Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813....
Employers know that CCNP-certified job applicants have a real-world knowledge of networking.  They also know that Cisco awards big discounts to companies that hire Cisco-certified staff. 

After watching Jeremy Cioara's new CCNP 642-813 SWITCH training, you'll be a master-level consultant on Cisco switched networks. You'll also have brighter career prospects and be an important step closer to CCNP certification.

Jeremy covers everything you ever wanted to know about switching in this update to his existing BCMSN course.  In no time, you'll be designing your network for maximum uptime and preparing it for advanced services like WiFi, VoIP and Video over IP. 

Jeremy's training maps to Cisco CCNP certification exam 642-813.
1. Welcome to Cisco Switch: Watch Me First! (17 min)
2. The Switches Domain: Core Concepts and Design (42 min)
3. VLANs: Configuration and Verification (13 min)
4. VLANs: In-Depth Trunking (35 min)
5. VLANs: VLAN Trunking Protocol (33 min)
6. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1 (23 min)
7. STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2 (34 min)
8. STP: Rapid Spanning Tree Concepts and Configuration (24 min)
9. EtherChannel: Aggregating Redundant Links (24 min)
10. L3 Switching: InterVLAN Routing Extraordinaire (28 min)
11. L3 Switching: Understanding CEF Optimization (16 min)
12. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1 (43 min)
13. Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2 (23 min)
14. Campus Security: Basic Port Security and 802.1x (32 min)
15. Campus Security: VLAN and Spoofing Attacks (31 min)
16. Campus Security: STP Attacks and Other Security Considerations (15 min)
17. Campus VoIP: Overview, Considerations, and AutoQoS (44 min)
18. Wireless LAN: Foundation Concepts and Design Part 1 (26 min)
19. Wireless LAN: Foundation Concepts and Design Part 2 (22 min)
20. Wireless LAN: Frequencies and 802.11 Standards (34 min)
21. Wireless LAN: Understanding the Hardware (30 min)
22. The Switches Domain: Additional Life-Saving Technology (22 min)
23. Monitoring: Your Pulse on the Network (45 min)
24. Campus Security: VACLs (14 min)

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

00:00:00

Monitoring your pulse on a network, I was so excited when I saw that CISCO has finally started adding monitoring to their certification track. Up till now when somebody says, "Hey, I wanted to get CISCO certified, what does that mean?" People would say, "Oh well you will be able to configure things and troubleshoot things and set things up and all those kind of stuff," but when somebody would ask, "Well, how I do I make sure everything is running bright just day-to-day," you just hear "wsshhh" that would be the response of a tumbleweed blowing by in CISCO certification drag. It has never been there and it is such a key part of everything

00:00:38

that you do in your day-to-day network life setting monitoring. So what we are going to do in this nugget is walk through three specific things. Setting up Syslog, which is great, setting up SNMP which is greater and then finally concluding with the pinnacle of it all IP SLA. By the time you are done with these three things

00:00:57

you will have a very good idea of everything that is happening in your network realm so let's get going. So first up in our monitoring bag of tricks is going to be Syslog. Now chances are if you have been in the land of CISCO for any amount of time you have seen Syslog messages as you plugged into the council port of your device. As a matter of fact it is one

00:01:16

of my favorite things to do maybe not my favorite but it is fun. When I teach you a live class with people in it that are brand new to CISCO, they get into CISCO and this is the first day. I go, "Okay, type in config t," and they go, "What?" You know once you get passed this and they are like, "Oh, okay so this is global config." "Oh, no config t" and we get there and we

00:01:37

are kind of like, "Okay so you do your config" and they go "How do I get out of this?" And I go, "Oh, okay, well you hit control z." You go through the whole explanation. They go "Oh, okay, so now I can do a show" and they go, "Uh-mm" and you know what I am talking about. You felt that I have been there. Remember

00:01:52

when you first got into CISCO and you are sitting here and you are going, "Okay" I was typing and okay so and I am deleting what is going and you usually finally you get frustrated and usually you get a syntax error of some sort, you know you do your show and you are like, "Oh and you know, you are like "oh" and you are like "ah" forget you know it just it messes you up. And in the first question people get is that they go,

00:02:16

how do I turn that off and my response is always, you don't want to turn that off and they you go, "Why not, why not?" and because that is really valuable stuff and it bugs me and so I actually wait and I know I am talking a long time but it is so fun because I wait a long time to show the miss command which should be by default and I still don't know why CISCO doesn't make that by default, but you now you know they get back and they still don't care what the message say's they just care that their typing isn't interrupted and cut in half and things like that, but these messages are huge. This is a Syslog message just reported at

