1

TypicalNetworkTopologies,DefiningFeatures

HierarchicalModel

TypicalMultilayerNetworkDesign

MultilayerDesignGuidelines
Access(CiscoCatalyst2950/2960Series) Layer2switchinginwiringcloset(canbeLayer3aware) Actsasthenetworktrustorpolicyboundary Distribution(CiscoCatalyst3550/3560/3750Series) Layer3Switchingindistributionlayer UtilizesIGPforbenefitssuchasloadbalancing,fastconvergence,and scalability Providefirsthopredundancy/resilience Aggregatestheaccesslayerelements Core(CiscoCatalyst4000/6500Series) Layer3switchinginthebackboneforloadbalancing,fast convergence,andscalability Requireshighspeedservicewithnopolicyenforcement
6

DefiningtheAccessLayer

Aggregatesuserendstations,IPphones,andservers Connectstodistributionlayerswitches Alluplinkscanactivelyforwardtraffic(Layer3distribution) Layer2device,withLayer3intelligence(Security,QoS,IPmulticast,etc.) Useintelligentnetworkservicesforestablishingthetrustboundary

7

DefiningtheDistributionLayer

Aggregateswiringclosets(accesslayer)anduplinkstoCore Protectscorefromhighdensitypeering Availability,loadbalancing,QoS, andprovisioningareimportantconsiderations atthislayer UseLayer3Switchinginthedistributionlayer HSRPandHSRPtrackinginsurefirsthopredundancy

8

DefiningtheCoreLayer

BackboneforthenetworkConnectsdistributionlayerblocks Aggregationpointfordistributionlayer Corelayerisrequiredtoscalecampusnetworks Physicalcablingrequirements Routingcomplexity

9

DoINeedaCoreLayer?

Easiertoaddamodule Fewerlinksinthecore Easierbandwidthupgrade Routingprotocolpeeringreduced CorelayerOptionalforsmallnetworks

10

ServerFarms

PutserverfarminitsownVLANandIPSubnetLayer3switchtraffictoit IfdualNICserversconnectedtotwoaccessswitches,requireLayer2adjacency forNICredundancy,then: InstallLayer2linkbetweendistributionblocks,forexample,VLAN3

11

CampusDesignBestPractices

MapLayer2VLANs toLayer3IPsubnets AvoidcampuswideVLANs DesignacampuswithLayer3protocols Daisychainingdangerous Takeadvantageofequalcostroutes Oversubscription andperformancecharacteristics

12

MapLayer2VLANstoLayer3Subnets
MapLayer2domaintoaLayer3subnetwithanunderstandable VLANtoIPsubnetnumberingscheme. Forexample,dataVLAN20andvoiceVLAN120inbuilding1can correspondto10.1.20.x/24and10.1.120.x/24. Agoodaddressingschemehelpsinsummarizingroutesandeases troubleshooting.

13

AvoidCampusWideVLANs
Largeandoverlappingspanningtreedomain Propagatesproblems(potentialfailuredomain) Slowsconvergence Modernroutersnotnetworkbottlenecks

DHCP and Mobile IP address client mobility

14

Layer3DualPath

Layer3loadbalancingpreservesbandwidth UnlikeLayer1andLayer2redundancy(blockedports) Fastrecoverytoremainingpath Convergenceisextremelyfast(dualequalcostpaths: noneedforOSPForEIGRPtorecalculatenewpath)

15

DaisyChains

NoUplinkFastSlowSTPconvergence Discontinuoussubnets:Trafficreachesblackhole(bothroutersclaim theycanreachVLANx) InstallLayer2linkbetweenthetwodistributionswitches

16

DaisyChains(CiscoCatalyst3750Series)
UtilizeCrossStackUplinkFast featureforstackables
Transitionsredundantblockinglinkdirectlytoforwardingiflinktorootfails

17

UnderstandPerformanceandOversubscription Characteristics
Mostnetworksarebuiltwith oversubscription Performanceusuallylimitednot bytheboxbutby theuplink UseQoS toprotectrealtime flowsatcongestedpoints Oversubscriptionrulesofthumb workwell 20:1maximumatwiringcloset Lessindistribution(4:1)and serverfarm(from4:1to1:1)

18

RedundancyTypes

Layer1redundancyProvidesanalternatephysicalpaththroughthe network Layer2/3redundancySpanningtree,routingprotocol,EtherChannel foralternatepathawarenessandfastconvergence StabilityEnsureastablenetworkthroughproperphysical,STP,and routingdesigntoreducehumanerrors ApplicationavailabilityApplicationserverandclientprocessesmust supportfailoverformaximumavailability

19

SmallCampusNetwork

Backbonelayercollapsedcoreanddistribution Canusemodular/stackableswitchingsolutions Scalableuptofewaccessswitches

20

MediumCampusNetwork

21

LargeCampusNetwork

22

BuildingBlockApproach

23

SwitchBlockCharacteristics
Device switches support one or more subnets/VLANs. Subnets terminate at the distribution switch. Access devices have redundant links. Spanning Tree Protocol terminates at the switch block boundary.

