nms-1n01
DESCRIPTION
NMS7TRANSCRIPT
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
1 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
INTRODUCTION TONETWORK MANAGEMENTSESSION NMS-1N01
222 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Agenda
Part IThe Need for Network ManagementNetwork Management Defined
Protocols and Technologies
Functional Areas of Network Management
Part IIPreparing a Network for Management
Real World Applications of Proper Management Practices
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
333 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Part I
Network management defined
Protocols and technologies
Functional areas of network management
444 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
The Case for Management
Typical problemRegional user arrives at work and experiences slow or no response from corporate web server
Where do you begin?Where is the problem?
What is the problem?
What is the solution?
Without proper network management, these questions are difficult to answer Corp Network
Regional Offices
WWW Servers
Remote User
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
555 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Corp Network
Regional Offices
WWW Servers
Remote User
The Case for Management
With proper management tools and procedures in place, you may already have the answer
Consider some possibilities1. What configuration changes
were made overnight?
2. Have you received a device fault notification indicating the issue?
3. Have you detected a security breach?
4. Has your performance baseline predicted this behavior on an increasingly congested network link?
666 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
The Case for Management
An accurate database of your networks topology, configuration, and performance
A solid understanding of the protocols and models used in communication between your management server and the managed devices
Methods and tools that allow you to interpret and act upon gathered information
Response Times
High Availability
Predictability
Security
Solving a Typical Problem Like This Includes the Following:
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
777 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
ROI ExampleUsing a Management Tool for Daily Tasks
Number of Managed Devices 800Average Manual Process Time Required (Man-Hours)
Password Change0.05 (3 Min/Device/Qtr)Software Upgrade0.25 (19 Min/Device/Bi-Annual)
Gather Inventory Information 0.03 (2 Min/Device/Qtr)Documenting Changes 0.08 (5 Min/Incident)Audit 30.00 (Per Qtr)
Manual Configuration Error Rate 2%Cost per Man-Hour $48.84
Configuration ManagementProcess
ManualProcedure
After Product Implementation
TimeSavings
ROI
Password Change 435 44 391 $19,106.21Software Upgrade 544 0.37 544 $26,551.05Gather Inventory Information 381
0.67380 $18,565.71
Documenting Changes 1200.67
$5,828.24
Required Man-Hours (per Annum)
119Total Configuration Management ROI $70,051.21
Source: Cost Analysis Using CiscoWorks LAN Management Solution. Esaka, 2002
888 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
The Network Managers Responsibility
Ensure that the users of a network receive the information technologyservices with the quality of service that they expect
Strategic and tactical planning of the engineering, operations, and maintenance of a network and network services
Help network engineers deal with the complexity of a data network and to make sure that data can go across it with maximum efficiency and transparencyto the users
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
999 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Network Management
Network Management Defined
Troubleshooting
Configuration
Monitoring
Key Network Management Tasks
Administration VoIP VPN QoS
Efficiency
Productivity
Control
Key Network Management Success Factors
101010 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Communicating with the Network
Managed Network Elements Are Waiting
to Provide Us with Useful Information
Network Management Begins with an Understanding of How to Collect and Interpret
This Information
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
111111 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Methods of Communication
Console
Telnet
HTTP
SNMP
Example Security Options
SSH
SSL (HTTPS)
SNMPv1, 2cAccess ListsSNMPv3Auth/Priv
Device UsernamesTACACS/RADIUSTerminal Server
Embedded Device Management (XML)
ReflectionXSoftware
MRTGMulti Router
Traffic Grapher
121212 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Network Queries Unsolicited
Events
Two-Tier Management Communication
Database
Network Elements
Manager
Unmanaged Element
NetworkManagement
System
The Model
Agent
ManagedElement
Agent
ManagedElement
Agent
ManagedElement
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
131313 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Two-Tier Management Communication
Network Elements
CiscoWorksHP-OpenView
NetworkManagementSystem
Cisco CallManager
Printer RouterSwitch
Network Queries Unsolicited
Events
The Real World
141414 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Unmanaged Element
ProxyAgent
Three-Tier Management Communication
Network Elements
RMONProbe
MDBManager
Managed Element
Agent
NMS
The Model
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
151515 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Three-Tier Management Communication
CiscoWorksConcord eHealth
StandardRMON Probe
Switch
Managed Element
The Real World
NetworkManagementSystem
161616 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
SNMP Primer: Understanding the Agent
Information storehouse
Information structured as per Structure of Management Information (SMI) standards
Object definitions provided in many Management Information Bases (MIBs)
NMS
IP NetworkSNMPManageableDevice
ManagementEntity
SNMPAGENT
1000s ofDefinedObjects
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
171717 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
SNMPManageableDevice
ManagementEntity
SNMPAgent
SNMP Primer: Understanding the Protocol
Get requests used to read the value of object Set requests used to modify the value of object
Traps provide asynchronous event notification
NMS
IP Network
SNMP v1, SNMP v2cTrap!
