the time isn't very helpful, but you
00:06:04 - look at the most recent ones which is going to bot I mean and
00:06:07 - go, "Okay, it looks like most recently such and such failed so
00:06:11 - it is great." But this is all memory based so if the device
00:06:14 - is rebooting, you are losing this. That is why syslog you typically
00:06:18 - want to get a syslog server and I could go on and on and on about
00:06:22 - the different syslog servers that are out there. Splunk is probably
00:06:25 - one of the most scalable yet most confusing ones that are out
00:06:28 - there. Most popular I would say is probably Kiwi Syslog Server
00:06:33 - and this is, I downloaded this by they way you can just go on
00:06:37 - to the internet and let me bring up my
00:06:43 - web page
00:06:46 - and just do a Google for Kiwi Syslog. Kiwi
00:06:51 - Syslog used to be their own company. I think Kiwi was the name
00:06:55 - of the company and they were so fantastic and then they were
00:06:58 - acquired by Solar
00:07:00 - Winds which I am like the odd man out I think, everybody loves
00:07:05 - solar winds and I even go to the CISCO conferences and stuff
00:07:08 - like that and solar winds I will absolutely say they have this
00:07:12 - Orion monitoring projects which is phenomenal.
00:07:15 - I think it is great. I am a big fan of Solar Winds though. I
00:07:20 - am not saying anything against the people, but about and this
00:07:23 - is when Solar Winds was in their early days like 5 or 6 years
00:07:26 - ago I downloaded they had this product called engineer tool set. Now
00:07:30 - I was like, "Oh that sounds cool" and they listed all these tools
00:07:32 - and I got it and the charged like 500 bucks for it or something
00:07:36 - and I got it and it was just. It was. It felt like, maybe it
00:07:40 - wasn't, but it felt like just a bunch of freeware tools that
00:07:43 - they all put in a big zip file and they are like, "Look, we have
00:07:45 - a toolset," and ever since then I have just been kind of like,
00:07:49 - "Yeah, not a big fan of Solar Winds." And that you know, again,
00:07:53 - that being said I think everybody I talk it is like, "I love
00:07:56 - this guys." You know and so then at last they acquired kiwi.
00:08:00 - They bought them and maybe this is why I don't like them too.
00:08:03 - They made Kiwi Syslog a pay product where you have to buy it,
00:08:07 - but they still have freeware version available, you just have
00:08:10 - to dig for it. You know, they will never how you the free version
00:08:12 - right offline it is like buy now. You click on a buy now, look
00:08:15 - at all these features, buy now. You actually have to dig until
00:08:17 - they compare a versions and then they are like, oh here is the
00:08:20 - free version, look it has nothing, but you try it. It is a freeware
00:08:25 - version. It is the original kiwi that was carried over so this
00:08:28 - is it. Some of you are like, "Get to the point, buddy." So Kiwi
00:08:33 - Syslog can be installed on any Windows based platform. It is
00:08:36 - very simple very great to take all your Syslog Messages off of
00:08:41 - the device and it is so easy to set up your CISCO device to log
00:08:47 - to an offsite server. You can see them. You just do a show IP
00:08:51 - interface brief.
00:08:53 - I have given the switch and IP address for my local network here
00:08:56 - Just to let you know my PC that I am working
00:09:01 - on and talking to you on right now has the IP address
00:09:08 - That is my IP. So all I have to do
00:09:13 - go into global, logging, logging,
00:09:20 - my mind just went blank. Hang on, logging
00:09:24 - server. No, what is that? Logging, this is simple, oh
00:09:31 - duh, Logging IP address, thank you.
00:09:37 - Enter. Seriously that is all there is to it. Now you might say,
00:09:41 - "Well, how do I set the level of messages if I go over there?"
00:09:44 - Well that is as easy as typing in logging trap and you can see
00:09:49 - trap to do right there, sets this log server logging level and
00:09:54 - you hit the question mark and there is all logging levels. Now,
00:09:56 - the way this works is whenever you choose a number or a level
00:10:00 - it will log that level and below so essentially if I say, "log
00:10:05 - level 3" it is going to log 3, 2, 1,0 because all of those are
00:10:10 - considered more severe. If I say, "level 6" it is going to log
00:10:13 - 5, 4, 3, 2, 1, 0 and 6 so it is going to be that level and below.
00:10:17 - So I will just, let's go crazy, I will do debug at level 7 right
00:10:22 - here so that is essentially anything that is anything
00:10:25 - Enter. Now as soon as I go back here you can see my Kiwi Syslog
00:10:28 - is blank. I am going to shoot over here and do a control Z which
00:10:32 - will drop me back and shoot right across. I see that I have
00:10:35 - got a priority right there. This is the level that it is going
00:10:39 - to. Here is my syslog message over here that says, "I configured,"
00:10:44 - well because I am going to fit in the screen, but the configured
00:10:48 - by council, from council by council. By the people, for the people
00:10:52 - so I can go in and do some stuff you know interface fast seats
00:10:55 - and at 0/2 I will do a shut down, you know take down an interface
00:10:58 - just generating some messages here and you can see right there.