24

VLANsintheSwitchBlock

25

LinkTypes

AtrunklinkiscapableofcarryingmultipleVLANs.

26

Trunking

SpecificallydevelopedformultiVLAN,interswitchcommunications Placesauniqueidentifierintheheaderofeachframe FunctionsatLayer2 IEEE 802.1Q

27

InterVLANRouting

ARouteProcessorprovidesLayer3functionalityforswitches.
28

IncreasingPerformance: AddMoreBandwidth

29

FastEtherChannel

30

IsQoSNeededintheCampus?

Just throw more bandwidth at it. That will solve the problem!

Maybe, maybe not; campus congestion is a buffer management issue

31

EnablingQoSintheCampus:Congestion ScenarioTCPTrafficBurst+VoIP

32

EnablingQoSintheCampus: SchedulingintheCampus

Outputbufferscanreach 100%incampusnetworks, resultingindroppedvoice packets QoS requiredwhenthere isapossibilityof congestioninbuffers Multiplequeuesarethe onlywaytoguarantee voicequality

33

EnablingQoSintheCampus: Layer2Classification802.1p,CoS

802.1p user priority field also called class of service (CoS) Different types of traffic are assigned different CoS values CoS 6 and 7 are reserved for network use
34

EnablingQoSintheCampus:Layer3Classification IPPrecedence,DSCP

IPv4: Three most significant bits of ToS byte are called IP precedence; other bits unused DiffServ: Six Most significant bits of ToS byte are called DSCP; remaining two bits used for flow control DSCP backward compatible with IP precedence
35

EnablingQoSintheCampus ClassificationSummary

36

PowerOverEthernet
PreparethenetworkforIPTelephonyandWirelessaccess Eliminatetheneedforseparateelectricalwiring CiscoprestandardPOEand802.3afarefullysupported WideselectionofstandardsbasedIEEE802.3afpowereddevices IPPhones WirelessAccessPoints Surveillancecameras AccessCardReaders

37

AccessPointFrontCoverLEDs
StatusLights
Ethernet Status RadioActivity

EthernetActivity Status RadioActivity

38

CiscoWorksWLSE
1. Specializedapplication formanagingtheCisco WLAN 2. Centralized,template basedconfigurationof accesspointsandbridges withuserdefinedgroups 3. Proactivefaultand performancemonitoring ofaccesspoints,bridges, LEAPserver,and attachedswitch
39

CiscoWorks Wireless LAN Solution Engine

U N I V E R S I TY

40

TheCiscoLANSwitchingPortfolio
Catalyst 3750/3560/2960 Catalyst 4000/4500 Catalyst 6500

Stackable, Compact Footprint Gig Density: 12 Ports EZ Clustering Management L2-L4 Switching Medium Port Density

High Switching Capacity High-Density 10/100/1000 High-Density 100FX & 1000LX Nonblocking Gigabit Density: 32 L2-L4 Switching Inline Power Option Redundant Power

Highest Switching Capacity High Availability - Stateful Failover 10-Gigabit Ethernet Interfaces Nonblocking Gigabit Density: 142 LAN/WAN Interfaces (to OC 48) L2-L7 Switching Integrated Inline Power Services Modules Redundant Power Redundant Supervisor, Fabric
41

CiscoCatalystPositioning
Fast Ethernet Optimized Gigabit Ethernet
Catalyst 6500 Series Modular10/100/1000 Highestdensityswitching Optimized capacity Layer2/3/47 32720Gbps Switching Engine HighestAvailability Catalyst 4500 Family Catalyst 3750 Stackable10/100/1000and10/100configurations CiscoStackWise Technology OptimizedforGigabitEthernetdeployment EnterpriseclassIntelligentLayer3/L4services Highlyresilient32Gbpsstackinginterconnection Singlemanagementinterfacew/autoconfiguration Modular10/100/1000 HighperformanceLayer2,L3,L4 2464GbpsSwitchingEngine Chassislevelhighavailability

Price/Performance

Catalyst 3550/3560 Catalyst 2950/2960

10/100 andGEconfigurations Highperformanceswitchingandrouting EnterpriseclassintelligentLayer3/L4services Clusteringcapable

Stackable10/100switching Gigabit uplinkconnectivity AdvancedintelligentLayer3/L4services Clusteringcapable

Function/Flexibility

42

CiscoCatalyst2960SeriesModelOverview
FastEthernetModels
Catalyst 2960-24TC Catalyst 2960-48TC Software
LAN Base Image
Enterprise-class intelligent services: Advanced QoS, enhanced security, high availability

24 10/100 ports 2 Dual-Purpose Uplink ports

48 10/100 ports 2 Dual Purpose Uplink ports

Orderable with latest IOS software version

Catalyst 2960-24TT

Catalyst 2960-48TT

Uplinks
Dual Purpose Uplinks

24 10/100 ports 2 10/100/1000 Uplink Ports

48 10/100/100 ports 2 10/100/1000 Uplink ports

One 10/100/1000 TX Port and One SFP Port One port active at a time

43

CiscoCatalyst3750SeriesSwitchesModelOverview
Catalyst3750G24T Catalyst3750G24TS
TwoSoftwareVersions
StandardMultilayerSoftwareImage (SMI)