00:02:50

the console of your screen. Now a little bit about Syslog. Syslog is an industry standard deal to where every device can use syslog and has ability to report things via syslog. The message is can contain and this is based on the standards that are in can contain up to 80 characters and a% sign and that is typically a percent typically divides the date and timestamp from the message itself. Now the way

00:03:17

the message is structured when you are looking at the message is it is broken up into 4, I call them major pieces let me go back to the prompter so I can highlight. Right up front this is the facility. What generated this Syslog message? In this case it is the system. This is the severity of the message. How

00:03:37

impactful is that message on me. Now if you haven't seen the severity before then you want to get a feel for the severity levels, let me just do logging trap question mark. Here is all the severity levels and you can see severity level 5 which is what we are at is just a straight up notification. No, not really

00:03:55

a big deal normal, but significant conditions, you know this is normal, but significant, somebody just configured your device, you probably want to know about that, but you know below that we have like informational like you can ignore these and then we have debugs so the higher the number the less impact it has in your device. The lower the number you can see emergency system

00:04:13

is unusable, that is a zero, you know everything is dead is what that means. So this number right here represents the severity and the reason that is good is you can see right up front it allows you to filter what levels of severity you want to see. You

00:04:27

know and you may say, "Well, you know what, I only would want to see level 4 and below which might be a warning condition below." So that is the severity and then right next to that you have a brief description. Now this is actually what they call the brief description. This over here is the message text so 4 major pieces facility, severity, brief description, that is what CISCO came up with as a brief description for somebody who just configured you and then here is the message text for what it is all about. So

00:05:01

all that being said Syslog is great on your device, by default most devices will log it to memory and they call that buffered loggings so if I do a show log. I am able to see all of the messages that have happened on my device since it booted up. I can see

00:05:17

some interfaces going down, interfaces going up and all that kind of stuff. This is considered the memory buffer or the log buffer in memory. This can be configured by going, you can see by default it is 4 kilobytes which isn't much. I can go into global config mode and do logging buffered and you can see right here is how big do you want make that buffer and on this device by default it is 4k, but you can get up and you know a lot of space and memory and then what level of warnings do you want to log in the memory buffer. Now the buffer is great,

00:05:52

now I will tell you it has bailed me out a lot of times because I get on the device. I have no idea what is going on I just do a quick show of log and the look at the most recent timestamps which if you haven't set the time isn't very helpful, but you look at the most recent ones which is going to bot I mean and go, "Okay, it looks like most recently such and such failed so it is great." But this is all memory based so if the device

00:06:14

is rebooting, you are losing this. That is why syslog you typically want to get a syslog server and I could go on and on and on about the different syslog servers that are out there. Splunk is probably one of the most scalable yet most confusing ones that are out there. Most popular I would say is probably Kiwi Syslog Server

00:06:33

and this is, I downloaded this by they way you can just go on to the internet and let me bring up my web page and just do a Google for Kiwi Syslog. Kiwi Syslog used to be their own company. I think Kiwi was the name of the company and they were so fantastic and then they were acquired by Solar Winds which I am like the odd man out I think, everybody loves solar winds and I even go to the CISCO conferences and stuff like that and solar winds I will absolutely say they have this Orion monitoring projects which is phenomenal.

00:07:15

I think it is great. I am a big fan of Solar Winds though. I am not saying anything against the people, but about and this is when Solar Winds was in their early days like 5 or 6 years ago I downloaded they had this product called engineer tool set. Now

00:07:30

I was like, "Oh that sounds cool" and they listed all these tools and I got it and the charged like 500 bucks for it or something and I got it and it was just. It was. It felt like, maybe it wasn't, but it felt like just a bunch of freeware tools that they all put in a big zip file and they are like, "Look, we have a toolset," and ever since then I have just been kind of like, "Yeah, not a big fan of Solar Winds." And that you know, again,

00:07:53

that being said I think everybody I talk it is like, "I love this guys." You know and so then at last they acquired kiwi. They bought them and maybe this is why I don't like them too. They made Kiwi Syslog a pay product where you have to buy it, but they still have freeware version available, you just have to dig for it. You know, they will never how you the free version

00:08:12

right offline it is like buy now. You click on a buy now, look at all these features, buy now. You actually have to dig until they compare a versions and then they are like, oh here is the free version, look it has nothing, but you try it. It is a freeware

00:08:25

version. It is the original kiwi that was carried over so this is it. Some of you are like, "Get to the point, buddy." So Kiwi Syslog can be installed on any Windows based platform. It is very simple very great to take all your Syslog Messages off of the device and it is so easy to set up your CISCO device to log to an offsite server. You can see them. You just do a show IP

00:08:51

interface brief. I have given the switch and IP address for my local network here 172.30.100.140. Just to let you know my PC that I am working on and talking to you on right now has the IP address 172.30.100.30. That is my IP. So all I have to do go into global, logging, logging, my mind just went blank. Hang on, logging