Get Response
Get Request, Get-Next RequestGet-Bulk Request
Set Request
181818 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Level Auth Encryption What Happens
SNMPv1 noAuthNoPriv Uses a Community StringMatch for AuthenticationCommunity
String
SNMPv2c noAuthNoPriv Uses a Community StringMatch for AuthenticationCommunity
String
SNMPv3 noAuthNoPriv Uses a UsernameMatch for AuthenticationUsername
SNMPv3 authNoPrivProvides AuthenticationBased on HMAC-MD5 orHMAC-SHA Algorithms
MD5 or SHA
SNMPv3 authPrivAdds DES 56-Bit Encryptionin Addition to Authentication
Based on DES-56MD5 or SHA DES
Configuring NM Protocols
SNMP
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
191919 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Measurement TechnologySNMP Protocol: Background
Simple Network Management Protocol
Cisco IOS versions10.3 J SNMPv1 + v211.0, 11.1, 11.2 J SNMPv1 + v211.3 J SNMPv1 + v2c12.0 J SNMPv1 + v2c12.0(3)T J SNMPv1 + v2c + v312.0(6)S J SNMPv1 + v2c + v312.1 J SNMPv1 + v2c + v312.2 J SNMPv1 + v2c + v3
202020 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
SNMP Object Identification
Need a scheme that allows two vendors or products within a vendor to compare like items
Object Identifiers (OID) were chosen as the identification scheme
An OID is an ordered sequence of non-negative integers written left to right, containing at least two elements (0.0)
Bound to simple names in MIB modules:
ifDescr is 1.3.6.1.2.1.2.2.1.2
ifInOctets is 1.3.6.1.2.1.2.2.1.10 Enterprises1
Cisco
CiscoMgmt
9
Private4
isoOrg
Internet
Mgmt
Mib-2
13
6
2
1
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
212121 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Enterprises
1
Cisco
9
CiscoMgmt
9
Private4
SNMP Object Identifiers
11
12
13
14
151617
alMatrix
18useHistory
19probeConfig
AddressMap
ProtocolDir
nlHost
ProtocolDist
nlMatrix
alHost
Token Ring
Events
Packet Capture
Filters
Traffic Matrix
Host TopNAlarmsHistory
Statistics
1
2 3
9
10
5
6
7
Hosts
4
8
RMON
TR RMON
RMON2
RMON
isoOrg
dodInternet
Mgmt
Mib-2
13
6
1
2
1
222222 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Applying a Management Model
Now That You Have Gathered Network Information, What
Should You Do with It?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
232323 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
The Five Facets of Proper Network Management
Addresses the network management applicationsthat reside upon the NMS
OSI model categorizes five areas of function (sometimes referred to as the FCAPS model):
Fault
Configuration
Accounting
Performance
Security
232323
242424 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault Management
The process of locating, diagnosing, and correcting network problems
Increases network reliability and effectiveness
More than just firefighting Increases the productivity
of network users
Device Down?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
252525 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault Management
Identify the problem by gathering information about the state of the network (polling and trap generation)
Restore any services that have been lost
Isolate the cause and decide if the fault should be managed
Correct the fault if possible
Steps for Successful Fault Management:
262626 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration Management
The process of obtaining data from the network and using that data to manage the setup of all network devices
Allows rapid access to configuration information
Facilitates remote configuration and provisioning
Provides an up-to-date inventory of network components
Speed?Duplex?
