Scribd
Upload
27 views54 pages

Module 9 Slides

The document provides an overview of console and VTY lines for device access and configuration, highlighting the importance of physical access for console connections and recommending SSH over Telnet for remote access. It covers various protocols for file transfers, including TFTP, HTTP/HTTPS, and SCP, along with their configurations and troubleshooting steps. Additionally, it discusses SNMPv3 for network management, DHCP client troubleshooting, IP SLA for monitoring, and NetFlow for traffic analysis.

Uploaded by

virendra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views54 pages

Module 9 Slides

The document provides an overview of console and VTY lines for device access and configuration, highlighting the importance of physical access for console connections and recommending SSH over Telnet for remote access. It covers various protocols for file transfers, including TFTP, HTTP/HTTPS, and SCP, along with their configurations and troubleshooting steps. Additionally, it discusses SNMPv3 for network management, DHCP client troubleshooting, IP SLA for monitoring, and NetFlow for traffic analysis.

Uploaded by

virendra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 54

Console and VTY

Troubleshooting
Console and VTY Lines

Console:

• Initial method for connection and configuration


• Requires physical access to the device
Console and VTY Lines

Console:

• Initial method for connection and configuration


• Requires physical access to the device
Console and VTY Lines

Console:

• Initial method for connection and configuration


• Requires physical access to the device
Console and VTY Lines

Console:

• New devices may have no password or default value


• Console login command configuration
• Valid credentials locally or on AAA server
• Method lists for the console
Console and VTY Lines

VTY Lines:

• Virtual terminal lines for remote access


• SSH is recommended over Telnet in production
• Connect with console cable for troubleshooting
Remote Access
Protocols
Remote Access Protocols

Telnet/SSH:

• Verify IP reachability
• Verify valid credentials are in place
• Verify line login method lists are correct
• Check any attached ACLs on VTY lines
Remote Access Protocols

SSH-Speci c Issues:

• Verify correct version of SSH is specified


• By default, both SSHv1 and v2 are allowed
• sh ip ssh
fi
Remote Access Protocols

SSH:

• Verify login command on VTY lines


• Check any ACL attached to VTY lines
• Check for port 22 access
File Transfer
Protocols
File Transfer Protocols

Trivial File Transfer Protocol (TFTP):

• Simplified version of FTP


• Commonly used for IOS upgrade and backup
File Transfer Protocols

Trivial File Transfer Protocol (TFTP):

• UDP port 69 communication


• Server and device storage space
• “Buffer overflow” indicates device storage issue
• Check IP reachability with ping

SW1#copy tftp://10.1.1.50/ios_files/c3560-ipservicesk9-
mz.150-1.SE.bin flash:c3560-ipservicesk9-
mz.150-1.SE.bin
File Transfer Protocols

HTTP/HTTPS:

• Default ports = HTTP 80, HTTPS 443


• Check IP reachability with ping
• Use correct version of copy command

SW1#copy http://admin:[email protected]/
ios_files/c3560-ipservicesk9-mz.150-1.SE.bin
flash:c3560-ipservicesk9-mz.150-1.SE.bin
File Transfer Protocols

HTTP/HTTPS:

• Configuring non-default ports


• Correct protocol in copy command (http vs. https)

SW1#copy http://admin:[email protected]:8080/
ios_files/c3560-ipservicesk9-mz.150-1.SE.bin
flash:c3560-ipservicesk9-mz.150-1.SE.bin
File Transfer Protocols

Secure Copy Protocol (SCP):

• Uses SSH to provide authentication


• Enable AAA services on device (aaa new-model)
• Valid username/password configuration
File Transfer Protocols

Secure Copy Protocol (SCP):

• Enable SCP (ip scp server enable)


• Valid RSA key in place
• Command crypto key generate rsa [modulus bits]

SW1#copy scp://admin:[email protected]/
ios_files/c3560-ipservicesk9-mz.150-1.SE.bin
flash:c3560-ipservicesk9-mz.150-1.SE.bin
SNMPv3
SNMPv3

Simple Network Management Protocol (SNMP):


• Allows for monitoring of managed devices
• Detect issues and fault early
• Monitor device throughput
• Remote configuration and control
SNMPv3

SNMP Manager:
• Polls devices to obtain information and alerts
• Typically a central software application
• Option for email/SMS alerts to administrators
• Polling happens over UDP port 161 by default
SNMPv3

SNMP Agent:
• Process running on a monitored device
• Information sent as a response to polling
• Unsolicited messages (traps) can also be sent
• Information sent over UDP port 162 by default
SNMPv3

Management Information Base (MIB):


• Hierarchical database structure
• Contains object identifiers (OIDs)
• OIDs help identify relevant SNMP information
SNMPv3

