Chapter 38 - Device Management Protocols Flashcards
What command(s) are used to enable logging for users logged in via a terminal emulator (Telnet, SSH)?
‘logging monitor’
‘terminal monitor’ (by the user when logged in each session)
What methods are there of viewing log messages?
- They can appear on the Console Lines:
- Log messages will be displayed in the CLI when connected via the console port.
- This is enabled using the ‘logging console’ command. - They can appear on the VTY Lines:
- Log messages will be displayed in the CLI when connected via Telnet/SSH.
- Disabled by default.
- This is enabled using the ‘logging monitor’ command.
- The users will then need to use ‘terminal monitor’ once they have logged in. - They can be stored in RAM:
- This is enabled using the ‘logging buffered’ command.
- A user can then use the ‘show logging’ command to view the stored messages. - They can be stored on a syslog server:
- This is configured using the ‘logging host <ip>' command.
- Syslog uses UDP 514.
- This can then be inspected in the remote syslog server.</ip>
What command(s) can you use to enable timestamps for IOS logging messages?
‘service timestamps’ from global config
What command(s) can you use to enable sequence numbers for IOS logging messages?
‘service sequence-numbers’ from global config
What are the different keywords and numbers that Cisco IOS uses to identify log message severity levels?
- 0 - Emergency - System Unusable (Severe)
- 1 - Alert - Immediate Action Required (Severe)
- 2 - Critical - Critical Event (Highest of 3) (Impactful)
- 3 - Error - Error Event (Middle of 3) (Impactful)
- 4 - Warning - Warning Event (Lowest of 3) (Impactful)
- 5 - Notification/Notice - Normal, More Important (Normal)
- 6 - Informational - Normal, Less Important (Normal)
- 7 - Debug - Requested by User (Debug)
What command(s) are used to enable different levels of logging on different services?
- Console - ‘logging console <level-name>'</level-name>
- Monitor (SSH/Telnet) - ‘logging monitor <level-name>'</level-name>
- Buffered (Store locally) - ‘logging buffered <level-name>'</level-name>
- Syslog (Store remotely) - ‘logging trap <level-name>' to config level
‘logging host <ip>’ to config syslog server</ip></level-name>
What command can you use to clear Buffered log messages?
‘clear logging’
What does the ‘debug’ command do?
Enables Debug (severity level 7) messages to be sent for specific events (e.g. ‘debug ip ospf hello’ will display all hello messages sent and received on OSPF enabled interfaces)
What command can you use to display current CPU load on an IOS device?
‘show process cpu’
- Useful when enabling debug level logging as it can have an impact on CPU depending on what it is being enabled for
What is NTP?
- Network Time Protocol
- Gives network devices a sense of time and date and allows networks to sync their clocks so they all have the correct times and dates when compared to each other
- Important for things such as logging to ensure the time on log entries is correct.
Best practice before enabling a device to contact an NTP server
- Set the time, date, timezone, and daylight savings status to as close to the current time as possible. This will make it easier for the device to synchronise to the NTP server.
- Set the timezone and daylight savings status before setting the time and date.
What command(s) do you use to set the timezone and daylight savings status for an IOS device?
- Timezone - ‘clock timezone <timezone (e.g. BST)> <how many hours compared to UTC (e.g. -5)>’
- The timezone parameter can be any value. It is best to set this to the name of the timezone the device is
in.
- The parameter after this defines how many hours behind Universal Coordinated Time the device is. - Daylight savings - ‘clock summer-time <timezone> <recurring>'
- The timezone parameter can be any value. It is best to set this to the name of the daylight savings
timezone the device is in.
- The 'recurring' parameter tells the device to go forward/backward by an hour over the coming years
when the timezones change from/to daylight savings.
- At the end of the command, you can also add when daylight savings time begins and ends in your
timezone. '<week> <day> <month> <time>'. The end parameters are entered in the same order after the start parameters.</time></month></day></week></recurring></timezone>
What command(s) do you use to manually set the time/date of an IOS device?
‘clock set <time (hh:mm:ss)> <date (Day Month Year)>’ - Software clock
‘calendar set <time (hh:mm:ss)> <date (Day Month Year)>’ - hardware clock
What command(s) do you use to make a device an ntp server only (NTP Server mode)?
- ‘ntp master <stratum>'</stratum>
- Causes the device to only act as a server
- Hands out the time based on the device’s own internal clock
What command(s) do you use to make a device an ntp client?
- ‘ntp server <address or hostname>’
- Causes the device to act as a client and a server
- Will first act as a client to synchronise with a reference clock.
- Once synchronised, will then act as a server to hand out the time to other clients.
When using the ‘ntp associations’ command, what part of the output determines what NTP server the device is currently synchronised with?
An ‘*’ before the association
What is the Stratum level of a NTP server?