Trunking?VLANs Allowed?
STP State?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
272727 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration Management
Gather current network configuration (either manually or automatically)
Use that data to modify network device configuration in order to provision the network
Store the configuration data and maintain an up-to-date inventory of all network components
Produce various inventory reports
Steps for Successful Configuration Management:
282828 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Accounting Management
Measuring the usage of network resources by users in order to establish the metrics, check quotas, determine costs, and bill users
Measures and reports accounting information based on individual groups and users
Administers the cost of the network
Internal verification of third-party billing for usage
Input Octets?Output Octets?
Total Broadcasts?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
292929 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Accounting Management
Gather network resource utilization information
Use metrics to set usage quotas
Billing users for their network use
Consider the cost of accounting
Address the Different Steps Involved for Accounting Management:
303030 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance Management
Ensuring that the data network remains accessible and as uncongested as possible
Reduces network overcrowding and inaccessibility
Provides a consistent level of service to the network user
Determine utilization trends to proactively isolate and solve performance problems
Utilization?Peak/Min/Max?
Error Rates Unicast Rates?
Broadcast Rates?
CPU Utilization?Free Memory?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
313131 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance Management
Collect data on current network link and device utilization
Baseline the utilization metrics and isolate any existing performance problems
Set utilization thresholds based on the baseline
Analyze the historical data for recognizing trends
Resource planning and tuning
Remembermeasuring performance impacts performance
Steps for Successful Performance Management:
323232 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security Management
Protecting sensitive information on devices attached to a data network by controlling access points to that information
Builds network user confidence
Secures sensitive information from both internal and external sources
Protects the network functionality from malicious attacks
MAC AddressLocked to Port
Access ListBlocks Connections
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
333333 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security Management
Identify sensitive information or devices
Find the access points
Secure the access points
Protect the sensitive information by configuring encryption policies
Implement a network intrusion detection scheme to enhance perimeter security
Steps for Successful Security Management:
343434 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Part II
Preparing the network for management
Real world applications of proper management practices
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
353535 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Preparing Devices for Management
SNMPMIBs Security
Performance
Accounting
ConfigurationFault LAN
QoS
VoIP
SLA
WANHigh Availability
? ?
363636 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuring SNMP
Configuration syntax operating system (OS) dependant Catalyst OS agent has two write access policies
Read-writepartial configuration accessRead-write-allfull configuration access
Catalyst OS agent has defaultschange them!R/O = public R/W = private R/W/A = secret
snmp-server community ROsnmp-server community RWsnmp-server enable trapssnmp-server host traps snmp-server trap-source loopback0
set snmp community read-only set snmp community read-write set snmp community read-write-all set snmp trap set snmp trap enable allset snmp rmon enable
Catalyst OS
Catalyst IOS
Cisco IOS
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
373737 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Catalyst OS
Catalyst IOS
Cisco IOS
Configuring NTP
Syntax differs between Cisco IOS and Catalyst OS devices Configure NTP on management server Time synchronization important for proper syslog, traps,
and monitoring correlation
ntp server ntp source Loopback0ntp update-calendarclock timezone PST 8clock summer-time PDT recurring
set ntp client enableset ntp server set ntp timezone PST 8set summertime enable PST
383838 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Catalyst OS
Catalyst IOS
Cisco IOS
Configuring Syslog
Syntax differs between Cisco IOS and Catalyst OS devices Message textual format differs between Cisco IOS and
Catalyst OS devices Resource manager essentials requirement
Logging level informational (6)
logging onlogging logging facility local7logging trap informationallogging source-interface loopback0service timestamps log datetime
set logging server set logging server level 6set logging server facility local7set logging level sys 6 defaultset logging timestampset logging enable
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
393939 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Catalyst OS
Catalyst IOS
Cisco IOS
Configuring Telnet
