Module 6 – Introduction to Network Administration

Oct-03 ©Cisco Systems - CCNA Semester 4 Version 3 Comp14 Mod6 – St. Lawrence College – Cornwall ON Canada – Clark slide 1

Cisco Systems CCNA Version 3 Semester 4

Module 6


OUTLINE6.1 Workstations and Servers

6.1.1 Workstations

6.1.2 Servers

6.1.3 Client-server relationship

6.1.4 Introduction to NOS

6.1.5 Microsoft NT, 2000, and .NET

6.1.6 UNIX, Sun, HP, and LINUX

6.1.7 Apple

6.1.8 Concept of service on servers

6.2 Network Management

6.2.1 Introduction to network management

6.2.2 OSI and network management model

6.2.3 SNMP and CMIP standards

6.2.4 SNMP operation

6.2.5 Structure of management information and MIBs

6.2.6 SNMP protocol

6.2.7 Configuring SNMP

6.2.8 RMON

6.2.9 Syslog


6.1.1 Workstations

• Intercepts user data and application commands • Directs the command to either

• the local operating system or • the network interface card (NIC)

• Delivers transmissions from the network to the application

UNIX or Linux can also serve as a desktop operating system but are usually found on high-end computers

Work StationDocking Station


6.1.1 Workstations

1. A diskless workstation is a special computer that runs on a network.

2. It has no disk drives but otherwise is a normal computer.

3. Because they have no disk drives, it is not possible to upload data from the workstation or download anything to it.

4. A diskless workstation cannot pass a virus onto the network, nor can it be used to take data from the network by copying this information to a disk drive.

5. For this reason, such workstations are used in networks where security is paramount.


6.1.2 Servers

Some Windows operating systems may be installed on both workstations and servers. The NT/2000/XP versions of Windows software provide network server capability.

•Hypertext Transfer Protocol (HTTP)•File Transfer Protocol (FTP)•Domain Name System (DNS)•Simple Mail Transfer Protocol (SMTP)•Post Office Protocol 3 (POP3)•Internet Messaging Access Protocol (IMAP)•File sharing protocols include Sun Microsystems Network File System (NFS)•Microsoft Server Message Block (SMB). •Print services•Dynamic Host Configuration Protocol (DHCP)•Firewall: Proxy or Network Address Translation (NAT)


6.1.2 Servers

•Servers are typically larger systems than workstations•Extra memory for multiple tasks that are active or resident in memory at the same time. •Extra disk space for shared files and as an extension to the internal memory on the system. •Extra expansion slots to connect shared devices, such as printers and multiple network interfaces.


6.1.2 Servers

• Multiprocessor systems are capable of executing multiple tasks in parallel by assigning each task to a different processor.

• Must function effectively under heavy loads. • Redundancy is a feature of fault tolerant systems that are designed to survive

failures and can be repaired without interruption while the systems are up and running.


6.1.2 Servers

One Very Busy Spigot


6.1.2 Servers

http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=19&l=en&oc=P1500&s=dhs


6.1.2 Servers


•One server running a NOS may work well when serving only a handful of clients. •Most organizations use several servers.•Typically

•one server for e-mail•one server for file sharing•one for FTP.

6.1.2 Servers


The concentration of network resources makes the data easier to back up and maintain.

6.1.2 Servers



From a NETWORK point of view, any computer running TCP/IP (workstation or a server) is considered a host.

•In a typical file server environment, the client would retrieve large portions of the database files to process the files locally. •With client-server computing, the large database is stored, and the processing takes place on the server. •A relatively small amount of data or results might be passed across the network.



•The workstation and server normally would be connected to the LAN by a hub or switch.



1. PerformanceA NOS must perform well at reading and writing files across the network between clients and servers. It must be able to maintain fast performance under heavy loads, when many clients are making requests. Consistent performance under heavy demand is an important standard for a NOS.

2. Management and monitoringThe management interface on the NOS server provides the tools for server monitoring, client administration, file, print, and disk storage management. The management interface provides tools for the installation of new services and the configuration of those services. Additionally, servers require regular monitoring and adjustment.




3. SecurityA NOS must protect the shared resources under its control. Security includes authenticating user access to services to prevent unauthorized access to the network resources. Security also performs encryption to protect information as it travels between clients and servers.

4. ScalabilityScalability is the ability of a NOS to grow without degradation in performance. The NOS must be capable of sustaining performance as new users join the network and new servers are added to support them.

5. Robustness/fault toleranceA measure of robustness is the ability to deliver services consistently under heavy load and to sustain its services if components or processes fail. Using redundant disk devices and balancing the workload across multiple servers can improve NOS robustness.



Windows 2000 Professional is not designed to be a full NOS. It does not provide a domain controller, DNS server, DHCP server, or render any of the services that can be deployed with Windows 2000 Server.

• Windows 2000 Server adds the normal server-specific functions. • It provides integrated connectivity with Novell NetWare, UNIX, and

AppleTalk systems and can also be configured as a communications server.

• Windows .NET Server is built on the Windows 2000 Server kernel to run enterprise-level web and FTP sites.

• Equivalent to Linux and UNIX server operating systems.



• UNIX is the name of a group of operating systems that trace their origins back to 1969 at Bell Labs.

• Since its inception, UNIX was designed to support multiple users and multitasking.• It was originally sold to run powerful network servers, not desktop computers. • Solaris is currently the most widely used version of UNIX in the world for large

networks and Internet websites.