00:11:01 - Okay, we have got interface 02, change to down and from there
00:11:05 - I can just do any message is going to be logged and now show
00:11:11 - it is going to be logged here and everything is tracked. Now
00:11:15 - this is great, right because I am seeing it on my PC and I can
00:11:18 - set this up to where I have it coming from different sources.
00:11:21 - I can even specify what name the device sends when it sends me.
00:11:25 - If I don't like seeing IP address is I might say, "Well, I want
00:11:28 - it to send you know switch 1 as the host name when it sends these
00:11:31 - messages." So configurable and you have notice all these, these
00:11:35 - are facilities, logging facilities for kiwi so you can say I
00:11:40 - want this device to go to facility one and there is two so that
00:11:42 - way you just don't see you know if you have got 20 devices that
00:11:45 - are all reporting to this syslog you can get pretty confusing
00:11:48 - pretty quick. Likewise this is all being stored in a text file.
00:11:52 - You know and I haven't explored the settings as of late of kiwi
00:11:56 - syslog, but
00:12:00 - this is where you can go in and you know you can see here is
00:12:02 - the formatting. Her is where you are saving it to and now I would
00:12:06 - just be a clicking through this right now, but you can have I
00:12:09 - mean the device can text message you, it can send you an email,
00:12:12 - send you an alarm and all kinds of different stuff, but all of
00:12:15 - these are being stored on a file on your server so that way if
00:12:20 - the device reboots no loss, you have got all your messages that
00:12:23 - even tell you why the device rebooted. I am it is all being logged
00:12:26 - right there. So syslog, it is a very big way to gather information,
00:12:31 - okay, now I feel totally bad. I was sitting there thinking of
00:12:34 - it between syslog and SNMP. I was like, "Man, what if somebody
00:12:39 - from Solar Winds listens to this." As a matter of fact, I was
00:12:41 - actually at the CISCO live conference last year and I met the
00:12:45 - people at the booth from Solar Winds and they are like, "Oh,
00:12:47 - you are the CBT Nuggets guy" so they go like, "Oh yeah." We shook
00:12:49 - hands. He even gave me a USB key and they are really cool people
00:12:52 - and now they are going to listen and they are going to be like
00:12:54 - man you just totally dogged on Solar Winds, that was not cool. I
00:12:58 - am telling you Solar Winds is great it is just I didn't like
00:13:02 - the engineer's tool set that is it, that is all I have to say
00:13:05 - and speaking of SNMP. SNMP if you are solar winds you live this
00:13:11 - and SNMP is I would say the most untapped information rich resource
00:13:17 - in any CISCO Network. When I go out and I set up CISCO networks
00:13:21 - and get them set up and ready to go I always add on some kind
00:13:26 - of SNMP monitoring and when people see it they are like, "Oh,
00:13:30 - my word." I mean I could setup the most piece of junk network
00:13:33 - in the world, but once I show them SNMP they are like, "Why did
00:13:35 - I not know about this?" This is like gold for my network.
00:13:42 - SNMP stands for the Simple Network Management Protocol and it
00:13:45 - totally is. When you understand SNMP, if you, you know go to
00:13:49 - Wikipedia and probably get way more information that you
00:13:53 - need to SNMP is amazingly simple. All it is this. You have got
00:13:58 - devices, right? Let's say, let me just grab my pen here. Let's
00:14:01 - see if you got a CISCO router. There it is and that device has
00:14:05 - some interfaces and you know when you go on in a device I mean
00:14:08 - if I go here and I do a show interface fastEthernet
00:14:12 - 0/1 there is all kinds of stuff here, right. I have got 2557
00:14:20 - packets input, 2543
00:14:22 - broadcast. I mean just stats, right all kinds of stuff and I
00:14:25 - can see here and as time goes on I would be like, "Oh, well let's
00:14:28 - see what it is." Oh it is a little more, okay. Let's what it
00:14:31 - is now and then you can just keep grabbing each one of those,
00:14:34 - but each one of these
00:14:36 - actually has a specific SNMP string. They call that a MIB, a
00:14:42 - Management Information Based String that allows something to
00:14:45 - pull that information so really all, you know when you talk about
00:14:48 - solar winds or I will tell you my favorite in just a second. Again,
00:14:51 - nothing against Solar Winds, but when you have, we will say a
00:14:56 - Solar Winds like Orion Device over here, which his our management
00:15:01 - system it will actually contact this device on whatever interval
00:15:05 - you put, maybe you say I want to contact it once a second that
00:15:08 - is a very aggressive interval and every second it is going to
00:15:11 - go here and say, "Hey, tell me, what is your current packets
00:15:17 - input now?" And the device says, "It is 2584,"
00:15:21 - and it goes, "Okay, 2584."