00:09:24

server. No, what is that? Logging, this is simple, oh duh, Logging IP address, thank you. 172.30.100.30 Enter. Seriously that is all there is to it. Now you might say, "Well, how do I set the level of messages if I go over there?" Well that is as easy as typing in logging trap and you can see trap to do right there, sets this log server logging level and you hit the question mark and there is all logging levels. Now,

00:09:56

the way this works is whenever you choose a number or a level it will log that level and below so essentially if I say, "log level 3" it is going to log 3, 2, 1,0 because all of those are considered more severe. If I say, "level 6" it is going to log 5, 4, 3, 2, 1, 0 and 6 so it is going to be that level and below. So I will just, let's go crazy, I will do debug at level 7 right here so that is essentially anything that is anything Enter. Now as soon as I go back here you can see my Kiwi Syslog

00:10:28

is blank. I am going to shoot over here and do a control Z which will drop me back and shoot right across. I see that I have got a priority right there. This is the level that it is going to. Here is my syslog message over here that says, "I configured,"

00:10:44

well because I am going to fit in the screen, but the configured by council, from council by council. By the people, for the people so I can go in and do some stuff you know interface fast seats and at 0/2 I will do a shut down, you know take down an interface just generating some messages here and you can see right there.

00:11:01

Okay, we have got interface 02, change to down and from there I can just do any message is going to be logged and now show it is going to be logged here and everything is tracked. Now this is great, right because I am seeing it on my PC and I can set this up to where I have it coming from different sources.

00:11:21

I can even specify what name the device sends when it sends me. If I don't like seeing IP address is I might say, "Well, I want it to send you know switch 1 as the host name when it sends these messages." So configurable and you have notice all these, these

00:11:35

are facilities, logging facilities for kiwi so you can say I want this device to go to facility one and there is two so that way you just don't see you know if you have got 20 devices that are all reporting to this syslog you can get pretty confusing pretty quick. Likewise this is all being stored in a text file.

00:11:52

You know and I haven't explored the settings as of late of kiwi syslog, but this is where you can go in and you know you can see here is the formatting. Her is where you are saving it to and now I would just be a clicking through this right now, but you can have I mean the device can text message you, it can send you an email, send you an alarm and all kinds of different stuff, but all of these are being stored on a file on your server so that way if the device reboots no loss, you have got all your messages that even tell you why the device rebooted. I am it is all being logged

00:12:26

right there. So syslog, it is a very big way to gather information, okay, now I feel totally bad. I was sitting there thinking of it between syslog and SNMP. I was like, "Man, what if somebody from Solar Winds listens to this." As a matter of fact, I was

00:12:41

actually at the CISCO live conference last year and I met the people at the booth from Solar Winds and they are like, "Oh, you are the CBT Nuggets guy" so they go like, "Oh yeah." We shook hands. He even gave me a USB key and they are really cool people

00:12:52

and now they are going to listen and they are going to be like man you just totally dogged on Solar Winds, that was not cool. I am telling you Solar Winds is great it is just I didn't like the engineer's tool set that is it, that is all I have to say and speaking of SNMP. SNMP if you are solar winds you live this

00:13:11

and SNMP is I would say the most untapped information rich resource in any CISCO Network. When I go out and I set up CISCO networks and get them set up and ready to go I always add on some kind of SNMP monitoring and when people see it they are like, "Oh, my word." I mean I could setup the most piece of junk network

00:13:33

in the world, but once I show them SNMP they are like, "Why did I not know about this?" This is like gold for my network. SNMP stands for the Simple Network Management Protocol and it totally is. When you understand SNMP, if you, you know go to Wikipedia and probably get way more information that you need to SNMP is amazingly simple. All it is this. You have got

00:13:58

devices, right? Let's say, let me just grab my pen here. Let's see if you got a CISCO router. There it is and that device has some interfaces and you know when you go on in a device I mean if I go here and I do a show interface fastEthernet 0/1 there is all kinds of stuff here, right. I have got 2557 packets input, 2543 broadcast. I mean just stats, right all kinds of stuff and I

00:14:25

can see here and as time goes on I would be like, "Oh, well let's see what it is." Oh it is a little more, okay. Let's what it is now and then you can just keep grabbing each one of those, but each one of these actually has a specific SNMP string. They call that a MIB, a

00:14:42

Management Information Based String that allows something to pull that information so really all, you know when you talk about solar winds or I will tell you my favorite in just a second. Again, nothing against Solar Winds, but when you have, we will say a Solar Winds like Orion Device over here, which his our management system it will actually contact this device on whatever interval you put, maybe you say I want to contact it once a second that is a very aggressive interval and every second it is going to go here and say, "Hey, tell me, what is your current packets input now?" And the device says, "It is 2584," and it goes, "Okay, 2584." Logged it, okay, second letter comes out. "What is it now?" And