SNMP Manager Polls:

get-request - Requests a specific OID

get-next-request - Requests subsequent information


after the initial request
get-bulk-request - Requests entire tables from MIB

set-request - Used for remote configuration


SNMPv3

SNMP Agent Responses:

get-response - Responses to SNMP Manager polls

trap - Data is sent without receipt requirement

inform-request - Acknowledgement of data receipt is


required from the SNMP Manager
SNMPv3

SNMP Version 3:

V3 • Most current version


• Addition of unique EngineIDs for SNMP devices
• Adds authentication based on MD5 or SHA
• Adds encryption through DES, 3DES, or AES
SNMPv3

SNMPv3 Security Levels:


V3 • Noauthnopriv - No security features of v3
• Authnopriv - Authentication but no encryption
• Authpriv - Authentication and encryption
Syslog
Debugging
DHCP Clients
DHCP Client

IPv4 Address:

• Host portion = actual IP address


• Network/Subnet portion = determines which devices
can communicate with host
DHCP Client
PC1: 192.168.1.10
255.255.255.192
DG: 192.168.1.1
Server: 10.1.1.50

192.168.1.1

PC2: 192.168.1.20
255.255.255.192
DG: 192.168.1.1
DHCP Client
PC1: 192.168.1.10
255.255.255.192
DG: 192.168.1.1
Server: 10.1.1.50

192.168.1.1

PC2: 192.168.1.20
255.255.255.240
DG: 192.168.1.1
DHCP Client
PC1: 192.168.1.10
255.255.255.192
DG: 192.168.1.1
Server: 10.1.1.50

192.168.1.1

PC2: 192.168.1.20
Netmask Too Wide
255.255.255.240
• ARP resolution fails with unintended hosts
DG: 192.168.1.1
Netmask Too Narrow
• Legitimate hosts affected
:

DHCP Client

Client Troubleshooting:

• Make sure host has valid IP address


• APIPA can indicate Layer 2 issues
• Check subnet mask and default gateway
• Try to manually configure during troubleshooting
• Physical troubleshooting
Cisco IOS DHCP
Server
Cisco IOS DHCP Server

Cisco IOS DHCP Server:

• Check DHCP pool size


• Check for duplicate IP address assignment
• Make sure IOS device has an interface configured
that is part of the DHCP pool subnet
• Configure DHCP relay agent, if needed
• Make sure redundant DHCP servers are able to
communicate with one another
IP SLA
IP SLA Theory

IP SLA:
• Active monitoring and reporting
• Connectivity, delay, jitter, packet loss, etc.
• Common tool for service providers
IP SLA Theory

IP SLA:
• No physical probe required
• Requires IP SLA source
• IP SLA responder is optional
IP SLA Theory

IP SLA Source:
• Generates packets and sends to destination
• ICMP echo is an example of a probe
• Response would include time-stamps and other info
IP SLA Theory

IP SLA Responder:
• Provides more advanced response metrics
• Some IP SLA operations require a responder
IP SLA Theory

IP SLA:
• Leverages SNMP traps triggered by events
• Threshold violations trigger alerts
• Violations can also trigger other IP SLA operations
• SNMP agents are a helpful addition
NetFlow Theory
NetFlow

NetFlow:
• Collects IP traffic information

Helps identify:
• Network traffic bottleneck areas
• Effects of policy changes and new applications
• Unauthorized/problematic traffic
• Security vulnerabilities and anomalies
NetFlow

FLOW = unidirectional traffic

• Packet “fingerprints” collected by NetFlow


• Similar packets are grouped together into a flow record
NetFlow

NetFlow Cache:
• IP source and destination address
• Source and destination port
• Layer 3 protocol type
• Router or switch interface
• Type of Service (ToS)

• Capture can happen on ingress and/or egress


NetFlow

IP Source Address

IP Destination Address

Source Port

Destination Port

Layer 3 Protocol

Interface

Type of Service

CLI view Export to external NetFlow Collector


NetFlow

NetFlow Collector:
• Receives, interprets, and stores flow records
• Data analysis and correlation features
NetFlow
NetFlow Collector:
• Exporter bundles 30-50 similar flows
• Flow data transported over UDP to collector
• Provides real-time and historical data

NetFlow v5:
• Most popular version due to wide compatibility
• Uses a fixed data format

NetFlow v9:
• Most recent version with added security and analysis
• Uses a dynamic data format with templates
NetFlow

Flexible NetFlow
• Cisco enhancement for more focused collection
• Uses multiple flow monitors on the same traffic
• Multiple flow policies separate data outputs
NetFlow
Configuration

You might also like