00:15:24 - Logged it, okay, second letter comes out. "What is it now?" And
00:15:26 - the device goes, "It is 2660
00:15:31 - now," and it goes, "Oh, okay 2660
00:15:34 - logging." And it just keeps every second asking what that is. And
00:15:37 - now, what this and this is where the programmers at Orion and/or
00:15:41 - Solar Winds and all the other monitoring companies come in, they
00:15:44 - will then take that. It is almost like a big Excel Spreadsheet
00:15:47 - when it gets all this data because all SNMP does is simply grabs
00:15:50 - statistics on a specific interval. The Orions or for whatever
00:15:54 - software then takes all of that data which is you know in a database
00:15:57 - kind of like a big Excel Spreadsheet. It says, "Okay, this second,
00:15:59 - this second, this second. These are all the data I have gathered,"
00:16:02 - and it puts it in a pretty web graph. You know the graph, graph,
00:16:05 - graph, graph, graph and says, "Here is your time. Here are your
00:16:08 - packets, input and this would probably a very poor thing to monitor
00:16:12 - because we just it would be something like this." It is just
00:16:14 - constantly going up. It is going to say, "Okay, here is over
00:16:16 - time, how many packets have come in and then you can go with
00:16:19 - the web browser and say, "Okay, well show me over time how that
00:16:23 - interface has been doing?" And shoop, you got a beautiful graph
00:16:25 - and you are like, "Oh, okay this is great. I can show this to
00:16:27 - management," and all that. What most people use SNMP for
00:16:32 - is bandwidth monitoring.
00:16:34 - I would say that is absolutely the number one facet that we use
00:16:39 - SNMP tracking for. So you will say, "Show me the
00:16:45 - 5 minute input rate once every 30 seconds and graph that over
00:16:50 - time." And by doing that you will be able to see over time just
00:16:53 - how much traffic is going through your device. Now as I said
00:16:57 - Orion is great but it is not my favorite simply because it is
00:17:00 - too expensive for the little companies. The one that I love and
00:17:04 - they should give me free stuff because everybody I talked too
00:17:07 - I say, "Go buy this product." The one that I love is actually
00:17:11 - PRTG. As a matter of fact, let me just take you there real quick.
00:17:16 - The reason I love them is anybody who gives free stuff is cool
00:17:20 - in my book and PRTG is one of them. PRTG and then the company
00:17:25 - is Paesler. I think there are some guys in Germany I want to
00:17:29 - say but have been great. I have actually used PRTG for years
00:17:32 - and years and years and it you know they have a freeware down
00:17:36 - that I think it gives you like 10 sensors or essentially 10 SNMP
00:17:40 - objects that you can monitor by default, let me just take you
00:17:42 - there real quick. This is what it looks like. Now if PRTG sounds
00:17:47 - familiar. You might be thinking of MRTG which is the totally
00:17:49 - Linux-ey you know pearl scripting kind of free ware version of
00:17:53 - this. This one just runs on Windows which is great and what it
00:17:57 - does and this is kind of a picture over time. Oh, this is perfect.
00:18:00 - It takes all of the stuff that has been gathering via SNMP. Here
00:18:02 - is the database right, all this stuff over time and it puts on
00:18:06 - a chart. So this is in this case is showing you a fiber optic
00:18:09 - connection over 365 days showing the traffic in and traffic out
00:18:13 - of bandwidth and this you know it is all web based and all that
00:18:20 - kind of stuff. So yeah, that is PRTG, so SNMP is essentially
00:18:25 - the engine that all of these different monitoring devices use
00:18:29 - to grab this data and I will tell you if your company is not
00:18:32 - using SNMP go there, set it up and you will be the hero of the
00:18:37 - year, because you will say, "Hey, do you ever wonder you know,
00:18:40 - how much traffic people surfing the internet are generating?"
00:18:43 - And wham here is a graph. Let me show you right here and they
00:18:46 - are going to immediately going to be like how did you do that,
00:18:47 - show me. How do I get to that? That is awesome. This is amazing.
00:18:51 - It is great. So SNMP should be everywhere
00:18:56 - 3 different versions that are out there. Version extremely old
00:18:59 - I think it maxed out at 10 megabit per second interfaces. There
00:19:04 - is version 2 which is updated. However, the big problem with
00:19:08 - SNMP version 1 and version 2 is that they do not support any
00:19:13 - kind of encryption or authentication so that is where SNMP version
00:19:19 - 3 comes in. SNMP version 3 adds encryption. It adds authentication
00:19:23 - now it is very low level, base level encryption I think it does
00:19:27 - encryption to it, but adds at least some level of encryption
00:19:31 - and authentication. However, it is much more difficult to set
00:19:34 - up in the big picture and honestly when you really get to it,
00:19:37 - it is not but unless CISCO really focuses most of their documentation
00:19:43 - on version 1 and version 2. Version 2 being I would say the de
00:19:46 - facto standard for most of what we do nowadays. To set up SNMP
00:19:50 - it is again, just like Syslog very simple. Let
00:19:54 - me bring my switch back on. I am going to go to global- woe look
00:19:59 - at that- go to global config mode
00:20:03 - and do an SNMP server is the command followed by community. Now
00:20:10 - you will find it in SNMP everything is based around this community
00:20:13 - string and when I said that version 1 and version 2 don't have