00:15:26

the device goes, "It is 2660 now," and it goes, "Oh, okay 2660 logging." And it just keeps every second asking what that is. And now, what this and this is where the programmers at Orion and/or Solar Winds and all the other monitoring companies come in, they will then take that. It is almost like a big Excel Spreadsheet

00:15:47

when it gets all this data because all SNMP does is simply grabs statistics on a specific interval. The Orions or for whatever software then takes all of that data which is you know in a database kind of like a big Excel Spreadsheet. It says, "Okay, this second,

00:15:59

this second, this second. These are all the data I have gathered," and it puts it in a pretty web graph. You know the graph, graph, graph, graph, graph and says, "Here is your time. Here are your packets, input and this would probably a very poor thing to monitor because we just it would be something like this." It is just

00:16:14

constantly going up. It is going to say, "Okay, here is over time, how many packets have come in and then you can go with the web browser and say, "Okay, well show me over time how that interface has been doing?" And shoop, you got a beautiful graph and you are like, "Oh, okay this is great. I can show this to

00:16:27

management," and all that. What most people use SNMP for is bandwidth monitoring. I would say that is absolutely the number one facet that we use SNMP tracking for. So you will say, "Show me the 5 minute input rate once every 30 seconds and graph that over time." And by doing that you will be able to see over time just

00:16:53

how much traffic is going through your device. Now as I said Orion is great but it is not my favorite simply because it is too expensive for the little companies. The one that I love and they should give me free stuff because everybody I talked too I say, "Go buy this product." The one that I love is actually

00:17:11

PRTG. As a matter of fact, let me just take you there real quick. The reason I love them is anybody who gives free stuff is cool in my book and PRTG is one of them. PRTG and then the company is Paesler. I think there are some guys in Germany I want to say but have been great. I have actually used PRTG for years

00:17:32

and years and years and it you know they have a freeware down that I think it gives you like 10 sensors or essentially 10 SNMP objects that you can monitor by default, let me just take you there real quick. This is what it looks like. Now if PRTG sounds

00:17:47

familiar. You might be thinking of MRTG which is the totally Linux-ey you know pearl scripting kind of free ware version of this. This one just runs on Windows which is great and what it does and this is kind of a picture over time. Oh, this is perfect.

00:18:00

It takes all of the stuff that has been gathering via SNMP. Here is the database right, all this stuff over time and it puts on a chart. So this is in this case is showing you a fiber optic connection over 365 days showing the traffic in and traffic out of bandwidth and this you know it is all web based and all that kind of stuff. So yeah, that is PRTG, so SNMP is essentially

00:18:25

the engine that all of these different monitoring devices use to grab this data and I will tell you if your company is not using SNMP go there, set it up and you will be the hero of the year, because you will say, "Hey, do you ever wonder you know, how much traffic people surfing the internet are generating?" And wham here is a graph. Let me show you right here and they

00:18:46

are going to immediately going to be like how did you do that, show me. How do I get to that? That is awesome. This is amazing. It is great. So SNMP should be everywhere 3 different versions that are out there. Version extremely old I think it maxed out at 10 megabit per second interfaces. There is version 2 which is updated. However, the big problem with SNMP version 1 and version 2 is that they do not support any kind of encryption or authentication so that is where SNMP version 3 comes in. SNMP version 3 adds encryption. It adds authentication now it is very low level, base level encryption I think it does encryption to it, but adds at least some level of encryption and authentication. However, it is much more difficult to set

00:19:34

up in the big picture and honestly when you really get to it, it is not but unless CISCO really focuses most of their documentation on version 1 and version 2. Version 2 being I would say the de facto standard for most of what we do nowadays. To set up SNMP

00:19:50

it is again, just like Syslog very simple. Let me bring my switch back on. I am going to go to global- woe look at that- go to global config mode and do an SNMP server is the command followed by community. Now you will find it in SNMP everything is based around this community string and when I said that version 1 and version 2 don't have authentication that is pretty much true because authentication, most people think, okay user name, password encrypted password all that kind of stuff. They have- I guess you could all base,

00:20:28

base, base level of authentication and it is this community string as in you can't gather these statistics unless you provide the right community string and that community string is provided by you. Now, the most popular and hackers know this, the most popular computer strings for read only meaning gathering information from that device is public and some of you know this. You know

