Quotes from Wendell Odom

When an event happens that the device's OS thinks is interesting, how does the OS notify us humans? Cisco

IOS can send the messages to anyone currently logged in to the device. It can also store the message so that a user can later look at the messages. The next few pages examine both topics.

sending of log messages to all logged users. However, that default configuration is not enough to allow the user to see the log messages. The user must also issue the terminal monitor EXEC command during the login session, which tells IOS that this terminal session would like to receive log messages.

First, note that the example configures the same message level at the console and for terminal monitoring (level 7, or debug), and the same level for both buffered and logging to the syslog server (level 4, or warning). The levels may be set using the numeric severity level or the name as shown earlier in Figure 33-3. The show logging command confirms those same configuration settings and also lists the log messages per the logging buffered configuration.

The configuration in Example 33-8 works, but in many cases, routers might have multiple ntp server commands configured for redundancy. The goal is to have at least one usable clock source (servers per multiple ntp server commands, or internal clock as per the ntp master command). The router then chooses the best NTP clock source based on the stratum level. The stratum level defines the quality of the clock source; the lower the stratum, the better the source.

NTP Using a Loopback Interface for Better Availability An NTP server will accept NTP messages arriving to any of its IPv4 addresses by default. However, the clients reference a specific IP address on the NTP server. That creates an availability issue.

Analyzing Topology Using CDP and LLDP The first two major sections of this chapter showed two features—Syslog and NTP—that work the same way on both routers and switches. This final section shows yet another feature common to both routers and switches, with two similar protocols: the Cisco Discovery Protocol (CDP) and the Link Layer Discovery Protocol (LLDP). This section focuses on CDP, followed by LLDP.

Examining Information Learned by CDP CDP discovers basic information about neighboring routers and switches without needing to know the passwords for the neighboring devices. To discover information, routers and switches send CDP messages out each of their interfaces. The messages essentially announce information about the device that sent the CDP message. Devices that support CDP learn information about others by listening for the advertisements sent by other devices.

By the time you have finished reading this book, you should be comfortable and confident in your understanding of IP addresses, their formats, the grouping concepts, how to subdivide groups into subnets, how to interpret the documentation for existing networks' IP addressing, and so on. Simply put, you had better know addressing and subnetting!

root cause of the problem may be happening, further isolating the problem. This section begins with a brief explanation of how ping works. It then moves on to some suggestions and analysis of how to use the ping command to isolate problems by removing some items from consideration.

Log Message Severity Levels Log messages may just tell you about some mundane event, or they may tell you of some critical event. To help you make sense of the importance of each message, IOS assigns each message a severity level (as noted in the same messages in the preceding page or so). Figure 33-3 shows the severity levels: the lower the number, the more severe the event that caused the message. (Note that the values on the left and center are used in IOS commands.)

Configuring and Verifying System Logging With the information in Table 33-2, configuring syslog in a Cisco IOS router or switch should be relatively straightforward. Example 33-2 shows a sample, based on Figure 33-4. The figure shows a syslog server at IP address 172.16.3.9. Both switches and both routers will use the same configuration shown in Example 33-2, although the example shows the configuration process on a single device, Router R1.

commands like ping. As a protocol, ICMP does not rely on TCP or UDP, and it does not use any application layer protocol. It exists as a protocol used to assist IP by helping manage the IP network functions.

Host B can send ICMP echo reply messages to R1's 172.16.4.1 IP address (hosts send echo reply messages to the IP address from which the echo request was received).

Testing LAN Neighbors with Standard Ping

Testing using a ping of another device on the LAN can quickly confirm whether the LAN can pass packets and frames. Specifically, a working ping rules out many possible root causes of a problem. For instance, Figure 23-7 shows the ICMP messages that occur if R1 issues the command ping 172.16.1.51, pinging host A, which sits on the same VLAN as R1.

If the ping works, it confirms the following, which rules out some potential issues: The host with address 172.16.1.51 replied. The LAN can pass unicast frames from R1 to host

172.16.1.51 and vice versa. You can reasonably assume that the switches learned the MAC addresses of the router and the host, adding those to the MAC address tables. Host A and Router R1 completed the ARP process and list each other in their respective Address Resolution Protocol (ARP) tables. The failure of a ping, even with two devices on the same subnet, can point to a variety of problems, like those mentioned in this list.

The comparison between the previous two figures shows one of the most classic mistakes when troubleshooting networks. Sometimes, the temptation is to connect to a router and ping the host on the attached LAN, and it works. So, the engineer moves on, thinking that the network layer issues between the router and host work fine, when the problem still exists with the host's default router setting.

Simple Network Management Protocol (SNMP) is an application layer protocol used specifically for network device management. For example, Cisco supplies a large variety of network management products, many of them in the Cisco Prime network management software product family. They can be used to query, compile, store, and display information about a network's operation. To query the network devices, Cisco Prime software mainly uses SNMP protocols.