00:20:17 - authentication that is pretty much true because authentication,
00:20:22 - most people think, okay user name, password encrypted password
00:20:25 - all that kind of stuff. They have- I guess you could all base,
00:20:28 - base, base level of authentication and it is this community string
00:20:32 - as in you can't gather these statistics unless you provide the
00:20:36 - right community string and that community string is provided
00:20:39 - by you. Now, the most popular and hackers know this, the most
00:20:42 - popular computer strings for read only meaning gathering information
00:20:47 - from that device is public and some of you know this. You know
00:20:51 - that if you are a hacker the first thing you want to do when
00:20:53 - you are on a reconnaissance and you are trying to gather information
00:20:56 - you are going to try SNMP public community string to see if you
00:20:59 - can get information and the read write community string which
00:21:02 - is extremely dangerous a default on many devices is actually
00:21:06 - private so if you leave a device a default, not CISCO devices,
00:21:11 - but most devices if you leave it a default and somebody comes
00:21:14 - in and tries to use the private stringing at work they pretty
00:21:17 - much own your device. Or my little brother said, there is this
00:21:22 - new term I guess when you are playing online games and you shoot
00:21:25 - somebody. You say they are "pwned," is that
00:21:31 - right? What is up with that? It is missing vowel somewhere but
00:21:34 - nonetheless somebody will "pwn" you if they have the read write
00:21:38 - community string to your device. So I would highly recommend
00:21:42 - not even setting one up unless you really, really have to. Most
00:21:46 - monitoring utilities like Orion and PRTG and all of the other
00:21:52 - ones that are out there MRTG, only need read only access, meaning
00:21:55 - they are only pulling data from the device on certain interval. Read
00:21:58 - write as if you want that monitoring utility to actually be able
00:22:01 - to make changes and if you have read write access people can
00:22:04 - actually change running config. There is ways to change the passwords
00:22:07 - on the CISCO device if you know the read write community string
00:22:09 - so again "pwned" I got to get use to saying it. It sounds like
00:22:13 - pony to me. So I am going to go in here and do an SNMP server
00:22:18 - community and I go in and I say, "Okay, the community string
00:22:21 - is going to be super
00:22:25 - secret which his again a horrible community string, but just
00:22:30 - for example and then I may hit the question mark and you can
00:22:33 - see is this the read only or read write community string. I
00:22:37 - am going to say, "This is the read only buddy." So if you got
00:22:40 - the super secret you can pull data from this but you can't change
00:22:43 - any data on the device. Again, most of the time I will not define
00:22:47 - a read write community string and this is a very specific reason
00:22:50 - to do that. There are utilities out there that it is kind of
00:22:53 - like a CISCO works kind of like a centralized management utility
00:22:56 - that would like read write access for both of these. I would
00:23:00 - highly suggest attacking on an access list until you know defining
00:23:03 - an access list, say access list. We will say 10 permits
00:23:12 - essential and well all those been while 000. And then I will
00:23:18 - say, "The SNMP community super secret read only," and I will
00:23:21 - say, "Filtered by access was 10."
00:23:27 - So now when I try and access this device so now I have done look
00:23:31 - at this I did both version 1 and version 2 so when I try and
00:23:36 - access this device I have to be that host or else I am not going
00:23:40 - to be able to access it via SNMP. So from there the rest of the
00:23:45 - SNMP setup is totally up to the management utility like PRTG.
00:23:49 - Hang on, actually run PRTG so let me bring this up, I am trying
00:23:54 - to hide any sensitive information from this, but I just went
00:23:58 - to the PRTG added device and you could see here is the device
00:24:01 - name. Here is its IP address so in there. Here is what icon you
00:24:04 - want to give it. They have auto discovery which is great because
00:24:08 - otherwise you have to add the individual counters 1 by 1. This
00:24:11 - kind of adds the most common counters if you will and then you
00:24:14 - come down here and you say, "Okay, SNMP devices," and you would
00:24:17 - say, "I am using SNMP version 2." My community string and that
00:24:21 - is where you would type it super, blah, blah, blah. And what
00:24:24 - this would do, I am not going to do it, but what this would do
00:24:27 - is when you hit continue, go out and then create graphs for all
00:24:31 - of the common interfaces of that device and you will be able
00:24:35 - to see the charts and you know CPU utilization, memory utilization,
00:24:39 - all of that. And so again, SNMP is a massively great thing that
00:24:44 - you want to set up in your environment. Can I tell you one more
00:24:47 - story? Okay, if you don't want to hear the story you can fast
00:24:50 - forward, but again at CISCO live last year and actually PRTG
00:24:53 - or Paessler the company who makes that was at CISCO live for
00:24:56 - the first time this last year and I was like, "Oh, oh and I went
00:25:00 - up there and I was like you guys are totally great, I have been
00:25:02 - using you for 8 years," and you know, "Everybody I tell about
00:25:06 - you," and all this kind of stuff. Like in the back of my mind.