2410/100/1000 Ports

2410/100/1000Ports 4SFPports

Enterpriseclassintelligentservices: AdvancedQoS,EnhancedSecurity,High Availability,RIPandStaticIProuting, RoutedACLs,HSRP

EnhancedMultilayerSoftwareImage (EMI)

Catalyst375024

Catalyst375048

SMIfeaturesetplus:DynamicIPUnicast routing,SmartMulticastrouting,

Catalyst375024/48areorderablewith eithersoftwareimagepreinstalled Catalyst375024/48canbeupgraded fromSMItoEMI

2410/100Ports 2SFPports

4810/100Ports 4SFPports

44

CiscoStackWise Technology
32Gbpsfaulttolerantbidirectional backplane SingleIPaddressformanagement AutoconfigurationandIOSversion check/update 1:NMasterredundancy SubsecondL2failover CrossstackEtherchannel ConfigurableQoSqueuesacross stack LinespeedperformancewithQoS andACLsforGE HotaddanddeleteofGEandFE chassisinsamestack Patentedcableconnector
45

S #1 S #3 S #2 M #4 M = Master Switch S = Slave Switch

CiscoCatalyst4500SeriesArchitecture
CentralizedForwardingASICs Allpacketsareforwardedviathesupervisor Nodistributedlinecardforwarding Scalablearchitecture 64to320Gbps FastestCentralizedArchitectureintheIndustry

46

CiscoCatalyst4500SeriesOverview
CommonArchitecture
Same Switching Architecture and Common Cisco IOS

Redundant Supervisor-Based Chassis

Cisco Catalyst 4507R-E Cisco Catalyst 4510R-E

Single Supervisor-Based Single RU Fixed Chassis Configuration

Cisco Catalyst 4503-E Cisco Catalyst 4506-E

Cisco Catalyst 4948 and 4948-10GigE

47

CiscoCatalyst4500Series EvolutionaryCentralizedArchitecture
ESeries
250Mpps

18Mpps

48Mpps

102Mpps

1999

2002

2004
CISF

2007

2012
ContinuedInnovation ServicesandPerformance

Layer2

10/100/ 1000 PoE L2/3/4

10GbE SSO

ISSU

NAC/NSF

SameLineCard
48

EvolutionofCentralizedSwitchingTechnology
2007 250 Mpps L2/L3 IPv6

ion lut vo E
2002 48 Mpps L2/L3

2004 102 Mpps L2/L3 10Gig

14X increase since99

1999 18 Mpps L2Only

49

NextGenerationCatalyst4500
ESeries

Secure,Flexible,NonStopCommunications
Supervisor6Ewith CenterFlex

E SeriesLineCards

E SeriesChassis
50

CiscoCatalyst6500DeliversSecureConverged NetworkServices
End-to-End Services

High Availability
Physical Availability Logical Availability Stateful Failover at Layer 2 Rapid SpanningTree Convergence

QoS
Input Policing Traffic Classification Multiple Queues Convergence Ready

Security
Layer 2/3/4 Access Control 802.1X User Authentication MAC Filtering Dynamic VLAN

Manageability
Inline Power Simple Configuration L2-L4 Services Rich Multicast Support

51

Catalyst6500Family
Catalyst6503 3slotchassis Catalyst6506 6slotchassis

Catalyst6509 9slotchassis Catalyst6509NEBS NEBSCompliant9slotchassis

Catalyst6513 13slotchassis Catalyst6509NEBSA 9slotchassis

52

CiscoCatalyst6500Series
TheCiscoCatalyst6500Seriessupportsa widerangeofinterfacedensities, performance,and highavailabilityoptions: Flexible3,6,9,and13slotchassis configurations Scalableswitchingfabric Cisco IOSsoftwarechoicessupported onallsupervisorengines Fast23secondstateful failoverof redundantsupervisorsandintegrated services 10Mbpsto10GbpsEthernetandDS0 to OC48WANinterfaces WirerateQoS andACLpolicy management
53

WS-6503, WS-C6506, WS-C6509, WS-C6509-NEBS, and WS-C6513

Catalyst6500Supervisors
TheCatalyst6500hasthreeSupervisoroptionsonoffer witheachprovidingadifferentarchitecturalbackplane configurationforlinecardstoconnectinto Supervisor1A Supervisor2 Supervisor720(NEW)

32Gbbackplanesupporting hardwareacceleratedLayer 2and3,QoSandSecurity policiesupto15Mpps

256Gbbackplane supportinghardware acceleratedLayer2and3, QoSandSecuritypolicies upto210Mpps

720Gbbackplane supportinghardware acceleratedLayer2and3, QoSandSecuritypolicies upto400Mpps

SupervisorOptionsfortheCatalyst6500
54

Catalyst6500Linecards
TheCatalyst6500hasafamilyoflinecardstosuitallnetworkneeds 10/100TXand100Fiber 10/100/1000TX GESFP

