Device Management Protocols
2.0 Network Access
2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
4.0 IP Services
4.2 Configure and verify NTP operating in a client and server mode
4.5 Describe the use of syslog features including facilities and levels
System Message Logging (Syslog)
Sending Messages in Real Time to Current Users
-
Telnet and SSH users, the device requires a two-step process before the user sees the messages.
-
global configuration setting—logging monitor—tells IOS to enable the sending of log messages to all logged users.
-
must also issue the terminal monitor EXEC command during the login session, which tells IOS that this terminal session would like to receive log messages. ogging console
Console
logging monitor -
IOS -
terminal monitor
(NO Messages)
Figure 9-1 IOS Processing for Log Messages to Current Users “>
Storing Log Messages for Later Review
two primary means to keep a copy
- can store copies of the log messages in RAM by virtue of the logging buffered global configuration command.
any user can come back later and see the old log messages by using the show logging EXEC command.
store log messages centrally to a syslog server.
syslog protocol - a UDP protocol to send messages to a syslog server for storage
To configure a router or switch to send log messages to a syslog server, add the logging host {address | hostname } global command
Log Message Format
*Dec 18 17:10:15.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
A timestamp: *Dec 18 17:10:15.079
The facility on the router that generated the message: %LINEPROTO
The severity level: 5
A mnemonic for the message: UPDOWN
The description of the message: Line protocol on Interface FastEthernet0/0, changed state to down
you can at least toggle on and off the use of the timestamp (which is included by default) and a log message sequence number (which is not enabled by default). Example 9-1 reverses those defaults by turning off timestamps and turning on sequence numbers.
Example 9-1 Disabling Timestamps and Enabling Sequence Numbers in Log Wessages Click here to view code image Rl(config)# no service timestamps Rl(config)# service sequence-numbers Rl(config)# end 000011: %SYS-5-CONFIG I: Configured from console by console
Log Message Severity Levels
the lower the number, the more severe the event that caused the message.
last level in the figure is used for messages requested by the debug command
Table 9-2 summarizes the configuration commands used to enable logging and to set the severity level for each type.
For example, the command logging console 4 causes IOS to send severity level 0–4 messages to the console
Configuring and Verifying System Logging
the example configures the same message level at the console and for terminal monitoring (level 7, or debug), and the same level for both buffered and logging to the syslog server (level 4, or warning). The levels may be set using the numeric severity level or the name as shown earlier in Figure 9-3.
show logging command confirms those same configuration settings and also lists the log messages per the logging buffered configuration.
If any log messages had been buffered, the actual log messages would be listed at the end of the command
clear out the old messages from the log with the clear logging EXEC command.
- ![Rl# configure terminal
- Enter configuration commands,
- RI (config)# interface gø/l
- RI (config-if)# shutdown
- RI
- one per line.
- End with CNTL/Z.
- *Oct 21 %LINK-5-CHANGED: Interface GigabitEthernetO/1,
- *Oct 21 %LINEPROTO-5-UPDOWN: Line protocol on Interfac
- RI (config-if)# no shutdown
- RI
- *Oct 21
- %LINK-3-UPDOWN: Interface GigabitEthernetØ/1, *Oct 21 %LINEPROTO-5-UPDOWN: Line protocol on Interfac RI (config-if)# AZ *Oct 21
- %SYS-5-CONFIG I: Configured from console by co Rl# show logging ! Skipping about 20 lines, the same lines in Example 9-3, until the Log Buffer (8192 bytes) : *Oct 21 %LINK-3-UPDOWN: Interface GigabitEthernetØ/1,](blob:file:///50a65acc-0691-4338-a954-5e888ca303e9)
The debug Command and Log Messages
debug EXEC command gives the network engineer a way to ask IOS to monitor for certain internal events, with that monitoring process continuing over time, so that IOS can issue log messages when those events occur
debug remains active until some user issues the no debug command with the same parameters, disabling the debug.
anyone logged in with SSH at the time Example 9-4’s output was gathered would not have seen the output, even with the logging monitor debug command configured on router R1, without first issuing a terminal monitor command.
all enabled debug options use router CPU, which can cause problems for the router. You can monitor CPU use with the show process cpu command
use caution when using debug commands carefully on production devices.
the more CLI users that receive debug messages, the more CPU that is consumed.
Network Time Protocol (NTP)
Devices send timestamps to each other with NTP messages, continually exchanging messages, with one device changing its clock to match the other, eventually synchronizing the clocks.
How NTP defines the sources of time data (reference clocks) and how good each time source is (stratum).
Setting the Time and Timezone
NTP works best if you set the device clock to a reasonably close time before enabling the NTP client function with the ntp server command
I should set the time to 8:52 p.m., set the correct date and timezone, and even tell the device to adjust for daylight savings time—and then enable NTP
Example 9-7 shows how to set the date, time, timezone, and daylight savings time.