Syntax differs between Cisco IOS and Catalyst OS devices Catalyst switches have telnet enabled but no console/telnet
or enable passwords by defaultadd them Cisco IOS devices do not have telnet enabled
Enable for management supportSecure with TACACS+
enable password line vty 0 4
password login
set password set enablepass
404040 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Catalyst OS
Catalyst IOS
Cisco IOS
Configuring CDP and ILMI
Syntax differs between Cisco IOS and Catalyst OS devices
CDP enabled by default on most interfaces
cdp run
set cdp [enable/disable]
atm pvc 2 0 16 ilmiILMI Setup for ATM Interface
Globalset cdp [enable/disable]
Per Port
Global
cdp enablePer Interface
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
414141 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Additional Configuration
CISCO IOS DEVICE Hostname and SNMP
contact, location, chassis-id User login authorization
local or TACACS+
SNMP access lists RMON alarms and events
(statistics and history if available)
CATALYST SWITCH System name,
contact, location User login authorization
local or TACACS
Mini-RMON statistics, history, alarms, and events
VTP domain name
Catalyst OSCatalystIOS
Cisco IOS
424242 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Designing for Management Preferred Management Interfaces
Management systems communicate via IP with managed devices The IP address should be chosen carefully to provide the highest
availability It is a best practice to use a very stable physical address or a
configured loopback address
Virtual InterfacesOnly Exist in the Device Configuration LoopBack0 VLAN interfaces
Physical InterfacesActual Ports on Router Chassis Ethernet0/0 Serial 0/1
interface Loopback0
ip address 192.168.79.130 255.255.255.255
interface Vlan60
ip address 192.168.79.62 255.255.255.252
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
434343 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Designing for Management Redundant Infrastructure
High-availability management
Completely separates management from user data
Management link is in separate subnet, VLAN, and switch
Higher assurance for management data delivery during congestion or convergence
SNMP Manager
10.1.100.12 10.1.100.13 10.1.100.14
10.1.100.10 10.1.100.11
10.1.100.15
444444 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Designing for Management Terminal Servers
Serial Cable
Regional Offices
TerminalServer
Corp Network
Telnet
Modem Out of band Failsafe access
Console connection only, no SNMP
Connect to redundant infrastructure
Secure AUX ports when using modem
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
454545 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Incorporating FCAPS into the Network
Fault
Configuration
Accounting
Performance
Security
464646 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault ManagementReal World Example
Network administrator was receiving fault notifications of a recurring problem; each evening between 8:00 and 8:30 connectivity is lost to a branch office; connectivity is restored at approximately 9:00pm
8:30pm
The Problem
7:50pm 9:00pm
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
474747 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault ManagementReal World Example
ConsiderationsIs an entire device failing? If so, what device?Is a link failing? If so, which link?
How can this be prevented in the future?
Management processes in placeActively polling critical devices for availability
Notification tool to alert administrator
The Solution
484848 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault ManagementReal World Example
The loss of connectivity was linked to the late night janitor unplugging the wan router to plug in his radio
The solution was to provide the late night janitor with an extension cord
The Solution
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
494949 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault Management Device Fault Manager
Administrator was notified of failure via a notification tool (email, page, etc.)
Notification shows up on the console as an unresponsive router
Device level fault and root cause analysis for Cisco products
Monitor for high availability MIBs, polling intervals and
thresholds set by default out of the box
505050 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault Management ToolsHP and Tivoli
Correlate and manage events and SNMP traps
Perform fault isolation and root cause analysis
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
515151 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementReal World Example
Network administrator notices night time configuration changes in the production network followed by immediate configuration rollbacks to disguise any tampering
logging 192.168.76.228
logging 192.168.76.229
!
snmp-server community public RO
snmp-server community forks RW
snmp-server system-shutdown
logging 192.168.76.228
logging 192.168.76.229
logging 192.168.76.4!
snmp-server community public RO
snmp-server community spoons RWsnmp-server system-shutdown
logging 192.168.76.228
logging 192.168.76.229
!
snmp-server community public RO
snmp-server community forks RW
snmp-server system-shutdown
10:55pm 11:05pm 11:23pm
The Problem
525252 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementReal World Example
Considerations
What changes were made?When were the changes made?Who made them?How can this be prevented in the future?