00:25:08 - I am like, "I wonder if I can get some free stuff because I am
00:25:10 - the free stuff guy, right?" And I am like, "So I was wondering,
00:25:14 - you know I am talking to them, I was like, I was wondering, "Do
00:25:17 - you have like a not for resale like NFR version of your product
00:25:21 - kind of like an unlimited version? So I could just demo this
00:25:23 - to people and show people." You know, "Or like a t-shirt or something,"
00:25:28 - you know because seriously I tell everybody and they had German
00:25:33 - accents and it was funny he is like, "You can download the freeware
00:25:37 - version, why do you want more from us?" and I am kind of like-
00:25:41 - well, I am trying to be subtle and I was totally shut down. You
00:25:44 - know I was like, "Okay, no free stuff from them." So you can
00:25:48 - see nonetheless I still love PRTG so great SNMP utility to monitor. All
00:25:56 - right, the last thing I want to talk about and as we wrap up
00:26:00 - this monitoring section is something that is so awesome. It is
00:26:04 - called IP SLA (IP Service Level Assurance). Now SLA, you may
00:26:10 - have heard the term before it is typically something that you
00:26:13 - get from a service provider when you sign up for instance even
00:26:16 - at my house I have quest business connection and they gave me
00:26:21 - a contract when I was there saying, "Hey, we guarantee you that
00:26:24 - you will be up this percentage of the time. You will have this
00:26:27 - level of bandwidth." It is something that they assure you that
00:26:30 - says, "We will meet these parameters if you pay us a zillion
00:26:33 - dollars a month." You go, "Okay," and you sign the SLA and you
00:26:36 - agree. Well IP SLA is your way of holding them to it. Essentially,
00:26:42 - IP SLA is a monitoring system within your CISCO devices and this
00:26:48 - is not something that is only limited to switches like we are
00:26:51 - talking about right now or layer 3 switches I should be more
00:26:54 - specific, but it is also available on routers and it is very
00:26:58 - handy. What this does is detect link failure or link performance
00:27:03 - using real time data. Let me just give you a couple quick examples
00:27:06 - of this. The way it works essentially is let's say I have got
00:27:10 - a- let me draw over here I have got little room here or router
00:27:15 - that has a connection to the internet through service provider
00:27:19 - 1 and a back up connection to the internet using service provider
00:27:23 - 2. Now, one thing that I found as of late in the United States
00:27:29 - is a lot of people are moving to very fast yet very low cost
00:27:34 - internet connectivity through a lot of the cable modem and DSL
00:27:38 - providers so for example they might have a T1 line to the internet
00:27:43 - which they are paying you know 200 dollars a month for.
00:27:47 - I am just saying. Now T1, when you would say T1 back 5 years
00:27:50 - ago people are like, "Oooh it is a T1." Well maybe I am for the
00:27:53 - back 8 years ago people were like, "Ooh, a T1 line that is fast
00:27:56 - that is great," but nowadays people like T1, come on. You know
00:27:59 - my home internet can actually it is like 10 times that fast. So
00:28:02 - people are coming into the office you know and they are just
00:28:05 - very said because their internet browsing is very slow. So when
00:28:08 - I have seen a lot of companies do is the y move their T1 to a
00:28:11 - back up connection and they buy you know we will say- and I am
00:28:15 - talking to Arizona here. Well Cocks Cable Modem or quest DSL
00:28:19 - Circus that has you know 20 megabits per second you know like,
00:28:24 - you know 15 times faster than a T1 line and they get it for $150
00:28:28 - a month and that is great, you get crazy speed from that, but
00:28:32 - still cable in DSL are not as reliable as the good LT1 lines
00:28:36 - from yester year. So they will make this their primary internet
00:28:40 - connection and if this goes down then they will fail over to
00:28:43 - their good old back up T1 connection as a fail over circuit.
00:28:48 - Now here is the problem. When you look at a lot of the architecture
00:28:52 - of these DSL and cable modem boxes a lot of times you have a
00:28:55 - router and it is connected right here to a cable modem. You know
00:28:59 - here is your little lights on the cable modem or DSL box that
00:29:03 - converts either Coax or an RJ 11 phone line or whatever kind
00:29:07 - of circuit in to an Ethernet cable on this side and then this
00:29:11 - goes off and we will say you know to the big cloud, the internet
00:29:14 - connection. Now the problem is, is if this goes down you know
00:29:17 - back hoe takes out this line in your parking lot this circuit
00:29:20 - stays up. So from your router's perspective it is like, "Hey,
00:29:25 - I am still seeing up, up, this is good it will never actually
00:29:28 - fail over because the interface at least right here this point
00:29:33 - right here, that interface never goes down unless the cable modem
00:29:36 - goes down or the DSL modem goes down." So what IPSLA can do is
00:29:41 - this. You can have this router. This is the router right here.
00:29:44 - The smiling router, send a probe once every whatever, you define
00:29:51 - it 10 seconds, 5 seconds, second every you know 20 seconds whatever. Send
00:29:55 - a probe to whatever destination you want, now that could be the
00:29:59 - ISP's gateway, that could be you know a DNS server like
00:30:05 - that is a really reliable DNS server out on the internet. That
00:30:08 - could be some of my who never seems to go down. Something
00:30:12 - that is very reliable and report back, essentially it will send
00:30:15 - we'll say a ping message to that device and it comes back and
00:30:18 - says, "Yup, I am online," and the IP SLA will say, "Okay, I am
00:30:21 - successful." Well when this goes down you know outside the cable
00:30:26 - modem and this stays up those probes will end up failing. So
00:30:30 - it is going to say, "Okay, yes, the interface shows it up, but
00:30:33 - my probes are coming back as down," thus I will consider this
00:30:36 - interface or will be more specific the route that uses that interface
00:30:41 - to be down and now will fail over to the back of T1 line that
00:30:45 - is one of many uses of IP SLA, but I would say probably one of
00:30:50 - the most common. So before I go any further and talking about
00:30:54 - some of these other ones let me just show you on the switch and
00:30:58 - this is you know this normally done a router, but it could be
00:31:00 - done on a switch too. How to set this up? It is a little more
00:31:04 - pieces into it and I will explain why? First thing you need
00:31:07 - to do is set up the probe, you know my little circle right here.