You should set the first two commands before setting the time of day with the clock set EXEC command because the two configuration commands impact the time that is set.
chose EDT because it is the acronym for daylight savings time in that same EST time zone. Finally, the recurring keyword tells the router to spring forward an hour and fall back an hour automatically over the years.
clock set EXEC command
uses a time syntax with a 24-hour format, not with a 12-hour format plus a.m./p.m.).
The show clock command (issued seconds later) lists that time, but also notes the time as EDT, rather than UTC time.
Basic NTP Configuration
two ntp configuration commands
ntp master {stratum-level}: NTP server mode—the device acts only as an NTP server, and not as an NTP client. The device gets its time information from the internal clock on the device.
ntp server {address | hostname} : NTP client/server mode—the device acts as both client and server. First, it acts as an NTP client, to synchronize time with a server. Once synchronized, the device can then act as an NTP server, to supply time to other NTP clients.
show ntp status command
lists a status of synchronized, which confirms the NTP client has completed the process of changing its time to match the server’s time. Any router acting as an NTP client will list “unsynchronized” in that first line until the NTP synchronization process completes with at least one server. It also confirms the IP address of the server—this device’s reference clock—with the IP address configured in Example 9-8 (172.16.2.2).
show ntp associations
lists all the NTP servers that the local device can attempt to use, with status information about the association between the local device (client) and the various NTP servers.
Status on RI and R2
Click here to view code image
RI# show ntp associations
! This output is
taken from router RI, acting in client/server mode
address
sys . peer ,
ref
clock
172.16. 3.3
selected,
st
3
when poll
50
64
- candidate,
reach
377
outlyer ,
delay offset
1.223 0.090
x falseticker,
disp
4.46f
cor
Click here to view code image
R2# show ntp associations
! This output is taken from router R2, acting in
client/server mode
address
ref clock
1
st
2
when poll
49
64
reach
377
outlyer,
delay
1.220
offset
-7.758
disp
3.69
*A-172.16.3.3 127.127.1.
sys .peer, # selected,
candidate,
x
falseticker, “>
NTP Reference Clock and Stratum
Devices that act solely as an NTP server get their time from either internal device hardware or from some external clock using mechanisms other than NTP.
NTP servers and clients use a number to show the perceived accuracy of their reference clock data based on stratum level. The lower the stratum level, the more accurate the reference clock is considered to be. An NTP server that uses its internal hardware or external reference clock sets its own stratum level. Then, an NTP client adds 1 to the stratum level it learns from its NTP server, so that the stratum level increases the more hops away from the original clock source.
For instance, back in Figure 9-5, you can see the NTP primary server (R3) with a stratum of 2. R2, which references R3, adds 1 so it has a stratum of 3. R1 uses R2 as its NTP server, so R1 adds 1 to have a stratum of 4. These increasing stratum levels allow devices to refer to several NTP servers and then use time information from the best NTP server, best being the server with the lowest stratum level.
Routers and switches use the default stratum level of 8 for their internal reference clock based on the default setting of 8 for the stratum level in the ntp master [stratum-level] command. The command allows you to set a value from 1 through 15; in Example 9-8, the ntp master 2 command set router R3’s stratum level to 2.
Note
NTP considers 15 to be the highest useful stratum level, so any devices that calculate their stratum as 16 consider the time data unusable and do not trust the time. So, avoid setting higher stratum values on the ntp master command.
Redundant NTP Configuration
an enterprise could use NTP to reference NTP servers that use an atomic clock as their reference source, like the NTP primary servers in Figure 9-6, which happen to be run by the US National Institute of Standards and Technology (NIST) (see tf.nist.gov).
NTP primary server and NTP secondary server.
An NTP primary server acts only as a server, with a reference clock external to the device, and has a stratum level of 1, like the two NTP primary servers shown in Figure 9-6. NTP secondary servers are servers that use client/server mode as described throughout this section, relying on synchronization with some other NTP server.
After losing their reference clock, R1 and R2 could no longer be useful NTP servers to the rest of the enterprise.
To overcome this potential issue, the routers can also be configured with the ntp master command, resulting in this logic:
Establish an association with the NTP servers per the ntp server command.
Establish an association with your internal clock using the ntp master stratum command.
Set the stratum level of the internal clock (per the ntp master {stratum-level} command) to a higher (worse) stratum level than the Internet-based NTP servers.
Synchronize with the best (lowest) known time source, which will be one of the Internet NTP servers in this scenario
ntp master 7 command, with a much higher stratum,
NTP Using a Loopback Interface for Better Availability
what happens when one interface on R4 fails
for any NTP clients that had referred to that specific IP address
There would likely still be a route to reach R4 itself.