The Solution
Devices configured to send config change syslog messages to NMSUser authentication tool
Configuration archiving
Management processes in place
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
535353 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementReal World Example
The network configuration changes were being made by a colleague studying for his CCIE exam after hours using the production network
The solution was to provide the culprit with an unused 2600 router to be used in his home
= $$
The Solution
545454 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementResource Manager Essentials Change Audit Service
All Syslog Events
Syslog Analyzer
ManagedSyslogEvents
Change AuditReports
AAA
SyslogDatabase
Change AuditDatabase
InventoryDatabase
54
Changes to CLI11
ConfigurationManager
InventoryManager
SoftwareManager
Changes from CiscoWorksPeriodic Scans or Scheduled Jobs22
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
555555 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementRME Change Audit Setup
Change audit relies on syslog messages to operatePoint syslogs from all managed devices (except Pix firewalls) to the RME server
Collection of usernames occurs in 3 ways:1. Using usernames on devices themselves2. Using a RADIUS or TACACS server3. Using a configurations change tool in RME (NetConfig, Config Editor)
That User Name Field Is
Important to Most Customers
565656 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementResource Manager Essentials
Inventory ManagerComplete Cisco asset managementSupport for IGX, BPX and MGX
Software Image ManagerSoftware lifecycle management for routers and Catalyst switchesImproved browse bug by device
Configuration ManagerVersion control, archival, editing and reportingNetwork-wide config changes
Change Audit ServicesSingle interface for all hardware, software, and configuration changes
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
575757 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementRME Inventory Manager
Hardware and software summary information
Chassis type
Memory
Flash
Modules
Support for all Cisco devices in the network including CallManager, VPN 3000, IGX, BPX, MGX
Multiservice port reporting
585858 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementCisco IOS and Catalyst OS Upgrades
Use a dedicated TFTP server to store and distribute software images
core-6506-msfc#copy tftp flash
Address or name of remote host []? 19.16.76.175
Source filename []? 12.1.8a
Destination filename []? 12.1.8a
Resource Manager Essentials includes Software Image Manager to automate the upgrade process
or
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
595959 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementRME Configuration Manager
NetConfig Wizard-based template for global configuration changes
Changes can be performed against multiple devices in the network
Adhoc can be used for any CLIs
Config EditorOpens config from selected device in notepad like window
Edit functions (cut, paste)
Changes a single device at a time
606060 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Configuration ManagementAccess Control List Manager
Integrated with CiscoWorks Resource Manager Essentials
Leverages functions from inventory, configuration archive, transport, change audit, schedule, etc.
Structured approach to managing ACL policies
Reduces time to deploy multiple changes
Reduces errors in ACL definition
Reduces time and improved accuracy for add, moves and changes for users and servers
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
616161 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Accounting Management NetFlow
Flow Profiling
Accounting/Billing
Network Planning
Network Monitoring
Flow Collectors
End-User AppsNetFlow/Data Export
*NAM
RMON Probe*
626262 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementReal World Example
A university network administrator observes dramatic increase in outgoing WAN traffic resulting in increased costs and decreased response times
Solid Green Represents Incoming Traffic
Blue Line Represents Outgoing Traffic
The Problem
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
636363 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementReal World Example
Considerations
What traffic type is leaving the university?Why is the traffic being generated?Who is generating the traffic?How can this be prevented in the future?