C A T 6 5 0 0

GEGBIC

10GE

WAN

OpticalSwitchModules

InlinePower

ATM

L I N E C A R D S
55

Catalyst6500ServiceModules
ServiceModulesrepresentthenextgenerationofintelligentmodulesfortheCatalyst6500. Eachmoduleprovidesahighperformanceoption,scalableandfeaturerichdeployment options FirewallModule VPNModule IntrusionDetection

ContentSwitching

SSL

NetworkManagement

CommunicationsMedia

ContentServices

MWAN

56

SmallFormFactorPluggable(SFP)

Newindustrystandardconnector SamefunctionalityasGigabitInterfaceConverters (GBICs) Hotpluggable Smallerfiberconnector:LC forSF 2.5SFPs fitinspaceofoneGBIC ShippingSX,LX,ZXatFCS 10/100/1000BTandCWDMversionstocomeinmid tolate2003

GBIC SFP

57

58


NCHC/

WLAN Gateway

WLAN Gateway

59


(Certificate) SSL PAP (PasswordAuthenticationProtocol) 802.1x CHAP EAPMD5 CHAP(ChallengeHandshakeAuthenticationProtocol) EAPPEAP SSL +MSCHAPv2 EAPTTLS SSL +PAP/CHAP/MSCHAP/EAP

60

WLANGateway
Usuallywebpageforauthorisation Allowspolicybasedaccess Goodmanagement Veryuserfriendly Noclientrequired
Bluesocket Commercialbutpopularinukacademia Lotsoffeatures NoCatAuth opensource

61

BluesocketWirelessGateway

62

http://www.itc.ntnu.edu.tw/service1270.php

63

64

65

66

67

68

69

70

71

PossibleSymptomsofPhysicalLayerProblems
LEDsareoff,flashing,orinastateotherthantheexpected stateduringnormaloperation Excessiveutilization Increasednumberofinterfaceerrors Consolemessages Systemlogfilemessages Managementsystemalarms
72

PossibleSymptomsofDataLinkLayerProblems
ExcessiveCRCerrorsandframechecksequenceerrors Largequantitiesofbroadcasttraffic AMACaddressiscyclingbetweenports Consolemessages Systemlogfilemessages Managementsystemalarms
73

GeneralCiscoCommandstoIsolatePhysicalandData LinkLayerProblems
router>

ping{host |ipaddress}

Sendsanechorequestpackettoanaddress,thenwaitsfora reply.
router>

trace[destination]

Identifiesthepathapackettakesthroughthenetwork.
router#

[no]debug?

Displaysalistofoptionsforenablingordisablingdebugging eventsonadevice.
74

CiscoCommandstoIsolatePhysicalLayerProblems
router>

showversion

DisplaystheCiscoIOSsoftwareversionandallinstalled hardwareconfigurations.
router>

showipinterfacebrief

Displaysasummaryofthestatusofallinterfaces onadevice.
router>

showinterfaces[typenumber]

Displaystheoperationalstatusofaninterfaceincludingthe amountandtypeoftrafficbeingsentandreceived.
75

CiscoCommandstoIsolatePhysicalLayerProblems (Cont.)
router>

show cdp neighbor detail

Displays the device type, IP address, and Cisco IOS version of neighboring devices.

76

CiscoCommandstoIsolateDataLinkLayerProblems

router>

showiparp

DisplaysentriesintheAddressResolutionProtocol(ARP) table.
router#

debug[arp |serial|ppp]

Captureseventsrelatingtodatalinklayerprotocols.

77

GeneralEndSystemCommandstoIsolatePhysical andDataLinkLayerProblems
ping

Sendsanechorequestpackettoanaddress,thenwaitsfora reply.
arp a

DisplaysthecurrentmappingsoftheIPaddresstotheMAC addressintheARPtable.
netstat rn

Displaysthestatusofallconnecteddevicesandlinkswithout queryingaDNSserver.
78

WindowsCommandstoIsolatePhysicalandDataLink LayerProblems
C:\> ipconfig [/all]

DisplaysIPinformationforhostsrunningWindows NT/2000/XP.
C:\> tracert[d]

Identifiesapathtoadestinationdevice.

79

GuidelinesforIsolatingProblemsatthePhysicaland DataLinkLayers
Checkoperationalstatusanddataerrorrates

Verifyproperinterfaceconfigurations

Checkforbadcablesorconnections

Checkforcorrectcablepinout
80

PortMonitoring(SPAN)

Allowsaporttomonitor trafficcomingintooroutof another:

Port VLAN Trunk

81

RemoteSPAN(RSPAN)

AllowsaporttomonitorSPANinformationonother switchesthroughatrunkconnection

82

NetFlowDataExport

Accesstorecordsofswitchedflow statistics withNAM SourceanddestinationIP Portnumbersandprotocoltypes

