Vous êtes sur la page 1sur 22

Chapter 17: IP Services

Instructor & Todd Lammle

Chapter 17 Objectives
The ICND2 Topics Covered in this chapter
• IP Services
– Recognize high availability (FHRP)
– Configure and verify Syslog
– Utilize Syslog Output
– Describe SNMP v2 & v3
• Troubleshooting
– Utilize netflow data
– Monitor NetFlow statistics

Default gateway

If you’re wondering how you can possibly configure a client to

send data off its local link when its default gateway router has
gone down, you’ve targeted a key issue because the answer is that
usually, you can’t!
Proxy ARP

If a Proxy ARP–enabled router receives an ARP request for an IP address

that it knows isn’t on the same subnet as the requesting host, it will
respond with an ARP reply packet to the host.
FHRPs use a virtual router
with a virtual IP address and
virtual MAC address.

First hop redundancy protocols (FHRPs) work by giving you a way to

configure more than one physical router to appear as if they were only a
single logical one.
HSRP is a Cisco proprietary
protocol that can be run on
most, but not all, of Cisco’s
router and multilayer switch
models. It defines a standby
group, and each standby group
that you define includes the
following routers:
Active router
Standby router
Virtual router
Any other routers that maybe
attached to the subnet
HSRP active and standby routers

The problem with HSRP is that with it,

only one router is active and two or
more routers just sit there in standby
mode and won’t be used unless a failure
occurs—not very cost effective or

The standby group will always have at

least two routers participating in it. The
primary players in the group are the one
active router and one standby router
that communicate to each other using
multicast Hello messages.
HSRP Virtual MAC
The HSRP MAC address Here is an example of what an HSRP
has only one variable MAC address would look like:
piece in it. The first 24 0000.0c07.ac0a
bits still identify the
vendor who  The first 24 bits (0000.0c) are the
manufactured the device vendor ID of the address; in the case
(the organizationally of HSRP being a Cisco protocol, the ID
unique identifier, or OUI). is assigned to Cisco.
 The next 16 bits (07.ac) are the well-
The next 16 bits in the known HSRP ID. This part of the
address tells us that the address was assigned by Cisco in the
MAC address is a well- protocol, so it’s always easy to
known HSRP MAC recognize that this address is for use
with HSRP.
 The last 8 bits (0a) are the only
variable bits and represent the HSRP
group number that you assign. In this
case, the group number is 10 and
converted to hexadecimal when
placed in the MAC address, where it
becomes the 0a that you see.
 VRRP is an IEEE standard (RFC 2338) for router redundancy;
HSRP is a Cisco proprietary protocol.
 The virtual router that represents a group of routers is known
as a VRRP group.
 The active router is referred to as the master virtual router.
 The master virtual router may have the same IP address as the
virtual router group.
 Multiple routers can function as backup routers.
 VRRP is supported on Ethernet, Fast Ethernet, and Gigabit
Ethernet interfaces as well as on Multi-protocol Label Switching
(MPLS) virtual private networks (VPNs) and VLANs.
Cisco designed a proprietary load-
balancing protocol, Gateway Load
Balancing Protocol (GLBP), to
allow automatic selection and
simultaneous use of multiple
available gateways as well as
permit automatic failover between
those gateways.
GLBP takes an active/active
approach on a per-subnet
basis to support first-hop
(default router) traffic when
implemented with two
routers on the same LAN.
Multiple routers share the
load of frames that, from a
client perspective, are sent to
a single default gateway
address, as shown in the
GLBP Functions
GLBP essentially provides clients with the following:
 An active virtual gateway (AVG)
 An active virtual forwarder (AVF)
It also allows members of the group to communicate with each other
through Hello messages sent every 3 seconds to the multicast
address, User Datagram Protocol (UDP) port 3222.

Members of a GLBP group elect one gateway to be the AVG for that
group. Other group members provide backup for the AVG in the
event that the AVG becomes unavailable. The AVG assigns a different
virtual MAC address to each member of the GLBP group.