Management processes in place
Link usage trending softwareTraffic capture and analysis capabilityScalable QoS policy deployment software
The Solution
646464 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementReal World Example
The network congestion was being caused by file sharing applications
The solution was to deploy quality of service policies to edge devices
Pre-Policy Traffic Post-Policy Traffic
The Solution
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
656565 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance Management Link Usage Trending
University was logging incoming and outgoing usage over time with MRTG
Monitors traffic load on network links based on SNMP statistics
Generates real-time HTML traffic reports
Can be used to monitor any SNMP variable you choose
Its FREE! www.mrtg.org
666666 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementTraffic Analysis
Enables full traffic monitoringReal-time traffic analysisPerformance monitoringTroubleshooting
Web-based embedded traffic analyzer
VoIP, QoS(DSMON), ART, VLAN(SMON), RMON 1 and 2 monitoringData capture and decode, alarms
Supported by other applicationsnGenius Real-Time Monitor, CiscoView, Concord eHealth
Network Analysis Module
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
676767 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementManaging QoS
Application discovery Classification into
service classes Service class provisioning
and enforcement
CampusBackbone
VODServers
Order Entry, Finance,
Manufacturing
FinanceManager
RemoteCampus
Catalyst Switch
Cisco Router
CiscoRouter
DataToS
Coloring
Classification
Gold Silver Bronze
Enforcement
Monitor Traffic by Service/App
VoIP SAP E-Mail
Monitor Trafficby Application
686868 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementInternetwork Performance Monitor
WAN troubleshootingMeasures hop-by-hop response time, availability, jitter, and drops
Provides real-time and historical reports
Utilizes Service Assurance Agent embedded in Cisco IOS
Validates and measures TCP, UDP, HTTP, VoIP, DNS, ICMP with QoS awareness
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
696969 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security ManagementReal World Example
Network administrator was concerned that should the device SNMP community strings get into the wrong hands sensitive information could be extracted and unauthorized changes made
Simple Network Management ProtocolVersion: 1Community: publicPDU type: RESPONSERequest Id: 0xd1786f78Error Status: NO ERRORError Index: 0Object identifier 1: 1.3.6.1.2.1.2.2.1.8.8Value: INTEGER: 1 (0x1)
------------------------------------------------------------------------------------------------0000 00 50 04 6f d7 40 00 d0 d3 9d 73 d0 08 00 45 00 [email protected]. 0010 00 4a 59 83 00 00 ff 11 47 d9 c0 a8 4c 01 c0 a8 .JY.....G...L... 0020 4c f4 00 a1 13 11 00 36 fd 93 30 2c 02 01 00 04 L......6..0,.... 0030 06 70 75 62 6c 69 63 a2 1f 02 04 d1 78 6f 78 02 .public.....xox. 0040 01 00 02 01 00 30 11 30 0f 06 0a 2b 06 01 02 01 .....0.0...+.... 0050 02 02 01 08 08 02 01 01 c3 6f 2e 6b .........o.k ------------------------------------------------------------------------
The Problem
707070 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security ManagementReal World Example
Administrator must make choose from the following:
Make frequent and time consuming changes of the community strings on all devices
Lock down SNMP access to the managed devices
The Process
The Solution
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
717171 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Catalyst OS
Catalyst IOS
Cisco IOS
Security ManagementReal World Example
The network administer deployed access lists to the vulnerable devices to restrict SNMP from all hosts except those in a known secure subnet
access-list 100 permit 192.168.76.192 0.0.0.63snmp-server community ro 100snmp-server community rw 100
set ip permit enable snmpset ip permit 192.168.76.192 255.255.255.192 snmp
The Solution
727272 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security ManagementRestricting Network Access
User access to network servicesVPN access becoming more and more commonCommon vulnerabilities are shared resources (i.e. computer labs)
Administrator access to network devicesThird party authentication software
Usernames on network devices
Access control listsTelnet, console, and SNMP access must be secure
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
737373 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security Management
Controls network access by configuring access points Protects the flow of sensitive information by provisioning
IPSec VPNs to encrypt the data Protects from malicious network attacks using intrusion
detection sensors
VPN
747474 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security Management
Controls network access by configuring access points Protects the flow of sensitive information by provisioning
IPSec VPNs to encrypt the data Protects from malicious network attacks using intrusion
detection sensors
VPN
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