83

84

NAMsinCampusLAN

85

NetworkAnalysisModule(NAM)
IntegratedtrafficmonitoringsolutioninCatalyst6500series tobuildapplicationlevelvisibilityintonetworkinfrastructure Switchintegrated,standards based monitoring(RMON1,RMON2, extendedRMON) Usefulforperformancemonitoring, troubleshooting, andcapacityplanning Easytodeployandusewith embeddedwebbasedTrafficAnalyzer Fullvisibilityintoapplications,hosts, conversations,and IPbasedservicesincluding VoIP andQoS
86

NAMasaStandardsBasedRMONSolution

TheRMONMIBreportsonthehealthand statusofnetworktraffic. MiniRMONagentsinCatalyst6500collect Layer2(RMON1)statisticsonallports (utilization,packets,errors). NAMsupportsfullRMON1and2toprovide visibilityuptoApplicationlayer(applications, hosts,conversations). NAMsupportsextendedRMONforVLAN,QoS, ApplicationResponseTime,andsoon.

87

Application,Hosts,andConversationsMonitoring

NEW in Software Version 2.2

Identifyunknown applicationsanddrill downonthehostsusing them. Discovertoptalkers, topconversations.

Networkmanagerscandrilldown intowhoisdoingwhat.
88

VoIPMonitoring
NAMsupportsvariousfacetsofVoIP monitoring ActiveIPtelephonymonitoring Trackactivecallattributes Identifycallqualitydegradation Calldetailsbyphones RMON1andRMON2 DistributionofVoIP protocols ApplicationResponseTime(ART) CallManager responses DSMON VoIP trafficbyDSCPvalues
89

ApplicationResponseTime(ART)
Findoutwherethe applicationdelaysare occurring Detaileddataonrequest responseexchanges betweenclientsand servers Servervisibility Monitorserversfor protocols,application usage,andtoptalkers

90

PacketCaptureandDecode

Captureanddecodepacketsfortroubleshooting Extensivepre andpostcapturefilters Cansaveandexporttoothertools,including Sniffer

91

Alarms

Setalarmthresholdsonvariousparametersforproactive monitoring Definetrapsorgeneratesyslog

92

DefiningNetworkManagement
FunctionalAreas

ISOdefinesfivefunctionalareasofnetwork ISOdefinesfivefunctionalareasofnetwork management: management:

FaultManagement ConfigurationManagement AccountingManagement PerformanceManagement SecurityManagement

93

FCAPS
FaultManagement

DeviceDown

Theprocessoflocating, diagnosing,andcorrecting networkproblems

LinkDown

94

FCAPS
ConfigurationManagement

Theprocessofobtainingdata fromthenetworkandusing thatdatatomanagethesetup ofallnetworkdevices Allowsrapidaccessto configurationinformation Facilitatesremote configurationandprovisioning Providesanuptodate inventoryofnetwork components

SoftwareVersion ConfigurationFile DeviceType

Speed Duplex Connectivity

Trunking VLANsAllowed SpanningTreeProtocolState

95

FCAPS
AccountingManagement

Measuringtheusageofnetwork resourcesbyusersinorderto establishthemetrics,checkquotas, determinecosts,andbillusers Measuresandreportsaccounting informationbasedonindividual groupsandusers Administersthecostof thenetwork Internalverificationof thirdpartybillingforusage

BandwidthConsumption ApplicationUsage

96

FCAPS
PerformanceManagement
Utilization Peak/min/max ErrorRates UnicastRates BroadcastRates

Ensuringthatthedata networkremainsaccessible andhasadequatebandwidth Reducesnetwork overcrowdingand inaccessibility Providesaconsistentlevelof servicetothe networkuser Determineutilization trendstoproactively isolateandsolve performanceproblems

CPUUtilization MemoryUsage

Throughput ResponseTime Latency Availability Reliability

97

FCAPS
SecurityManagement
Protectingsensitive informationondevices attachedtoadatanetworkby controllingaccesspointsto thatinformation Buildsnetworkuserconfidence Securessensitiveinformation frombothinternaland externalsources Protectsthenetwork functionalityfrommalicious attacks
MACAddress LockedtoPort

AccessList BlocksConnections

98

PerformingNetworkManagement
SourcesforInformation
telnet CLI http 80/tcp syslog 514/udp tftp 69/udp snmp 161/udp snmptrap 162/udp

show Commands

Web Server

System Logging

TFTP Client

OperatingSystemDataStructures 09123 COUNTERs GAUGEs TABLEs TIMERs FILEs

SNMP AGENT
MIB Objects

Builtin Intelligence

Production Services

ManageableDevice Ping Traceroute

CDP/VTP/SAA

LayerNForwarding

99

NetworkManagementInformationModel
MIB:ManagementInformationBase

MIB ManagementInformationBase
Setofvariablesdefiningthestatusofadevice(e.g.temp=85 degrees) Justfacts notwhetheritisgoodorbad Definedaccordingto SMI (StructureofManagementInformation)rules Eachmanagedobjectisdescribedusingauniqueobjectidentifier(OID)

MIB I/MIBII
Standard MIB Objectsincludedareconsideredessentialforeitherfaultor configurationmanagement

OtherstandardMIBs
RMON,host,router,...