- How accurate the NTP source is believed to be.
- The lower the number, the more accurate the NTP source.
- It starts at 0 and increases by 1 on the local device for each NTP server hop away from the reference clock the local device is.
- For example, R1 (server with stratum 0), connects to R2 (client), which connects to R3 (client). The
stratum on R3 for reference clock R1 will be 2 if R3 uses R2 as its server. If R3 just decides to use R1 then
it will be stratum 1.
What stratum level do Cisco routers and switches use for their internal clock by default?
- 8
- This is the reference clock for a router when the ‘ntp master’ command is used.
- In ‘ntp associations’ it will show as 7
What is the range of stratum levels for Cisco routers and switches?
1-15
What would happen if a client device calculated an NTP source’s stratum to be 16?
The client would consider this time data to be unusable and would not trust it.
What information does the ‘show ntp associations’ command display?
- Address - Address of an NTP server
- Ref Clock - Reference clock of an NTP server
- St - Stratum of an NTP server to its reference clock
What is an NTP Primary Server and Secondary Server?
- NTP Primary Server is a device that gets its time directly from a reference clock.
- NTP Secondary Server is a device that acts as an NTP Client and Server and gets its time from other NTP servers. This is configured using the ‘ntp server’ command.
What is a useful way of configuring NTP redundancy?
- Use the ‘ntp server’ command to associate with an external reference clock (e.g. an atomic clock)
- Use the ‘ntp master’ command to allow the devices’ internal clock to be used as a reference clock with a higher stratum level than that of the external reference clock.
What command can you use to force a device to send NTP client messages from a specific IP?
‘ntp source <interface>'</interface>
What is CDP?
- Cisco Discovery Protocol
- Cisco Proprietary
- Type of Layer 2 neighbor discovery protocol
- Learns information about and shares information with neighboring devices such as:
- Host name
- IP and MAC addresses on the device
- The interface at the other end of the link that sent the CDP advertisement
- Information on what type of device is at the other end of the link (e.g. router)
- The model of device and what OS it is running
What commands can you use to view CDP neighbor information learned by an IOS device?
- ‘show cdp neighbors’ - Lists a one line summary of information learned about neighbors (e.g. hostname, local interface discovered via, hold time, capability, platform (model), remote interface) . Can also add the interface on the end to only list this information learned from a specific interface
- ‘show cdp neighbors detail’ - Lists a large set of information about neighbors.
- ‘show cdp entry <name>' - Lists the same information as the 'detail' command but only about a specific neighbor.</name>
True or False. The same CDP commands can be used on routers and switches.
True.
What MAC address are CDP messages sent to?
01:00:0C:CC:CC:CC (Multicast)
True or False. A device will forward CDP messages that it receives from other devices.
False. It will process the message and then discard it. This is why a device will only learn about neighbors that are directly connected.
What command can you use to enable CDP globally on an IOS device?
‘cdp run’
How often are CDP messages sent by default?
- 60 seconds
- Can be changed with the ‘cdp timer <seconds>' command in global config</seconds>
What is the default Hold Time for CDP and what does it do?
- 180 seconds
- The hold time tells the router how long it should wait after no longer hearing CDP messages from a device before removing it from its CDP database.
- Can be changed with the ‘cdp holdtime <seconds>' command in global config</seconds>
What is LLDP?
- Link Layer Discovery Protocol
- IEEE 802.1AB
- Type of Layer 2 neighbor discovery protocol
- Learns information about and shares information with neighboring devices such as:
- Host name
- IP and MAC addresses on the device
- The interface at the other end of the link that sent the LLDP advertisement
- Information on what type of device is at the other end of the link (e.g. router)
- The model of device and what OS it is running
Differences between information provided by CDP and LLDP.
- LLDP uses ‘B’ (for bridge) as the capability code for a switch. CDP uses ‘S’ (for switch).
- LLDP doesn’t list IGMP as one of the discoverable capability codes. CDP does.
- CDP lists the device’s platform (device model) whereas LLDP doesn’t
- LLDP lists only enabled capabilities of a device. CDP lists all potential capabilities of a device. You can view all potential capabilities of a device learned by LLDP using the ‘show lldp neighbors detail’ or ‘show lldp entry’ commands.
- CDP can convey VTP information, LLDP cant
True or False. Show commands are identical for CDP and LLDP.
True.
What MAC address are LLDP messages sent to?
01:80:C2:00:00:0E
True or False. LLDP is enabled by default on Cisco devices.
False. It is disabled by default
True or False. CDP is enabled by default on Cisco devices.
True.
What commands need to be used to enable LLDP?
- ‘lldp run’ - Enables lldp globally
- ‘lldp transmit’ - Enables an interface to transmit LLDP messages
- ‘lldp receive’ - Enables an interface to receive LLDP messages
True or False. LLDP can be configured to only transmit or receive messages on a particular interface.
