Network Management According to ICND2 Version 2
For more information on the new Cisco CCENT/CCNA exams, including special offers and study guides, visit our Cisco Press "About CCNA" page.
One of the new topics to arrive in the revised Cisco Certified Network Associate (CCNA) certification from Cisco Systems is network management. You might be quite surprised to learn that it was not in the first version. Network complexity is on the rise dramatically thanks to technologies like Voice over IP (VoIP) and trends like Bring Your Own Device (BYOD).
This article provides you with important facts you should know about the networking management technologies now part of the CCNA, and it also provides you with an idea of the scope you should use regarding this topic as you study. This is important because the field of network management could easily fill a series of hefty textbooks.
Simple Network Management Protocol (SNMP)
The year was 1988, and RFC 1065 was published, which defined the “Structure and Identification of Management Information for TCP/IP-based Internets.” The superb idea behind this document was the fact that devices on a TCP/IP-based network could be broken down into a database of variables, and that these variables could be monitored in order to manage the overall IP-based network. After all, the elements of any IP-based machines would have commonalities. For example, a PC, a network printer, and a router would all have commonalities such as interfaces, IP addresses, and buffers. Why not create a standardized database of these variables and a simple system for monitoring and managing them? This idea was brilliant, it caught on, and soon became three different versions of the Simple Network Management Protocol (SNMP).
Simple Network Management Protocol is an application-layer protocol that provides a message format for communication between managers and agents. An SNMP manager is a network management application running on a PC, while the agent is software running on the device that is to be managed. The agent’s job is to retrieve (or optionally write to) the variables that are stored in the database of variables that make up the parameters of the device. This database is called the Management Information Base (MIB). Cisco Prime is a classic example of an SNMP manager. A Cisco router might run the SNMP agent, and a MIB variable might be the load on the router’s interface.
Through the process of periodically querying or “polling” the SNMP agent on a device, you can gather and analyze statistics regarding the managed device. You can even reconfigure the device through these SNMP variables in the MIB if you permit this level of control. The messages that poll information from the SNMP agent software are termed GET messages, while the messages that write variables are termed SET messages.
In order to be proactive, administrators can set thresholds for certain key variables. They can then be dynamically notified by the NMS when a value is nearing unacceptable values. For the device to alert an administrator that a threshold has been crossed, SNMP uses a trap. This is a message sent proactively from the managed device to the network management station. Informs are special types of traps that must be acknowledged by the management station.
The three main versions of SNMP utilized throughout the years are versions 1, 2c, and 3. Version 1 is extremely legacy, and not often encountered in networks today. Version 2c of SNMP uses a clear-text password called a community string to attempt to secure the protocol. As you probably know, whenever you read “clear text”, this is NOT powerful security by any means. Therefore, version 3 of SNMP was developed, and includes three much more powerful security models. You can feature username and password access, strong authenticated username and password access, or even strong authentication and encryption of the SNMP communications.
While it is beyond the scope of this article, keep in mind the CCNAs must be able to demonstrate their ability to configure both versions 2c and version 3 on a Cisco device.
System Message Logging (Syslog)
Did you know that Cisco devices are very “chatty”? When major (and even not so major) events take place, these Cisco devices attempt to notify administrators with detailed system messages. Administrators have a large variety of options for storing these messages, and being alerted to those that could have the largest impact on the network infrastructure.
Today, system administrators like to store and then analyze these messages as they manage the network. Popular destinations for storing these system messages (often simply called syslog messages) include an internal logging buffer. This is the most efficient means of storage because it is built right into the Cisco device itself. The most popular means of storage, however, is external servers designed to store and analyze these syslog messages. This server is appropriately called a syslog server.
Let us examine one of the messages from a Cisco router in order to scrutinize the default message format:
*Dec 18 17:10:15.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Notice that by default on this particular device, we see the following:
- A timestamp: *Dec 18 17:10:15.079
- The facility on the router that generated the message: %LINEPROTO
- The severity level: 5
- A mnemonic for the message: UPDOWN
- The description of the message: Line protocol on Interface FastEthernet0/0, changed state to down
As a new CCNA, you will need to be able to demonstrate knowledge of syslogging on a Cisco device, including the basic configuration of sending these messages to a syslog server on the network.
Even with such powerful network management tools like SNMP, it quickly became apparent to Cisco engineers that networking professionals would need a simple and efficient method for tracking TCP/IP flows in the network. This information could be used to easily identify potential network bottlenecks, guide network improvements and redesigns, and even assist in billing consumers of the network. Because of these needs, Cisco invented NetFlow. This powerful network protocol quickly became a standard, and is now supported by other networking giants.
Think of NetFlow as a protocol that can help produce a phone bill-style report on how your network is actually being utilized. With Graphical User Interface (GUI) software, you can use this data to provide quick reports about where the most traffic flows are going in your network, and even see who the “Top Talkers” on the network are. As you might guess, the new CCNA certification expects you to be able to make a basic NetFlow configuration on a Cisco device.
Network management protocols are indeed a critical part of the modern network. As such, newly minted CCNA candidates must be able to demonstrate knowledge of three very popular network management components: SNMP, syslogging, and NetFlow.