00:31:10 - I think of these, I don't know, why every time, I think of an
00:31:12 - IP SLA probe I think of little androids like on Star Wars, you
00:31:16 - know, they are kind of hovering around, that is what these are
00:31:19 - like. Little androids that you can make them look like anything,
00:31:22 - so I am going to go in and define what is my Android look like?
00:31:26 - I am going to go and say IP SLA monitor.
00:31:30 - Oh, okay, my commands are slightly different. There is different
00:31:36 - versions of the IOS. You will see for instance some have IP SLA
00:31:39 - monitor and you type a number. This one just says, "IP SLA,"
00:31:42 - and you type the number. So I will say, "IP SLA 100?" And it
00:31:47 - is saying okay what does this android look like, essentially
00:31:50 - what do you want to make this little probe right here look like
00:31:53 - as it is being sent across the internet? Now you can see you
00:31:57 - have a variety of options here. You can say, "Make it a DNS operation,"
00:32:01 - you know, "Do a DNS look up, make it look like a DHCP reply or
00:32:05 - request," you know, "Send an HTTP connect request."
00:32:09 - Pretty flexible if you look at this, I mean you could say if
00:32:12 - that webserver doesn't reply with this web page send me an alert
00:32:15 - again, all kinds of things, but right now I am just talking about
00:32:18 - fail over so this one would probably be an ICMP echo. I will
00:32:22 - say, "icmp-echo 2," where you would go in and find it. It says,
00:32:26 - "I am going to be a probe, what is my destination?" It could
00:32:30 - be the ISP's gateway. It could be you know this DNS server right
00:32:34 - here so I will say, "icmp-echo"
00:32:40 - and says, "If you want you can send us, use a specific source
00:32:44 - address." But I am just going to say, "That is it. I just wanted
00:32:46 - to send that echo." Now notice, I am going deeper in this config
00:32:50 - mode. It says, "Okay, you have configured a little android, a
00:32:52 - little probe and it is going to be an icmp-echo to this." Now
00:32:56 - what are some characteristics of this? How often do you want
00:32:59 - to send this echo and I will say, "Well I want to send this once
00:33:03 - every- now let's send it once every 10 seconds or maybe 5 seconds."
00:33:07 - You know I want to make sure it stays up line. You know what
00:33:10 - is the time out of this? What is the threshold and milliseconds
00:33:14 - that you will be able to take for you know if a reply doesn't
00:33:17 - come? There is again all kinds of things that you can get in
00:33:20 - to and I would say check out CISCO's website and IP SLA if you
00:33:23 - want to define each one of these things. I will jus say, "Send
00:33:26 - a PING once every 5 seconds and leave everything else at default.
00:33:29 - So I am going to exit back out and I am going to do IPS. So I
00:33:34 - have now defined the probe." IP SLA and I am going to schedule
00:33:39 - this guy. I am going to say, "You know what? I want to schedule
00:33:42 - probe number 100."
00:33:46 - You can see that is the number of this. That is the entry number.
00:33:50 - Schedule 100 to start,
00:33:54 - let's do it now, you know because I don't know what the date
00:33:57 - and time is on this device and I will say, "The life span of
00:34:04 - this is forever.
00:34:08 - It is an eternal probe." So
00:34:12 - from there you know I could go on and specify each parameters
00:34:16 - how long to keep this entry when it is inactive like if I disable
00:34:18 - it and so on, but I will just say, "That is it, it is now scheduled
00:34:21 - and it started to run forever. Now I guarantee you this probe
00:34:25 - is now dying. Simply because this is a switch with virtually
00:34:29 - no configuration it doesn't know how to get off the network.
00:34:33 - So I am going to do an IP, let's go back here and do show IP
00:34:39 - SLA statistics
00:34:42 - and you can see right here I have got the probe last return was
00:34:46 - timeout and you know it was running last every 5 seconds right? So
00:34:49 - it has already had 2 failures and it lives forever. Actually,
00:34:53 - I might be able to fix this really quick, let me give it a default
00:34:56 - gateway. I bet you that will do it. I don't even thing I have
00:35:01 - routing turned down so I will do IP Default gateway,
00:35:06 - I don't even think I need a static route all zeros so let me
00:35:10 - just do this, ping, we are going
00:35:13 - to get there, probably not.
00:35:17 - Why not? Hey I
00:35:19 - am going to just do a show IP route.
00:35:25 - Now default gateway can I ping
00:35:28 - that. Please hold while I will troubleshoot my home network and
00:35:31 - oh look at that why isn't that going, hang on. Ping,
00:35:35 - why are you not getting there, can't get there. Here
00:35:41 - is the beauty of CBT Nuggets, what just happened for you right
00:35:44 - there in a split second was probably about 15 minutes for me.