True. Using the ‘lldp transmit’ and ‘lldp receive’ commands on an interface(s).
How often are LLDP messages sent by default?
- 30 seconds
- Can be changed with the ‘lldp timer <seconds>' command in global config</seconds>
What is the default Hold Time for LLDP and what does it do?
- 120 seconds
- The hold time tells the router how long it should wait after no longer hearing LLDP messages from a device before removing it from its LLDP database.
- Can be changed with the ‘lldp holdtime <seconds>' command in global config</seconds>
What commands can you use to view LLDP neighbor information learned by an IOS device?
- ‘show lldp neighbors’ - Lists a one line summary of information learned about neighbors (e.g. hostname, local interface discovered via, holdtime, capability, remote interface). Can also add the interface on the end to only list this information learned from a specific interface.
- ‘show lldp neighbors detail’ - Lists a large set of information about neighbors.
- ‘show lldp entry <name>' - Lists the same information as the 'detail' command but only about a specific neighbor.</name>
What is the default logging level for the console?
Debug (7)
What information could you only find about a device if you used the ‘show cdp/lldp neighbors entry <name>' or 'show cdp/lldp neighbors detail' command?</name>
- For CDP; The model number and OS version of the device
- For LLDP; The potential capabilities of the device
What command can you use to see the time and date on an IOS device?
‘show clock’
‘show clock detail’ will also show the time source
What is the default timezone of an IOS device?
UTC
What command(s) can you use to sync the hardware clock to the software clock and vice versa?
‘clock update-calendar’ to sync hardware (calendar) to software (clock)
‘clock read-calendar to sync software (clock) to hardware (calendar)
What is a Reference Clock?
- Extremely accurate time keeping device (e.g. atomic clock)
- Stratum 0
What is Symmetric Active NTP mode?
- When NTP servers peer with other NTP servers at the same stratum level to provide a more accurate time and redundancy.
- Configured using the ‘ntp peer <IP> command</IP>
True or False. NTP updates the hardware (calendar) and software (clock) clocks.
False. It only updates the software clock so it’s a good idea to do ‘clock update-calendar’ after first connecting to an NTP server.
You can make NTP update the hardware clock by using the ‘ntp update-calendar’ command in global config.
What is the hardware clock of a device?
- Normally a battery powered time keeping device that maintains the time even if the device is restarted.
- The software clock is synchronised to the hardware clock upon boot.
What is NTP authentication?
- Optional on Cisco devices
- Used to ensure that clients can only sync with the intended servers. Their passwords must match.
- To enable use the below commands
‘ntp authenticate’ - Enable it on the client and server
‘ntp authentication-key <key-number (e.g. 1, 2)> md5 <key>' - Create the key(s) on the client and server
'ntp trusted-key <key-number>' - Specify trusted keys on the client and server
'ntp server <IP> key <key-number>' - Specify which key to use for which server on the client</key-number></IP></key-number></key> - Can also add authentication to NTP peering by using the ‘ntp peer <IP> key <key-number> command</key-number></IP>
What is Static Client NTP mode?
- When a device acts as an NTP client and server
- Configured using the ‘ntp server <ip> command</ip>
What information does the ‘show cdp’ command show?
- CDP timer
- CDP hold timer
- CDP version
What is the LLDP reinitialisation timer?
- Delays the initialisation of LLDP when it is enabled.
- 2 seconds by default
- Configured using ‘lldp reinit <seconds>'</seconds>
Mnemonic for remembering syslog levels
Every - Emergency - 0
Awesome - Alert - 1
Cisco - Critical - 2
Engineer - Error - 3
Will - Warning - 4
Need - Notification/Notice - 5
Ice cream - Informational - 6
Daily - Debugging - 7
What is the format of a log message?
<Sequence>:<Time>: %<Facility>-<Severity>-<Mnemonic>:<Description>
- Sequence - Identifier
- Time stamp - Time the event occurred
- Facility - Where the event occurred (e.g. OSPF for OSPF, LINK for interface)
- Severity - How urgent the issue is
- Mnemonic - Brief description
- Description - Full description
</Description></Mnemonic></Severity></Facility></Time></Sequence>
What does the ‘logging synchronous’ command do?
Stops log messages in the console or vty login lines from splitting your configuration lines
True or False. A device can have multiple NTP servers configured.
True. It will sync to the server with the best response times at that moment.
’ ntp server <ip> prefer' will cause this server to be the preferred NTP source.</ip>
What is an SNMP Engine ID?
- 10 character hex string that identifies an SNMP server. Local ID is configured automatically.
- Configuring the remote engine ID on a local device tells it what server it will connect to
- Configuring the local engine ID on a local device is what other devices will connect to by configuring their remote engine id
