Scribd
Upload
65 views

14.NTP Syslog SNMP Netflow

Uploaded by

anhtuan29
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
65 views

14.NTP Syslog SNMP Netflow

Uploaded by

anhtuan29
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 32

Implementing IP Management

Syslog
Network Management Overview
Syslog Overview
Syslog Features
Cisco Syslog Message Standard
Example: Syslog Messages
System Log Configuration
Implementing IP Management

Simple Network Management Protocol


(SNMP)
SNMP Overview
About SNMPv2
About SNMPv3
SNMP Recommendations
SNMP Configuration
SNMPv3 Configuration Task List

Cisco IOS SNMPv3 server configuration tasks:


1. Configuring the SNMP-server engine ID
2. Configuring the SNMP-server group names
3. Configuring the SNMP-server users
4. Configuring the SNMP-server hosts
Configuring the SNMP-Server Engine ID

Router(config)#
snmp-server engineID [local engineid-string] | [remote
ip-address udp-port port-number engineid-string]

• Configures names for both the local and remote SNMP engine
(or copy of SNMP) on the router

PR1(config)#snmp-server engineID local 1234


Configuring the SNMP-Server Group Names

Router(config)#
snmp-server group groupname {v1 | v2c | v3 {auth | noauth
| priv}} [read readview] [write writeview] [notify
notifyview] [access access-list]
• Configures a new SNMP group, or a table that maps SNMP
users to SNMP views

PR1(config)#snmp-server group johngroup v3 auth


PR1(config)#snmp-server group billgroup v3 auth priv
Configuring the SNMP-Server Users

Router(config)#
snmp-server user username groupname [remote ip-address
[udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 |
sha} auth-password [priv des56 priv-password]]} [access
access-list]

• Configures a new user to an SNMP group

PR1(config)#snmp-server user John johngroup v3 auth md5 john2passwd


PR1(config)#snmp-server user Bill billgroup v3 auth md5 bill3passwd des56
password2
PR1(config)#snmp-server group johngroup v3 auth
PR1(config)#snmp-server group billgroup v3 auth priv
Configuring the SNMP-Server Hosts

Router(config)#
snmp-server host host-address [traps | informs] [version
{1 | 2c | 3 [auth | noauth | priv]}] community-string
[udp-port port] [notification-type]
• Configures the recipient of an SNMP trap operation.

PR1(config)#snmp-server engineID remote 10.1.1.1 1234


PR1(config)#snmp-server user bill billgroup remote 10.1.1.1 v3
PR1(config)#snmp-server group billgroup v3 noauth
PR1(config)#snmp-server enable traps
PR1(config)#snmp-server host 10.1.1.1 inform version 3 noauth bill
PR1(config)#snmp-server manager
SNMPv3 Configuration Example

Trap_sender(config)#snmp-server group snmpgroup v3 auth


Trap_sender(config)#snmp-server group snmpgroup v3 priv
Trap_sender(config)#snmp-server user snmpuser snmpgroup v3 auth md5 authpassword priv
des56 encryptpassword
Trap_sender(config)#snmp-server enable traps cpu
Trap_sender(config)#snmp-server enable traps config
Trap_sender(config)#snmp-server enable traps snmp
Trap_sender(config)#snmp-server host 11.11.11.11 traps version 3 priv snmpuser
Trap_sender(config)#snmp-server source-interface traps loopback 0

Walked_device(config)#snmp-server group snmpgroup v3 auth


Walked_device(config)#snmp-server group snmpgroup v3 priv
Walked_device(config)#snmp-server user snmpuser snmpgroup v3 auth md5 authpassword
priv des56 encrypt password
Implementing IP Management

Network Time Protocol – NTP


Understanding NTP

• NTP is used to synchronize the clocks in the entire network.


• System clock is set by the battery system calendar during
bootup.
• System clock can then be modified manually or via NTP.
• NTP runs over UDP port 123; current version is 4.
• Only NTP up to version 3 has been documented in RFCs.
• Stratum describes how many “NTP hops” away a machine is
from authoritative time source.
• NTP establishes associations to synchronize time.
Configuring NTP Authentication
Router(config)#
ntp authenticate
• Enables the authentication feature
Router(config)#
ntp authentication-key number md5 value
• Defines the authentication keys
• Used for both peer and server associations
Router(config)#
ntp trusted-key key-number
• Defines the trusted authentication keys
• Required to synchronize to a system (server association)
R1(config)#ntp authentication
R1(config)#ntp authentication-key 1 md5 NeVeRgUeSs
R1(config)#ntp trusted-key 1
Configuring NTP Associations

Router(config)#
ntp server {ip-address | hostname} [version number] [key
keyid] [source interface] [prefer]
• Forms a server association with another system

Router(config-if)#
ntp broadcast client

• Receives NTP broadcast packets

R1(config)#ntp server 10.1.1.1 key 1


R1(config)#ntp server 10.2.2.2 key 2 prefer
R1(config)#interface Fastethernet 0/1
R1(config-if)#ntp broadcast client
Configuring Additional NTP Options

Router(config)#
ntp access-group {query-only | serve-only | serve | peer}
access-list-number
• Controls NTP message exchange

Router(config)#
ntp source interface

• Modifies the source IP address of NTP packets

R1(config)#access-list 1 permit host 10.1.1.1


R1(config)#ntp access-group peer 1
R1(config)#ntp source loopack 0
Implementing NTP Server

• Cisco IOS routers work as an NTP server by default.


• As soon as a router is synchronized to an authoritative time source, it will
allow peers with lower stratum to synchronize to that router:
– Requires a peer association
• You can make a router an authoritative NTP server, even if the system is not
synchronized to an outside time source.
• Two options to establish a peer association:
– Unicast
– Broadcast
• Same exchange control methods as with client:
– Packet authentication
– Access group filtering
Configuring NTP Server
Router(config)#
ntp peer ip-address [normal-sync][version number] [key
keyid] [source interface] [prefer]
• Forms a peer association with another system
Router(config)#
ntp master [stratum]
• Makes the system an authoritative NTP server
Router(config-int)#

ntp broadcast [version number][destination address][key keyid]


• Configures an interface to send NTP broadcast packets

R2(config)#ntp peer 10.1.1.1 key 1


R2(config)#ntp master 3
R2(config)#interface Fastethernet0/0
R2(config-int)#ntp broadcast
NTP Configuration Example

Source(config)#ntp master 5
Source(config)#ntp authentication-key 1 md5 secretsource
Source(config)#ntp peer 172.16.0.2 key 1
Source(config)#ntp source loopback 0

Intermediate(config)#ntp authentication-key 1 md5 secretsource


Intermediate(config)#ntp authentication-key 2 md5 secretclient
Intermediate(config)#ntp trusted-key 1
Intermediate(config)#ntp server 172.16.0.1
Intermediate(config)#ntp source loopback 0
Intermediate(config)#interface Fastethernet0/0
Intermediate(config-int)#ntp broadcast

Client(config)#ntp authentication-key 1 md5 secretclient


Client(config)#ntp trusted-key 1
Client(config)#interface Fastethernet0/1
Client(config-int)#ntp broadcast client
Netflow Technology
Creating a Baseline Using SNMP and
NetFlow Technology
Example: Configuring a Device for NetFlow
Accounting
Example: Examining the NetFlow Cache

You might also like