00:35:47 - Try and figure out what is going on in my home network and actually
00:35:49 - I discovered I had a static route on my ASA firewall set up wrong
00:35:53 - for months, probably explains a lot of other issues that I was
00:35:58 - running into so I am happy that I fixed that. So nonetheless
00:36:01 - I just fixed the static route on my firewall and now that is
00:36:06 - working great and you can see my switch is right here ping to
00:36:08 - Now if I go back
00:36:12 - and do a show IP SLA statistics, now check that out. We have
00:36:17 - got last return "okay." The probe is working. We are now able
00:36:22 - to send probes to and as you know as time goes on we
00:36:26 - are going to see these number successes increasing. Now this
00:36:29 - is all great. Now I could stop right there and say that is it
00:36:34 - SLA is awesome, we love it, you know, great because that is monitoring
00:36:39 - and you can actually add that to a maundering system like Orion
00:36:43 - or PRTG in graph over time, what your roundtrip statistics would
00:36:47 - be for this sort of thing, but SLA can do so much more for example. This
00:36:52 - little probe or we will call it this SLA Object could be a attached
00:36:57 - to what is called a tracking object so watch this, I am going
00:36:59 - to type in track and we will just call this track object number
00:37:04 - one and I am going to track IP- no, no, no, I am going track
00:37:10 - ITR now this words are going to get a little weird, you are going
00:37:15 - what, what is RTR. RTR is the old name of SLA that CISCO forgot
00:37:20 - to update in this version and I think probably if you have in
00:37:23 - their latest and greatest IP SLA used to be called RTR responder
00:37:27 - a real time reporter RTR you know there is a responder entry
00:37:30 - and all that kind of stuff. So RTR is the old name and I bet
00:37:34 - you, maybe by the time you hear this or the new code comes out
00:37:38 - you know IOS 15 and beyond you are going to see this replaced
00:37:41 - by SLA or IP SLA or something like that, but I am going to say
00:37:45 - track object number one is going to be tied to SLA probe 100,
00:37:50 - now what is that, this guy, you know check to see if I can ping
00:37:54 - for which DNS server. Now what am I going to track. I
00:37:58 - am going to say, I am going to track the reach ability of that
00:38:02 - enter and then it goes in this little sub mode where you can
00:38:05 - set some delays and all that kind of stuff, but I am just going
00:38:08 - to exit out because I have now defined a track object. You might
00:38:11 - say, "Okay, Jeremy, what can you do with a track object?" A track
00:38:16 - object can be assigned to a static route. Let me take you back
00:38:20 - to this scenario. When we set this up you know with what we will
00:38:23 - say, "Cox or QWest" or sorry, "We have got Cox or QWest being
00:38:27 - our primary and if that goes down we go to this." Well there
00:38:30 - is going to be a default route. I am going to have you know we
00:38:32 - will say IP route
00:38:35 - 0.0.0. a whole bunch of zeroes and then I will say you know my
00:38:41 - default route goes to you know we will say,
00:38:45 - which is the gateway over here to Cox or QWest you follow me? So
00:38:49 - this is a default route letting this router use that. Now, we
00:38:52 - would also have a default route for here which you know a very
00:38:56 - simple set up I will just do IP route you know all zeroes and
00:39:01 - then put the default gateway over here. We will just say it is
00:39:03 - and then I would just tweak the administrative distance
00:39:06 - of that route higher, maybe make it 50 or something like that
00:39:09 - so this route would not be used unless this route went down because
00:39:13 - its administrative distance is 1, sorry if I am talking to fast,
00:39:16 - but I am putting all that together. So what I would do is I would
00:39:19 - then tack on a track object to it so check this out. Imagine
00:39:23 - that I had this as my primary connection. I would go in and I
00:39:27 - would say IP route you
00:39:31 - know this is my Cox or QWest DSL modem and I would say this is
00:39:35 - going to- we will say
00:39:39 - or hang on. We made that like
00:39:43 - is Cox or Qwest and then I would add on to that, track
00:39:48 - 1 Enter. Now what does that do? What that does is it says only
00:39:55 - make this route available or added to the routing table as long
00:39:59 - as track 1 is returning a positive response. Now there is a lot
00:40:03 - of little ties that came in here so let's back track and put
00:40:06 - it all together. Okay track object 1 is tied to reachability
00:40:10 - of SLA object 100, SLA object 100 is pinging this DNS server
00:40:18 - every 5 seconds so if SLA 100 goes down the reachability for
00:40:22 - track objects 1 goes down thus the static route gets pulled from
00:40:26 - the routing table and that will fail over to this one. Viola,
00:40:30 - we have SLA in a failover kind of situation, but and you know,
00:40:34 - okay stop right there. Okay, wasn't that awesome. Sorry I just
00:40:39 - had that. I love SLA for tracking. I have used this actually
00:40:43 - another place I use this was a company had a 2 buildings tied
00:40:48 - together and they actually tied them using WiFi at a little dish
00:40:52 - on the top of these buildings right here doing WiFi between there
00:40:57 - like a mile or two apart and then they had a T1 line as a back
00:41:00 - up so this one ran at 54 megabits per second, but was unreliable
00:41:06 - for unbeknownst reasons. You know, it would just go down, you
00:41:09 - know bad stormy day, conflicting frequencies and all that kind
00:41:12 - of thing. Well the problem in the same way is the dish was attached
00:41:15 - to some device, I don't' remember what it was in the middle which
00:41:19 - terminated the WiFi and brought it out on Ethernet to the router
00:41:22 - and the router you know even if this WiFi went down the router
00:41:25 - had no way of telling because the link always stayed on. So we
00:41:28 - use SLA to track the reachability of the wireless bridge so it
00:41:32 - works awesome for not just this kind of situation, but all kinds
00:41:36 - of situations where you are not able to tell if the link is down
00:41:39 - unless you send some active traffic. But again you know this
00:41:43 - had so many different things that you can set up, you can use
00:41:46 - it to monitor voice and quality levels of voice and if the quality
00:41:50 - is in at a certain level switch over to a different link. I mean
00:41:53 - there is all kinds of things that you can do with it, so please
00:41:56 - I would encourage you open the can on IP SLA when you are done
00:41:59 - with this nugget, check it out because it can do so much stuff.