00:20:51

that if you are a hacker the first thing you want to do when you are on a reconnaissance and you are trying to gather information you are going to try SNMP public community string to see if you can get information and the read write community string which is extremely dangerous a default on many devices is actually private so if you leave a device a default, not CISCO devices, but most devices if you leave it a default and somebody comes in and tries to use the private stringing at work they pretty much own your device. Or my little brother said, there is this

00:21:22

new term I guess when you are playing online games and you shoot somebody. You say they are "pwned," is that right? What is up with that? It is missing vowel somewhere but nonetheless somebody will "pwn" you if they have the read write community string to your device. So I would highly recommend

00:21:42

not even setting one up unless you really, really have to. Most monitoring utilities like Orion and PRTG and all of the other ones that are out there MRTG, only need read only access, meaning they are only pulling data from the device on certain interval. Read

00:21:58

write as if you want that monitoring utility to actually be able to make changes and if you have read write access people can actually change running config. There is ways to change the passwords on the CISCO device if you know the read write community string so again "pwned" I got to get use to saying it. It sounds like

00:22:13

pony to me. So I am going to go in here and do an SNMP server community and I go in and I say, "Okay, the community string is going to be super secret which his again a horrible community string, but just for example and then I may hit the question mark and you can see is this the read only or read write community string. I

00:22:37

am going to say, "This is the read only buddy." So if you got the super secret you can pull data from this but you can't change any data on the device. Again, most of the time I will not define a read write community string and this is a very specific reason to do that. There are utilities out there that it is kind of

00:22:53

like a CISCO works kind of like a centralized management utility that would like read write access for both of these. I would highly suggest attacking on an access list until you know defining an access list, say access list. We will say 10 permits 172.30.100.30 essential and well all those been while 000. And then I will say, "The SNMP community super secret read only," and I will say, "Filtered by access was 10." So now when I try and access this device so now I have done look at this I did both version 1 and version 2 so when I try and access this device I have to be that host or else I am not going to be able to access it via SNMP. So from there the rest of the

00:23:45

SNMP setup is totally up to the management utility like PRTG. Hang on, actually run PRTG so let me bring this up, I am trying to hide any sensitive information from this, but I just went to the PRTG added device and you could see here is the device name. Here is its IP address so in there. Here is what icon you

00:24:04

want to give it. They have auto discovery which is great because otherwise you have to add the individual counters 1 by 1. This kind of adds the most common counters if you will and then you come down here and you say, "Okay, SNMP devices," and you would say, "I am using SNMP version 2." My community string and that is where you would type it super, blah, blah, blah. And what

00:24:24

this would do, I am not going to do it, but what this would do is when you hit continue, go out and then create graphs for all of the common interfaces of that device and you will be able to see the charts and you know CPU utilization, memory utilization, all of that. And so again, SNMP is a massively great thing that

00:24:44

you want to set up in your environment. Can I tell you one more story? Okay, if you don't want to hear the story you can fast forward, but again at CISCO live last year and actually PRTG or Paessler the company who makes that was at CISCO live for the first time this last year and I was like, "Oh, oh and I went up there and I was like you guys are totally great, I have been using you for 8 years," and you know, "Everybody I tell about you," and all this kind of stuff. Like in the back of my mind.

00:25:08

I am like, "I wonder if I can get some free stuff because I am the free stuff guy, right?" And I am like, "So I was wondering, you know I am talking to them, I was like, I was wondering, "Do you have like a not for resale like NFR version of your product kind of like an unlimited version? So I could just demo this to people and show people." You know, "Or like a t-shirt or something,"

00:25:28

you know because seriously I tell everybody and they had German accents and it was funny he is like, "You can download the freeware version, why do you want more from us?" and I am kind of like- well, I am trying to be subtle and I was totally shut down. You

00:25:44

know I was like, "Okay, no free stuff from them." So you can see nonetheless I still love PRTG so great SNMP utility to monitor. All right, the last thing I want to talk about and as we wrap up this monitoring section is something that is so awesome. It is

00:26:04

called IP SLA (IP Service Level Assurance). Now SLA, you may have heard the term before it is typically something that you get from a service provider when you sign up for instance even at my house I have quest business connection and they gave me a contract when I was there saying, "Hey, we guarantee you that you will be up this percentage of the time. You will have this

00:26:27

level of bandwidth." It is something that they assure you that says, "We will meet these parameters if you pay us a zillion dollars a month." You go, "Okay," and you sign the SLA and you agree. Well IP SLA is your way of holding them to it. Essentially,

00:26:42

IP SLA is a monitoring system within your CISCO devices and this is not something that is only limited to switches like we are talking about right now or layer 3 switches I should be more specific, but it is also available on routers and it is very handy. What this does is detect link failure or link performance

00:27:03

using real time data. Let me just give you a couple quick examples of this. The way it works essentially is let's say I have got a- let me draw over here I have got little room here or router that has a connection to the internet through service provider 1 and a back up connection to the internet using service provider 2. Now, one thing that I found as of late in the United States is a lot of people are moving to very fast yet very low cost internet connectivity through a lot of the cable modem and DSL providers so for example they might have a T1 line to the internet which they are paying you know 200 dollars a month for. I am just saying. Now T1, when you would say T1 back 5 years ago people are like, "Oooh it is a T1." Well maybe I am for the back 8 years ago people were like, "Ooh, a T1 line that is fast that is great," but nowadays people like T1, come on. You know my home internet can actually it is like 10 times that fast. So people are coming into the office you know and they are just very said because their internet browsing is very slow. So when

00:28:08

I have seen a lot of companies do is the y move their T1 to a back up connection and they buy you know we will say- and I am talking to Arizona here. Well Cocks Cable Modem or quest DSL Circus that has you know 20 megabits per second you know like, you know 15 times faster than a T1 line and they get it for $150 a month and that is great, you get crazy speed from that, but still cable in DSL are not as reliable as the good LT1 lines from yester year. So they will make this their primary internet

00:28:40

connection and if this goes down then they will fail over to their good old back up T1 connection as a fail over circuit. Now here is the problem. When you look at a lot of the architecture of these DSL and cable modem boxes a lot of times you have a router and it is connected right here to a cable modem. You know

00:28:59

here is your little lights on the cable modem or DSL box that converts either Coax or an RJ 11 phone line or whatever kind of circuit in to an Ethernet cable on this side and then this goes off and we will say you know to the big cloud, the internet connection. Now the problem is, is if this goes down you know

00:29:17

back hoe takes out this line in your parking lot this circuit stays up. So from your router's perspective it is like, "Hey, I am still seeing up, up, this is good it will never actually fail over because the interface at least right here this point right here, that interface never goes down unless the cable modem goes down or the DSL modem goes down." So what IPSLA can do is

00:29:41

this. You can have this router. This is the router right here. The smiling router, send a probe once every whatever, you define it 10 seconds, 5 seconds, second every you know 20 seconds whatever. Send a probe to whatever destination you want, now that could be the ISP's gateway, that could be you know a DNS server like 4.2.2.2 that is a really reliable DNS server out on the internet. That

00:30:08

could be some of my Google.com who never seems to go down. Something that is very reliable and report back, essentially it will send we'll say a ping message to that device and it comes back and says, "Yup, I am online," and the IP SLA will say, "Okay, I am successful." Well when this goes down you know outside the cable

00:30:26

modem and this stays up those probes will end up failing. So it is going to say, "Okay, yes, the interface shows it up, but my probes are coming back as down," thus I will consider this interface or will be more specific the route that uses that interface to be down and now will fail over to the back of T1 line that is one of many uses of IP SLA, but I would say probably one of the most common. So before I go any further and talking about

00:30:54

some of these other ones let me just show you on the switch and this is you know this normally done a router, but it could be done on a switch too. How to set this up? It is a little more pieces into it and I will explain why? First thing you need to do is set up the probe, you know my little circle right here.

00:31:10

I think of these, I don't know, why every time, I think of an IP SLA probe I think of little androids like on Star Wars, you know, they are kind of hovering around, that is what these are like. Little androids that you can make them look like anything, so I am going to go in and define what is my Android look like? I am going to go and say IP SLA monitor.

00:31:30

Oh, okay, my commands are slightly different. There is different versions of the IOS. You will see for instance some have IP SLA monitor and you type a number. This one just says, "IP SLA," and you type the number. So I will say, "IP SLA 100?" And it is saying okay what does this android look like, essentially what do you want to make this little probe right here look like as it is being sent across the internet? Now you can see you have a variety of options here. You can say, "Make it a DNS operation,"

00:32:01

you know, "Do a DNS look up, make it look like a DHCP reply or request," you know, "Send an HTTP connect request." Pretty flexible if you look at this, I mean you could say if that webserver doesn't reply with this web page send me an alert again, all kinds of things, but right now I am just talking about fail over so this one would probably be an ICMP echo. I will

00:32:22

say, "icmp-echo 2," where you would go in and find it. It says, "I am going to be a probe, what is my destination?" It could be the ISP's gateway. It could be you know this DNS server right here so I will say, "icmp-echo 4.2.2.2?" and says, "If you want you can send us, use a specific source address." But I am just going to say, "That is it. I just wanted

00:32:46

to send that echo." Now notice, I am going deeper in this config mode. It says, "Okay, you have configured a little android, a little probe and it is going to be an icmp-echo to this." Now what are some characteristics of this? How often do you want to send this echo and I will say, "Well I want to send this once every- now let's send it once every 10 seconds or maybe 5 seconds." You know I want to make sure it stays up line. You know what