ProprietaryvendorMIBs
ExtensionstostandardMIBs

SNMP AGENT

1000s of manageable 1000s of manageable objects following rules objects following rules defined in the SMI defined in the SMI standards standards

100

NetworkManagementCommunicationModel
SNMP:SimpleNetworkManagementProtocol

NMS

IP Network

SNMP Manageable Device

Management Entity

Get Request, Get-Next Request Get-Bulk Request (v2) Set Request Community Strings Get Response Trap

SNMP AGENT

MIB variables

Getrequestsusedtoreadthevalueofobject Setrequestsusedtomodifythevalueofobject Authorizationisviacommunitystrings (ReadOnly/ReadWrite) Traps provideasynchronouseventnotification

101

NetworkManagementCommunicationModel
BounceDiagram SNMPGetRequestandResponse

OID 1.3.6.1.2.1.1.1

Instance

SNMP Manager

GetRequest (sysDescr.0 ) Read Comm unity(public )

Read = public read/write = private

OS) r.0=Sun Desc se (sys pon GetRes

MIB value

SNMP Agent

Verify access permission and retrieve MIB value using OID to traverse the MIB tree

102

TypesofManagementSystems
Example EnterpriseManager&FaultManagement Correlateandmanage events andSNMPtraps

Performfaultisolationandroot causeanalysis

103

TypesofManagementSystems
Example CiscoWorks

ResourceManagerEssentialsand CampusManager:
Knowledgeofnetworkconfiguration andtopology Facilitatesremoteconfigurationof networkdevices Maintainsanarchiveof configurationdatathatallows generationofinventoryreports

104

TypesofManagementSystems
Example NetFlow(AccountingManagement)

NetworkPlanning

Accounting/Billing

FlowProfiling

RMONProbe* NetFlow/ DataExport Flow Collectors *NetScout

NetworkMonitoring

EndUserApps

105

TypesofManagementSystems
Example MRTG(PerformanceManagement)

Monitorstrafficloadon networklinksbasedon SNMPstatistics GeneratesrealtimeHTML trafficreports Canbeusedtomonitor any MIB variableusing SNMP

106

TypesofManagementSystems
Example CiscoWorks How is the network connected? Physical Cabling Campus Manager Virtual LANs Topology Services Where are the end users, servers, IP phones connected? Switch port number Campus Manager User Tracking VLAN membership How do I troubleshoot connectivity problems?

Campus Campus Manager Manager Campus Manager Topology Services User Tracking Path Analysis
107

DiagnosingConnectivityProblems
CiscoWorksServerTools

Ping
UsepingtotestdeviceconnectivityfromCiscoWorks server

Traceroute
RunatraceroutebetweentheCiscoWorksserverandthe targetdevicetodetectroutingproblems

NSLookup
RunanslookuptoobtainDNSnameserverinformation andIPaddressofhostname

ManagementStationtoDevice
Testtoverifyifupperlayerprotocolsaresupportedfrom CiscoWorkstothetargetdevice:UDP,TCP,Telnet,TFTP, HTTP,andSNMP
108

TypesofManagementSystems
Example CiscoWorks
1. Forwardingtables 1. Forwardingtables
ARPTable 111111111111192.168.6.10 111111111122192.168.6.11 111111111133192.168.6.11 2/2 2/3 2/4 2/1
192.168.6.1

MACaddress MACaddress VLAN VLAN Port Port

CAMTable 1111111111002/1 1111111111112/2 1111111111222/3 1111111111332/4

2. ARPtables 2. ARPtables
Subnets Subnets IPaddress IPaddress

192.168.6.2

Scheduledataretrieval times

1. CAM Retrieval (switching table)

2.Address Resolution(MAC toIP)

SNMP

3. DNSService 3. DNSService
DNSnames DNSnames

4. IPPhones 4. IPPhones
Phonenumber Phonenumber Phonetype Phonetype

CiscoWorksServer
(ANIService)
3.NameResolution (IPtohostname)

5. Loginnames 5. Loginnames CallManager

4. CallDetail Records

Unix Unix WindowsNTclients WindowsNTclients Novellclients Novellclients

5. Login Names
109

Campus Database

DNS

HostTable 192.168.6.10USER1 192.168.6.11Printer1 192.168.6.11IPtele1

UNIX,Novell,& WindowsNT clientsrunning UTLitescript

DiagnosingConnectivityProblems
CampusManagerTools 1. UserTracking Locatethecommunicationpairin theUserTrackingdatabase
Addresses VLANinformation Switchportconnection

2. PathAnalysis 3. TopologyServices

InvestigatetheLayer2andLayer3 pathbetweenthecommunication pair Mapthetopologyandbeginthe investigationondevicesandlinks; Launchotherapplications

110

DiagnosingConnectivityProblems
WorkflowforUsingCampusManager
Ensurediscovery Ensurediscovery ofdevices, ofdevices, hostsareuptodate hostsareuptodate UseUserTracking UseUserTracking ToLocateEnd ToLocateEnd StationInfo StationInfo

Conduct Conduct Data Data Trace Trace

Launch Launch PathAnalysis PathAnalysis

Conduct Conduct Voice Voice Trace Trace

Display Display PathinTopology PathinTopology Map Map

LaunchotherApps LaunchotherApps (Telnet,CiscoView, (Telnet,CiscoView, Etc.) Etc.)

111

DiagnosingDeviceConnectivityProblems
Example
Suzy

TheProblem TheProblem
Application Server ItsMondaymorning.Tomat ItsMondaymorning.Tomat theHelpDeskreceivesacall. theHelpDeskreceivesacall. Suzyiscomplainingthat Suzyiscomplainingthat responsetimetoanapplication responsetimetoanapplication serverisslow. serverisslow.

TheSolutionSteps TheSolutionSteps
Corporate Network
Doyouknow your hostnameor username?

Finduserandserverlocation Finduserandserverlocation andobtainconnectivity andobtainconnectivity information information Checkconnectionsettings Checkconnectionsettings VerifyVLANassociations VerifyVLANassociations Findnetworkpath Findnetworkpath Checkutilizationandresponse Checkutilizationandresponse timealongthenetworkpath timealongthenetworkpath
112

CiscoWorks HelpDesk (Tom)

DiagnosingDeviceConnectivityProblems
Example GatherUserandServerInformation
1. QuerytheUserTracking 1. QuerytheUserTracking database Suzyknewthe database Suzyknewthe hostnameofhercomputer hostnameofhercomputer 2.SimpleQuerydisplaysswitch, 2.SimpleQuerydisplaysswitch, port,andVLANassociation port,andVLANassociation

GatheringInformation GatheringInformation Gatherenduserandserver Gatherenduserandserver informationstoredinthe informationstoredinthe UserTrackingdatabase UserTrackingdatabase Useasimplequerybasedon Useasimplequerybasedon specificsearchcriteriaorby specificsearchcriteriaorby sortingononeofthetable sortingononeofthetable columns columns Usingaddresses,searchfor Usingaddresses,searchfor networkconflicts(duplicate networkconflicts(duplicate IPs,etc.) IPs,etc.)
113

3.LastSeenfieldindicateslast 3.LastSeenfieldindicateslast timeendstationwas timeendstationwas discovered discovered

DiagnosingDeviceConnectivityProblems
Example ConductingaDataTrace
CouldntgettoSuzymachine try CouldntgettoSuzymachine try fromserver fromserver

SelectValidEndpoints: SelectValidEndpoints: Sourcenodemustbemanaged Sourcenodemustbemanaged inCiscoWorks(topology inCiscoWorks(topology servicesorusertracking) servicesorusertracking) Toviewlayer2tracing:source Toviewlayer2tracing:source nodemustbeaCiscodevice. nodemustbeaCiscodevice. Destinationnodecanbeany Destinationnodecanbeany reachablenodeonthe reachablenodeonthe network,includingoutsidethe network,includingoutsidethe manageddomain. manageddomain.

Tracepathfromapplicationserver Tracepathfromapplicationserver toSuzy toSuzy

114

DiagnosingDeviceConnectivityProblems
Example AnalyzeMapResults
SourceNode Tracepathfromapplication Tracepathfromapplication server(rtmibm)toSuzy server(rtmibm)toSuzy (pluto) (pluto)

ToolTip Layer3Path Layer2Path Layer2Path and and Layer2Shortcuts Layer2Shortcuts

ToolTip

DestinationNode

115

DiagnosingDeviceConnectivityProblems
Example AnalyzeTraceResults

SourcesofTraceInformation: SourcesofTraceInformation: NMSqueries(fromCiscoWorks2000Serveranduser NMSqueries(fromCiscoWorks2000Serveranduser tracking) tracking) SNMPrequests SNMPrequests Traceroutecommand Traceroutecommand Bestguess (notveryreliable) Bestguess (notveryreliable)
116

DiagnosingDeviceConnectivityProblems
Example AnalyzeTableResults

InformationRetrievedfromServerDatabaseandUserTrackingTable: InformationRetrievedfromServerDatabaseandUserTrackingTable: DeviceMAC/IPaddress,alias,class,type,anduptime DeviceMAC/IPaddress,alias,class,type,anduptime Interfacename,address,mask,type,speed,maximumtransferunit Interfacename,address,mask,type,speed,maximumtransferunit (MTU),andindexnumber (MTU),andindexnumber VTPdomainandVLANname VTPdomainandVLANname
117

DiagnosingVoiceConnectivityProblems
Example
WillyWonka Cisco CallManager (CDRs)

TheProblem TheProblem
TomattheHelpDesk TomattheHelpDesk receivesacall. receivesacall. Willyiscomplainingthathe Willyiscomplainingthathe canhearJohntalk,butJohn canhearJohntalk,butJohn cannothearWilly. cannothearWilly.

TheSolutionSteps TheSolutionSteps
Corporate Network John Johnson
Whatarethephone numbers? Whendidyouplace thecall?

FindIPPhonelocationsand FindIPPhonelocationsand obtainconnectivity obtainconnectivity information information Checkconnectionsettings Checkconnectionsettings VerifyVLANassociations VerifyVLANassociations Findnetworkpath Findnetworkpath Checkutilizationand Checkutilizationand responsetimealongthe responsetimealongthe networkpath networkpath
118

CiscoWorks HelpDesk (Tom)

DiagnosingVoiceConnectivityProblems
Example GatherIPPhoneandCCMInformation

GatheringInformationfrom GatheringInformationfrom UserTracking UserTracking

ChangeUserTrackingtableto ChangeUserTrackingtableto IPPhonelayout IPPhonelayout ChecklocationofIPPhones ChecklocationofIPPhones andCCMinformation andCCMinformation

Locatecallingnumberand Locatecallingnumberand destinationnumbersusing destinationnumbersusing queryorsort queryorsort

ManagingCisco ManagingCisco CallManager CallManager

119

DiagnosingVoiceConnectivityProblems
Example ConductVoiceTrace

1.

GatherInformationfrom GatherInformationfrom PathAnalysis PathAnalysis

SearchallCDRsintheCCMs SearchallCDRsintheCCMs clustersdiscoveredby clustersdiscoveredby CiscoWorks CiscoWorks 2. UseCDRstofindcall UseCDRstofindcall UsePathAnalysistotrace UsePathAnalysistotrace path path

CiscoCallManagerCluster CiscoCallManagerCluster informationisobtained. informationisobtained. Ifclustersarefound,the Ifclustersarefound,the VoiceQueryTracedialog VoiceQueryTracedialog appears appears

120

DiagnosingVoiceConnectivityProblems
Example ConductVoiceTrace
SearchCDRsusing SearchCDRsusing phonenumbersor phonenumbersor timeofcall timeofcall

3.

4.

SelectCCM SelectCCM Clusterto Clusterto query query

5.

Getrecordsin Getrecordsin selectedcluster(s) selectedcluster(s) thatmatchcriteria thatmatchcriteria Foreachcluster,display Foreachcluster,display CDRS.CDRsavailableonly CDRS.CDRsavailableonly forcompleted calls forcompleted calls
121

DiagnosingVoiceConnectivityProblems
Example ConductVoiceTrace

CCMsIP CCMsIP address address

Iftrace unsuccessful, tryinreverse direction

6.

CompletedCall CDR

Calling Calling phonesIP phonesIP address address

7.
122

DiagnosingVoiceConnectivityProblems
Example LaunchingotherApplications
UseTopologyServicestocheckSNMPstatusofCiscoCallManager(CCM)andlinksto UseTopologyServicestocheckSNMPstatusofCiscoCallManager(CCM)andlinksto interfacetoverifyphonesareconfigured interfacetoverifyphonesareconfigured Priortoselectingthetask,HighlightPathinNetworkView,TopologyServicesmustbeopen Priortoselectingthetask,HighlightPathinNetworkView,TopologyServicesmustbeopen

ApplicationServer ApplicationServer (CCM) (CCM)

Problemwith Problemwith accesstoassigned accesstoassigned CCM CCM

123

DiagnosingVoiceConnectivityProblems
Example LaunchingotherApplications

CallManager
124

DiagnosingDeviceConnectivityProblems
Example LaunchingotherApplications
Suzy Application Server

TheSolutionSteps TheSolutionSteps
Launchotherapplications Launchotherapplications Checkutilizationand Checkutilizationand responsetimealongthe responsetimealongthe tracednetworkpath tracednetworkpath
RefertoModuleon RefertoModuleon PerformanceManagement PerformanceManagement CiscoView CiscoView RealTimeMonitorand RealTimeMonitorand RMONagents RMONagents IPMandSAA IPMandSAA

Corporate Network

Connectivitylooksok; Iwillhavetolookat performanceissues

CiscoWorks HelpDesk (Tom)

125

DiagnosingDeviceConnectivityProblems
Example LaunchingotherApplications
1 ExamineCiscoViewGUItoDeterminePort Integrity

VisualSwitchManagerHome

2RealtimeUtilization 3PortSettings
126

CiscoView

Summary
Networkconnectivitydataisextremelyusefulfortroubleshooting problems. Toreachthegoalsofnetworkmanagement,collectinginformationabout thestatusandhealthofthenetworkandnetworkdevicesisnecessary. Thoughtherearemanywaysofstoringstatusandhealthdata,MIBs allowsforastandardizedwaytodefineandstorethedata. Thoughtherearemanywaystoretrievestatusandhealthdata,SNMP providesastandardizedwaytoretrievedatastoredinMIBs.
NMS IPNetwork
GetRequest,GetNextRequest GetBulkRequest(v2) SetRequest

SNMP Manageable Device

Community Strings

Management Entity

GetResponse Trap!

SNMP AGENT

MIB variables

127

Q&A

128

CiscoIconsandSymbols
Router Cisco Unified CallManager

File Server

Voice Router

Camera PC/Video Network Cloud

SRST-Enabled Router

Phone

PC IP Phone Switch Router

Switch

Gateway

Laptop

129