00:42:02 - The last thing I want to mention is an SLA end point can be either
00:42:07 - a device or something called an SLA responder so let me wipe
00:42:12 - all this stuff off. So
00:42:15 - what is the difference, you can have a router sending we will
00:42:20 - say a ping, we will say it is an SLA ping to the other side as
00:42:24 - a device or if it is a CISCO device you can set it up as an SLA
00:42:31 - responder. Or it used to be called the real time response, responder
00:42:38 - and so what is the difference, well just what we did right here,
00:42:42 - let me get back here. What we did with this example that I gave
00:42:46 - you is we set up IP SLA to a device, who? the DNS server
00:42:53 - out on the internet, that is the device that we are paying. It
00:42:56 - doesn't know that we have SLA going to it. It is just saying,
00:42:59 - "Hey, somebody is pinging me. Let me return a response." If you
00:43:02 - sue an IP SLA responder it takes a little configuration on this.
00:43:05 - It is very minimal actually and what you do is now have this
00:43:09 - guy communicate to the SLA responder service which will give
00:43:12 - you a more accurate result. See here is the idea, if I set up
00:43:16 - SLA to a device which I will just say this is our server.
00:43:22 - You are going to measure the amount of time the ping took to
00:43:25 - get here. The amount of time it took to process that ping packet,
00:43:30 - create another packet and then send it back to you. So what
00:43:34 - you know, you may be thinking, "Oh, well I am getting you know
00:43:36 - the reports on this line." Well yeah, you are you are seeing
00:43:39 - how fast that line is in the delay if you will to get from you
00:43:43 - to there, but the problem is if this DNS server gets really bogged
00:43:47 - down and doesn't have time to respond to your packet it might
00:43:50 - you know shoot the delay up to 200 milliseconds for one of your
00:43:53 - pings and you are going to get reports back and go, "Oh, wow,
00:43:56 - my line is really bad because you know we must be getting poor
00:43:59 - service from the service provider when really it is the server
00:44:02 - that was the poor responding device. Does that make sense? So
00:44:06 - what the SLA responder does is it will send the packet and as
00:44:10 - soon as that packet is received it puts a little tag saying I
00:44:14 - received it at such and such time. Now it will then process it,
00:44:19 - repackage it and send it the other way and subtract from the
00:44:24 - time the total time all of the processing time that that router
00:44:28 - took. So if the router is really bogged down and it takes 200
00:44:30 - milliseconds to process the packet no worries, it is going to
00:44:33 - subtract 200 milliseconds off of the SLA so when it is received
00:44:38 - back at your router you are seeing a true result of how fast
00:44:43 - or what is the delay on that line. So if you have got the SLA
00:44:45 - responder service going you are able to really have assurance
00:44:49 - that it is the service provider's problem and it is not just
00:44:52 - this device getting slowed away down. So IP SLA it is one of
00:44:57 - those things, the only thing I love more than IP SLA is, I don't
00:45:00 - know brownies. It is one of those concepts that is like, "Oh
00:45:05 - that is really cool." I could see, you know if you let your brain
00:45:08 - just rest for that for a moment you are going to come up with
00:45:10 - like 90 different things. You are like oh I could totally use
00:45:12 - that for that and that, and that, and that. It is just it is
00:45:14 - one of those things that fits almost anywhere. It is like duct
00:45:16 - tape, duct tape for your CISCO router. Use it all the time. So
00:45:20 - we have seen in this section. I am so happy that CISCO has added
00:45:24 - monitoring to their exams now. Syslog, SNMP and IP SLA's 3 things
00:45:30 - when you tie all three of these things together you have an extremely
00:45:34 - powerful solution for tracking what is going on in your CISCO
00:45:37 - network so hope this has been informative for you and I like
00:45:41 - to thank you for viewing.

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

Premium Features

Transcender® Practice Exams

These practice tests help you review your knowledge and prepare you for exams.

Offline Training

Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching

Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.

Stay Connected

Get the latest updates on the subjects you choose.

  © 2015 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS