CDP Overview

CDP is a Cisco proprietary Layer 2 protocol that is used to gather information about Cisco devices which share the same data link. CDP is media and protocol independent and runs on all Cisco devices, such as routers, switches, and access servers.

The device sends periodic CDP advertisements to connected devices. These advertisements share information about the type of device that is discovered, the name of the devices, and the number and type of the interfaces.

Configure and Verify CDP

  • For Cisco devices, CDP is enabled by default. To verify the status of CDP and display information about CDP, enter the show cdpcommand.
  • To disable CDP on a specific interface, enter no cdp enablein the interface configuration mode. CDP is still enabled on the device; however, no more CDP advertisements will be sent out that interface. To enable CDP on the specific interface again, enter cdp enable.
  • To enable CDP globally for all the supported interfaces on the device, enter cdp runin the global configuration mode. CDP can be disabled for all the interfaces on the device with the no cdp runcommand in the global configuration mode.
  • Use the show cdp interfacecommand to display the interfaces that are CDP-enabled on a device. The status of each interface is also displayed. 

LLDP Overview

Link Layer Discovery Protocol (LLDP) is a vendor-neutral neighbor discovery protocol similar to CDP. LLDP works with network devices, such as routers, switches, and wireless LAN access points. This protocol advertises its identity and capabilities to other devices and receives the information from a physically-connected Layer 2 device.

Discover Devices by Using LLDP

NTP Netowok Time Protocol

This protocol allows routers on the network to synchronize their time settings with an NTP server, which provides more consistent time settings.
NTP can be set up to synchronize to a private master clock, or it can synchronize to a publicly available NTP server on the internet. NTP uses UDP port 123 and is documented in RFC 1305.

NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum level is defined as the number of hop counts from the authoritative source. The synchronized time is distributed across the network by using NTP.

The max hop count is 15. Stratum 16, the lowest stratum level, indicates that a device is unsynchronized.

NTP Operation

  • Stratum 0: These authoritative time sources are high-precision timekeeping devices assumed to be accurate and with little or no delay associated with them.
  • Stratum 1: Devices that are directly connected to the authoritative time sources. They act as the primary network time standard.
  • Stratum 2 and Lower: Stratum 2 servers are connected to stratum 1 devices through network connections. Stratum 2 devices, such as NTP clients, synchronize their time by using the NTP packets from stratum 1 servers. They could also act as servers for stratum 3 devices.

Configure and Verify NTP

  • Before NTP is configured on the network, the show clockcommand displays the current time on the software clock. With the detailoption, notice that the time source is user configuration. That means the time was manually configured with the clock command.
  • The ntp serverip-addresscommand is issued in global configuration mode to configure 209.165.200.225 as the NTP server for R1. To verify the time source is set to NTP, use the show clock detail command. Notice that now the time source is NTP.

Syslog

  • Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors, as shown in the figure.

    The syslog logging service provides three primary functions, as follows:

    • The ability to gather logging information for monitoring and troubleshooting
    • The ability to select the type of logging information that is captured
    • The ability to specify the destinations of captured syslog messages

Syslog

  • The syslog protocol starts by sending system messages and debug output to a local logging process. Syslog configuration may send these messages across the network to an external syslog server, where they can be retrieved without needing to access the actual device.

    Alternatively, syslog messages may be sent to an internal buffer. Messages sent to the internal buffer are only viewable through the CLI of the device.

    The network administrator may specify that only certain types of system messages be sent to various destinations. Popular destinations for syslog messages include the following:

    • Logging buffer (RAM inside a router or switch)
    • Console line
    • Terminal line
    • Syslog server

Syslog Message Format

Cisco devices produce syslog messages as a result of network events. Every syslog message contains a severity level and a facility.

By default, the format of syslog messages on the Cisco IOS Software is as follows:
  %facility-severity-MNEMONIC: description
For example, sample output on a Cisco switch for an EtherChannel link changing state to up is:
  %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
Here the facility is LINK and the severity level is 3, with a MNEMONIC of UPDOWN.

Configure Syslog Timestamp

  • By default, log messages are not timestamped. Log messages should be timestamped so that when they are sent to another destination, such as a Syslog server, there is record of when the message was generated. Use the command service timestamps log datetime to force logged events to display the date and time. 

Syslog And NTP Lab
SNMP Lab
backup and restore Lab

 

27
Created on

Network Management Quiz

Test Your Understanding

1 / 11

Which protocol or service can be configured to send unsolicited messages to alert the network administrator about a network event such as an extremely high CPU utilization on a router?

2 / 11

What are SNMP trap messages?

3 / 11

When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?

4 / 11

A network administrator issues the copy tftp running-config command on a router. What is the administrator trying to achieve?

5 / 11

What data would be saved and where would the data be placed if a network administrator issued the following command? (Choose two.)

R1# copy startup-config tftp

6 / 11

What is an SNMP management agent?

7 / 11

What are two characteristics of SNMP community strings? (Choose two.)

8 / 11

What command must be issued on a Cisco router that will serve as an authoritative NTP server?

9 / 11

What information can be gathered about a neighbor device from the show cdp neighbors detail command that cannot be found with the show cdp neighbors command?

10 / 11

What is a characteristic of the MIB?

11 / 11

What are two reasons for an administrator to issue the copy running-config tftp command on a switch or router? (Choose two.)

Your score is

0%