757575 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Security Management
Controls network access by configuring access points Protects the flow of sensitive information by provisioning
IPSec VPNs to encrypt the data Protects from malicious network attacks using intrusion
detection sensors
VPN
767676 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Corporate HeadquartersRegional Office
Voice ManagementPulling It All Together
Branch office user complains of inability to make or poor quality on a VoIP telephony call to corporate headquarters
The Problem
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
777777 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Fault Management
Do you have a fault detection and notification tool in place in the network? If so, you may already have the answer
Corporate HeadquartersRegional Office
787878 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Corporate HeadquartersRegional Office
Configuration Management
Verify device configurations have not been changed to adversely affect VoIP
Yesterday Today
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
797979 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance Management
Compare current network performance against established baseline
VoIP Jitter Test between Offices
Corporate HeadquartersRegional Office
808080 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Performance ManagementA Note on IPM Jitter Reports
Your source and target must be an SA Agent capable router
You must issue the global configuration to turn on the RTR (Response Time Reporter) responder on the target
If You Want These
You Have To Do This
core-6506-msfc(config)#rtr responder
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
818181 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Voice ManagementPulling It All Together
When faced with a network problem regarding downtime or significant degradation, many different components of proper management must be in place to simplify the troubleshooting process
Corporate HeadquartersRegional Office
The Solution
828282 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Review of Agenda and Main Points
The need for managementContribution to bottom line through high availability
Network management definedUnderstanding and controlling network information and services
Protocols and technologiesCommunication models, MIBs, SNMP gets, SNMP sets, SNMP traps
Function areas of network managementFault, configuration, accounting, performance, security
Preparing a network for managementConfiguring SNMP, Syslog, Telnet, CDP, ILMI, NTP, LoopBack
Real world applications of proper managementReal world examples
What Have We Learned Today?
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
838383 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Conclusions
Network management can best be defined in terms of the goalsproviding network users services with the quality and transparency they expect
The network management modelincorporation of all FCAPS components
Network management tools to address each functional area
Network management helps the bottom lineefficiency and productivity
848484 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Further Study and References
Network Management: A Practical PerspectiveLeinwand and Conroy, ISBN# 0201609991
Network Management: Principles and PracticeSubramanian, ISBN# 0201357429
How to Manage Your Network Using SNMP: The Networking Management PracticumRose and McCloghrie, ISBN# 0131415174
Performance and Fault ManagementDella Maggiora, Elliott, Pavone, Phelps, and Thompson, ISBN# 1578701805
Cisco Enterprise Management SolutionsWynston, ISBN# 158705006422
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
858585 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
NMS-1N01 - Introduction to Network Management Networkers On-Line NMS-1N02 - Introduction to SNMP and MIBs Networkers On-Line NMS-1N03 - Accurate Time Synchronization Networkers On-Line NMS-1N04 - Introduction to Service Assurance Agent Networkers On-Line NMS-1N41 - Introduction to Performance Management Networkers On-Line NMS-1011 - Principles of Fault Management NMS-1101 - Understanding DNS and DHCP NMS-2001 - Network Troubleshooting Tools and Techniques NMS-2021 - Large Scale Deployments of CiscoWorks NMS-2031 - Traffic Accounting Scenarios NMS-2032 - NetFlow for Accounting, Analysis and Attack NMS-2042 - Performance Measurement with Cisco Devices NMS-2051 - Securely Managing Your Network NMS-2102 - Deploying and Troubleshooting NAT NMS-2101 - DNS Deployment and Operation NMS-3011 - Getting the Right Events from Network Elements NMS-4012 - MPLS Embedded Management Tools NMS-4043 - Advanced Service Assurance Agent NMS-2T00 - Network Management Best Practices - Techtorial
Other Network Management Sessions
868686 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1
Recommended Reading
Performance and Fault ManagementISBN: 1578701805
Available On-Site at the Cisco Company Store
-
2004 Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
878787 2004 Cisco Systems, Inc. All rights reserved.NMS-1N019587_04_2004_c1