SP Management I Follow Up: Some additional points, NTP has more features such as authentication to guarantee authenticity – commands are
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp server 172.16.3.3 key 1
My Dream – Slight digress – Dreamt about the lab last night – I was 4 hours late for it and it was being held in my old school [Freaky], so I go in and I’m worried that the proctor won’t let me sit it having travelled this far but he [a bearded old guy] says fire away – strangly enough, the 4 hour delay is not a problem, I take a breath and decide to type twice as fast as I normally would, then I think, well I won’t pass but let’s take a real close look at the exam and what they are saying so I’m prepped for the next time. So I start and lo and behold it is now a prometric style exam with no routing & switching questions? I look up to question what is going on but the proctor and the other candidates walk out of the room – Strange or what?
Netflow – I have worked with this for a long time, loads of vendors out there, Orion/Solarwinds/Crannog, etc. There is a ton of information out there including this nice white paper – http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html but from a lab perspective and a working environment perspective it revolves around these commands.
Router(config-if)# ip route-cache flow <- enable netflow on the interface
Router(config)#ip flow-export destination 172.16.7.225 9996 <- specifies UDP port & workstation IP
Router(config)#ip flow-export version 5 <- Number of optional entries here, version no, origin-as, peer-as [last two are used to include AS information], I use V5 but V9 is also available.
Verfication include sh ip cache flow, sh ip cache verb flow, also use clear ip flow stats.
Note: There are some additional commands to enable you to manipulate the cache for instance but on the same note Cisco does not recommend doing that.
Another note, the CCO link for these commands are in the IOS Switching Command Reference & Configuration Guides – Finally, points for this in the lab should be a gimme! In the real world, the intelligence is on the workstation receiving the flows and your ability to interpret this information.
Syslog – is a method to collect messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts. Cisco devices can send their log messages to a Unix-style SYSLOG service. A SYSLOG service simply accepts messages, and stores them in files or prints them according to a simple configuration file. This form of logging is the best available for Cisco devices because it can provide protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. details are available in the Cisco IOS Network Management Configuration Guide, Release 12.2SR. Questions on this topic will ultimately point towards routers generating logging messages and requesting that the messages be directed to syslog server at a given IP Address. Features such as time-stamping, logging sequence numbers and tie-ins with NTP could be expected. Commands are logging, logging buffered,logging console, logging facility, logging history, logging history size, logging linecard, logging monitor, logging on, logging rate-limit, logging source-interface, logging synchronous, logging trap. These can be read about in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Verification includes sh logging, sh logging hist.
Finally for tonight another great Cisco Link – Select you technology on the left and select the sub-category on the right – you will then be brought up the appropriate technote/examples of the technologies – For CCIE Vendors out there Cisco have it sussed; This is the format we lab candidates would like on the proctor/solution guides!http://www.cisco.com/web/psa/technologies/tsd_technology_support_configure_guide.html