Each gateway assumes responsibility for forwarding packets that are
sent to the virtual MAC address assigned to that gateway by the AVG.
These gateways are known as AVFs for their virtual MAC address.
Reading system messages from a switch’s or router’s internal
buffer is the most popular and efficient method of seeing
what’s going on with your network at a particular time. But the
best way is to log messages to a syslog server, which stores
messages from you and can even time-stamp and sequence
them for you, and it’s easy to set up and configure!
Severity Levels
Severity Level Explanation
Emergency (severity 0) System is unusable.
Alert (severity 1) Immediate action is needed.
Critical (severity 2) Critical condition.
Error (severity 3) Error condition.
Warning (severity 4) Warning condition.
Notification (severity 5) Normal but significant condition.
Information (severity 6) Normal information message.
Debugging (severity 7) Debugging message.

Understand that only emergency-level messages will be displayed if

you’ve configured severity level 0. But if, for example, you opt for level
4 instead, level 0 through 4 will be displayed, giving you emergency,
alert, critical, error, and warning messages too.
Show logging
Notice that the default trap (message from device to NMS) level is informational
(level6), but you can change this too.

Router#sh logging
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 29 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.

Trap logging: level informational, 33 message lines logged

Log Buffer (4096 bytes):

*Jun 21 23:09:37.822: %SYS-5-CONFIG_I: Configured from console by console
SNMP is an Application layer protocol that provides a message
format for agents on a variety of devices to communicate with
network management stations (NMSs)

The NMS periodically queries or polls the SNMP agent on a device to

gather and analyze statistics via GET messages. End devices running
SNMP agents would send an SNMP trap to the NMS if a problem
SNMP versions
SNMP has three versions, with version 1 being rarely, if ever
implemented today. Here’s a summary of these three versions:

Supports plaintext authentication with community strings and
uses only by UDP.

Supports plaintext authentication (using community strings)
with MD5 or SHA with no encryption but provides GET BULK,
which is a way to gather many types of information at once and
minimize the number of GET requests. It offers a more detailed
error message reporting method, but it’s not more secure than
v1. It uses UDP even though it can be configured to use TCP.

Supports strong authentication with MD5 or SHA, providing
confidentiality (encryption) and data integrity of messages via
DES or DES-256 encryption between agents and managers. GET
BULK is a supported feature of SNMPv3, and this version also
uses TCP.
Cisco IOS NetFlow efficiently provides a key set of services for IP
applications, including network traffic accounting for baselining, usage-
based network billing for consumers of network services, network
design and planning, general network security, and DoS and DDoS
monitoring capabilities as well as general network monitoring.
Service providers use
NetFlow to do the following:
 Efficiently measuring who is using network service and for
which purpose
 Accounting and charging back according to the resource
utilizing level
 Using the measure information for more effective network
planning so that resource allocation and deployment are
well aligned with customer requirements
 Using the information to better structure and customize the
set of available applications and services to meet user
needs and customer service requirements
NetFlow Uses

 Major users of the network, meaning top talkers,

top listeners, top protocols, and so on
 Websites that are routinely visited, plus what’s been
 Who’s generating the most traffic and using
excessive bandwidth
 Descriptions of bandwidth needs for an application
as well as your available bandwidth
Configuring NetFlow
SF(config)#int fa0/0
SF(config-if)#ip flow ingress
SF(config-if)#ip flow egress
SF(config)#ip flow-export destination 9996
SF(config)#ip flow-export version ?
SF(config)#ip flow-export version 9
SF(config)#ip flow-export source loopback 0
Show ip cache flow
SF#sh ip cache flow
IP packet size distribution (161 total packets):
[output cut]
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 1 added
215 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 1 added, 1 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 14 0.0 19 58 0.1 6.5 11.7
TCP-WWW 8 0.0 9 108 0.1 2.5 1.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0 gig0/1 11 0044 0050 1161
Written Labs and Review
– Read through the Exam Essentials section
together in class
– Open your books and go through all the
written labs and the review questions.
– Review the answers in class.