00:33:10

is the time out of this? What is the threshold and milliseconds that you will be able to take for you know if a reply doesn't come? There is again all kinds of things that you can get in to and I would say check out CISCO's website and IP SLA if you want to define each one of these things. I will jus say, "Send

00:33:26

a PING once every 5 seconds and leave everything else at default. So I am going to exit back out and I am going to do IPS. So I have now defined the probe." IP SLA and I am going to schedule this guy. I am going to say, "You know what? I want to schedule

00:33:42

probe number 100." You can see that is the number of this. That is the entry number. Schedule 100 to start, let's do it now, you know because I don't know what the date and time is on this device and I will say, "The life span of this is forever. It is an eternal probe." So

00:34:12

from there you know I could go on and specify each parameters how long to keep this entry when it is inactive like if I disable it and so on, but I will just say, "That is it, it is now scheduled and it started to run forever. Now I guarantee you this probe

00:34:25

is now dying. Simply because this is a switch with virtually no configuration it doesn't know how to get off the network. So I am going to do an IP, let's go back here and do show IP SLA statistics and you can see right here I have got the probe last return was timeout and you know it was running last every 5 seconds right? So it has already had 2 failures and it lives forever. Actually, I might be able to fix this really quick, let me give it a default gateway. I bet you that will do it. I don't even thing I have

00:35:01

routing turned down so I will do IP Default gateway, 172.31.100.1. I don't even think I need a static route all zeros so let me just do this, ping, we are going to get there, probably not. Why not? Hey I am going to just do a show IP route. Now default gateway can I ping that. Please hold while I will troubleshoot my home network and

00:35:31

oh look at that why isn't that going, hang on. Ping 4.2.2.2, why are you not getting there, can't get there. Here is the beauty of CBT Nuggets, what just happened for you right there in a split second was probably about 15 minutes for me. Try and figure out what is going on in my home network and actually I discovered I had a static route on my ASA firewall set up wrong for months, probably explains a lot of other issues that I was running into so I am happy that I fixed that. So nonetheless

00:36:01

I just fixed the static route on my firewall and now that is working great and you can see my switch is right here ping to 4.2.2.2. Now if I go back and do a show IP SLA statistics, now check that out. We have got last return "okay." The probe is working. We are now able

00:36:22

to send probes to 4.2.2.2 and as you know as time goes on we are going to see these number successes increasing. Now this is all great. Now I could stop right there and say that is it SLA is awesome, we love it, you know, great because that is monitoring and you can actually add that to a maundering system like Orion or PRTG in graph over time, what your roundtrip statistics would be for this sort of thing, but SLA can do so much more for example. This

00:36:52

little probe or we will call it this SLA Object could be a attached to what is called a tracking object so watch this, I am going to type in track and we will just call this track object number one and I am going to track IP- no, no, no, I am going track ITR now this words are going to get a little weird, you are going what, what is RTR. RTR is the old name of SLA that CISCO forgot

00:37:20

to update in this version and I think probably if you have in their latest and greatest IP SLA used to be called RTR responder a real time reporter RTR you know there is a responder entry and all that kind of stuff. So RTR is the old name and I bet you, maybe by the time you hear this or the new code comes out you know IOS 15 and beyond you are going to see this replaced by SLA or IP SLA or something like that, but I am going to say track object number one is going to be tied to SLA probe 100, now what is that, this guy, you know check to see if I can ping for 4.2.2.2 which DNS server. Now what am I going to track. I am going to say, I am going to track the reach ability of that enter and then it goes in this little sub mode where you can set some delays and all that kind of stuff, but I am just going to exit out because I have now defined a track object. You might

00:38:11

say, "Okay, Jeremy, what can you do with a track object?" A track object can be assigned to a static route. Let me take you back to this scenario. When we set this up you know with what we will say, "Cox or QWest" or sorry, "We have got Cox or QWest being our primary and if that goes down we go to this." Well there

00:38:30

is going to be a default route. I am going to have you know we will say IP route 0.0.0. a whole bunch of zeroes and then I will say you know my default route goes to you know we will say 2.16.1.1.1., which is the gateway over here to Cox or QWest you follow me? So this is a default route letting this router use that. Now, we

00:38:52

would also have a default route for here which you know a very simple set up I will just do IP route you know all zeroes and then put the default gateway over here. We will just say it is 1.1.1.1 and then I would just tweak the administrative distance of that route higher, maybe make it 50 or something like that so this route would not be used unless this route went down because its administrative distance is 1, sorry if I am talking to fast, but I am putting all that together. So what I would do is I would