The NTP client would not be able to send packets to the configured address because that interface is down.
loopback interface to meet that exact need
once configured, it remains in an up/up state as long as
Key Topic.
The router remains up.
You do not issue a shutdown command on that loopback interface.
Analyzing Topology Using CDP and LLDP
Examining Information Learned by CDP
Cisco-proprietary
Layer 2 protocol
does not rely on a working Layer 3 protocol
Devices that support CDP learn information about others by listening for the advertisements sent by other devices.
CDP discovers several useful details from the neighboring Cisco devices:
Device identifier: Typically the host name
Address list: Network and data-link addresses
Port identifier: The interface on the remote router or switch on the other end of the link that sent the CDP advertisement
Capabilities list: Information on what type of device it is (for example, a router or a switch)
Platform: The model and OS level running on the device
Cisco IP Phones use CDP to learn the data and voice VLAN IDs as configured on the access switch.
routers and switches support the same CDP commands, with the same parameters and same types of output.
Example 9-15 show cdp neighbors Command Examples: SW2
Click here to view code image
SW2# show cdp neighbors
Capability Codes: R
S
D
Router,
- Switch,
Remote,
T
c
Trans
Host,
CVTA,
Bridge, B
Source Route Bri
1
M
IGMP, r
Repeater, p
Two-port Mac Relay
Device ID
SWI
RI
Local Intrfce
Gig 1/0/21
Gig 1/0/2
Holdtme
155
131
Capability
Platform
ws-C296ex
Cili1-8P
Total cdp entries displayed
.2 “>
To ensure all devices receive a CDP message, the Ethernet header uses a multicast destination MAC address (0100.0CCC.CCCC).
the device processes the message and then discards it, rather than forwarding it
show cdp neighbors detail
lists the full name of the switch model (WS-2960XR-24TS-I) and the IP address configured on the neighboring device.
The show cdp entry name command lists the exact same details shown in the output of the show cdp neighbors detail command, but for only the one neighbor listed in the command.
Cisco recommends that CDP be disabled on any interface that might not have a need for CDP. For switches, any switch port connected to another switch, a router, or to an IP phone should use CDP.
Configuring and Verifying CDP
IOS typically enables CDP globally and on each interface by default. You can then disable CDP per interface with the no cdp enable interface subcommand
re-enable it with the cdp enable interface subcommand
disable and re-enable CDP globally on the device
no cdp run and cdp run global commands
send time and the hold time. CDP sends messages every 60 seconds by default, with a hold time of 180 seconds. The hold time tells the device how long to wait after no longer hearing from a device before removing those details from the CDP tables. You can override the defaults with the cdp timer seconds and cdp holdtime seconds global commands, respectively.
Examining Information Learned by LLDP
the LLDP output in the example does differ from CDP in a few important ways:
LLDP uses B as the capability code for switching, referring to bridge, a term for the device type that existed before switches that performed the same basic functions.
LLDP does not identify IGMP as a capability, while CDP does (I).
CDP lists the neighbor’s platform, a code that defines the device type, while LLDP does not.
LLDP lists capabilities with different conventions (see upcoming Example 9-19).
System Capabilities: What the device can do
Enabled Capabilities: What the device does now with its current configuration
LLDP uses the same messaging concepts as CDP, encapsulating messages directly in data-link headers. Devices do not forward LLDP messages so that LLDP learns only of directly connected neighbors. LLDP does use a different multicast MAC address (0180.C200.000E)
Configuring and Verifying LLDP
Cisco devices default to disable LLDP
LLDP separates the sending and receiving of LLDP messages as separate functions.
LLDP support processing receives LLDP messages on an interface so that the switch or router learns about the neighboring device while not transmitting LLDP messages to the neighboring device.
the commands include options to toggle on|off the transmission of LLDP messages separately from the processing of received messages.
[no] lldp run: A global configuration command that sets the default mode of LLDP operation for any interface that does not have more specific LLDP subcommands (lldp transmit, lldp receive). The lldp run global command enables LLDP in both directions on those interfaces, while no lldp run disables LLDP.
[no] lldp transmit: An interface sub-command that defines the operation of LLDP on the interface regardless of the global [no] lldp run command. The lldp transmit interface subcommand causes the device to transmit LLDP messages, while no lldp transmit causes it to not transmit LLDP messages.
[no] lldp receive: An interface subcommand that defines the operation of LLDP on the interface regardless of the global [no] lldp run command. The lldp receive interface subcommand causes the device to process received LLDP messages, while no lldp receive causes it to not process received LLDP messages.
show lldp interface lists the interfaces on which LLDP is enabled.
like CDP, LLDP uses a send timer and hold timer for the same purposes as CDP. The example shows the default settings of 30 seconds for the send timer and 120 seconds for the hold timer. You can override the defaults with the lldp timer seconds and lldp holdtime seconds global commands