00:39:19

then tack on a track object to it so check this out. Imagine that I had this as my primary connection. I would go in and I would say IP route you know this is my Cox or QWest DSL modem and I would say this is going to- we will say 1.1.1.1 or hang on. We made that like 216.1.1.1.1 is Cox or Qwest and then I would add on to that, track 1 Enter. Now what does that do? What that does is it says only make this route available or added to the routing table as long as track 1 is returning a positive response. Now there is a lot of little ties that came in here so let's back track and put it all together. Okay track object 1 is tied to reachability of SLA object 100, SLA object 100 is pinging this DNS server every 5 seconds so if SLA 100 goes down the reachability for track objects 1 goes down thus the static route gets pulled from the routing table and that will fail over to this one. Viola,

00:40:30

we have SLA in a failover kind of situation, but and you know, okay stop right there. Okay, wasn't that awesome. Sorry I just had that. I love SLA for tracking. I have used this actually another place I use this was a company had a 2 buildings tied together and they actually tied them using WiFi at a little dish on the top of these buildings right here doing WiFi between there like a mile or two apart and then they had a T1 line as a back up so this one ran at 54 megabits per second, but was unreliable for unbeknownst reasons. You know, it would just go down, you

00:41:09

know bad stormy day, conflicting frequencies and all that kind of thing. Well the problem in the same way is the dish was attached to some device, I don't' remember what it was in the middle which terminated the WiFi and brought it out on Ethernet to the router and the router you know even if this WiFi went down the router had no way of telling because the link always stayed on. So we

00:41:28

use SLA to track the reachability of the wireless bridge so it works awesome for not just this kind of situation, but all kinds of situations where you are not able to tell if the link is down unless you send some active traffic. But again you know this

00:41:43

had so many different things that you can set up, you can use it to monitor voice and quality levels of voice and if the quality is in at a certain level switch over to a different link. I mean there is all kinds of things that you can do with it, so please I would encourage you open the can on IP SLA when you are done with this nugget, check it out because it can do so much stuff.

00:42:02

The last thing I want to mention is an SLA end point can be either a device or something called an SLA responder so let me wipe all this stuff off. So what is the difference, you can have a router sending we will say a ping, we will say it is an SLA ping to the other side as a device or if it is a CISCO device you can set it up as an SLA responder. Or it used to be called the real time response, responder

00:42:38

and so what is the difference, well just what we did right here, let me get back here. What we did with this example that I gave you is we set up IP SLA to a device, who? 4.2.2.2 the DNS server out on the internet, that is the device that we are paying. It

00:42:56

doesn't know that we have SLA going to it. It is just saying, "Hey, somebody is pinging me. Let me return a response." If you sue an IP SLA responder it takes a little configuration on this. It is very minimal actually and what you do is now have this guy communicate to the SLA responder service which will give you a more accurate result. See here is the idea, if I set up

00:43:16

SLA to a device which I will just say this is 4.2.2.2 our server. You are going to measure the amount of time the ping took to get here. The amount of time it took to process that ping packet, create another packet and then send it back to you. So what you know, you may be thinking, "Oh, well I am getting you know the reports on this line." Well yeah, you are you are seeing

00:43:39

how fast that line is in the delay if you will to get from you to there, but the problem is if this DNS server gets really bogged down and doesn't have time to respond to your packet it might you know shoot the delay up to 200 milliseconds for one of your pings and you are going to get reports back and go, "Oh, wow, my line is really bad because you know we must be getting poor service from the service provider when really it is the server that was the poor responding device. Does that make sense? So

00:44:06

what the SLA responder does is it will send the packet and as soon as that packet is received it puts a little tag saying I received it at such and such time. Now it will then process it, repackage it and send it the other way and subtract from the time the total time all of the processing time that that router took. So if the router is really bogged down and it takes 200 milliseconds to process the packet no worries, it is going to subtract 200 milliseconds off of the SLA so when it is received back at your router you are seeing a true result of how fast or what is the delay on that line. So if you have got the SLA

00:44:45

responder service going you are able to really have assurance that it is the service provider's problem and it is not just this device getting slowed away down. So IP SLA it is one of those things, the only thing I love more than IP SLA is, I don't know brownies. It is one of those concepts that is like, "Oh

00:45:05

that is really cool." I could see, you know if you let your brain just rest for that for a moment you are going to come up with like 90 different things. You are like oh I could totally use that for that and that, and that, and that. It is just it is one of those things that fits almost anywhere. It is like duct

00:45:16

tape, duct tape for your CISCO router. Use it all the time. So we have seen in this section. I am so happy that CISCO has added monitoring to their exams now. Syslog, SNMP and IP SLA's 3 things when you tie all three of these things together you have an extremely powerful solution for tracking what is going on in your CISCO network so hope this has been informative for you and I like to thank you for viewing.

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 24 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003