• Linux is one of the most powerful and reliable operating systems in the world today.

• Linux has already made inroads as a platform for power users and in the enterprise server arena.

• Linux is less often deployed as a corporate desktop operating system.• Recent distributions of Linux have networking components built in for connecting

to a LAN, establishing a dialup connection to the Internet, or other remote network. • TCP/IP is integrated into the Linux kernel instead of being implemented as a

separate subsystem.



•In 1991, a Finnish student named Linus Torvalds began work on an operating system for an Intel 80386-based computer.

http://www.isc.tamu.edu/~lewing/linux/sit3-shine.7.gif

http://www.catb.org/~esr/faqs/linus/


Torvald's work led to a world-wide collaborative effort to develop Linux, an open source operating system that looks and feels like UNIX.



Some advantages of Linux as a desktop operating system and network client:1. It is a true 32-bit operating system. 2. It supports preemptive multitasking and virtual memory. 3. The code is open source and thus available for anyone to enhance and

improve.



• Mac OS X provides a new feature that allows for AppleTalk and Windows connectivity.

• The Mac OS X core operating system is UNIX-based.• The Mac GUI resembles a cross between Windows XP and Linux X-windows GUI.

6.1.7 Apple



1. Remote management allows administrators to configure networked systems that are miles apart.

2. Network processes are referred to as • services in Windows 2000• daemons in UNIX and Linux.



The two most common web server software packages are 1. Microsoft Internet Information Services (IIS) – Windows platform2. Apache Web Server – Unix and Linux platform



1. Most popular network processes rely on the TCP/IP suite of protocols. 2. TCP/IP are vulnerable to unauthorized scans and malicious attacks.

• Denial of service (DoS) attacks• computer viruses• fast-spreading Internet worms

3. Recent versions of popular NOSs restrict the default network services.


OUTLINE6.1 Workstations and Servers

6.1.1 Workstations

6.1.2 Servers





6.1.7 Apple


6.2 Network Management






6.2.6 SNMP protocol


6.2.8 RMON

6.2.9 Syslog



OSI standard.



1. Simple Network Management Protocol – IETF community

2. Common Management Information Protocol – Telecommunications community


Simple Network Management Protocol (SNMP) - application layer protocol that facilitates the exchange of management information between network devices.


Eg. Packets per second sent on an

interface

Eg. Number of open TCP

connections

Eg. Color of the technician’s

shirt.

SNMP uses UDP over ports 161 and 162.



• Number and state of its virtual circuits • Number of certain kinds of error messages received • Number of bytes and packets in and out of the

device • Maximum output queue length, for routers and

other internetworking devices • Broadcast messages sent and received • Network interfaces going down and coming up

• Get – Enables the management station to retrieve the value of MIB objects from the agent.

• Set – Enables the management station to set the value of MIB objects at the agent.

• Trap – Enables the agent to notify the management station of significant events.



SNMP

Proprietary

The RMON probe gathers management information locally,

The network manager periodically retrieves a summary of this data.



• The NMS is an ordinary workstation.

• Large RAM, to hold all the co-resident management applications.

• Typical network protocol stack, such as TCP/IP.


AdventNet


MG-SOFT MIB Browser


NetworkView

http://www.networkview.com/Free

Demo US$59.


Ethereal



Aspen Systems



Linux SNMP Network Management Tools• This page assumes that you already have a working

knowledge of the basic tools -- ping, netstat, traceroute, nslookup, dig, tcpdump, /proc/net, ipfwadmin, tcpwrapper, maskd and are looking for graphical, distributed tools.

• SNMP FAQ Frequently asked questions about SNMP. • Linux CMU SNMP Project -- provides the standard bilingual

SNMPv1/v2 agent, incl USEC support, as well as command line tools; includes MIB-2 (RFC 1213) Identification MIB (RFC 1414) Host Resources MIB (RFC 1514) and the TUBS Linux MIB, as well as pointers to the Tcl and Perl snmp libs.

• SUNY Bufallo Network Management Archives -- the most complete archive around, including tools, MIB compilers, documentation. Not Linux specific.

• The Simple Web site maintains info on internet management. • Simple Times A periodical for Internet network management.



Central Manager sends out queries to all agents, no matter where they are located.



• In a distributed network NMS can act in a client-server architecture.• The clients send their data to the master server for centralized

storage



• Distributed NMSs have equal responsibility, with their own manager databases.

• Management information is distributed over the peer NMSs.


6.2.5 Structure of management information and MIBs A MIB is used to store the structured information representing network elements and their attributes.

All vendors are encouraged to make their

MIB definitions known.



The structure itself is defined in the Structure of Management Information (SMI)

1. the data types that can be used to store an object,

2. how those objects are named, and 3. how they are encoded for

transmission over a network.


6.2.5 Structure of management information and MIBs -- RFC1213-MIB.html -- MIB generated by MG-SOFT MIB Explorer Version 1.1 Build 153 -- Wednesday, November 13, 2002 at 12:22:23 -- HTML index: -- RMON2-MIB, RFC1155-SMI, RFC1213-MIB, RMON-MIB, SNMPv2-TC, -- TOKEN-RING-RMON-MIB. -- RFC1213-MIB DEFINITIONS ::= BEGIN IMPORTS internet, mgmt FROM RFC1155-SMI; -- -- Type definitions -- DisplayString ::= OCTET STRING PhysAddress ::= OCTET STRING -- -- Node definitions -- -- 1.3.6.1.2.1 mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } -- 1.3.6.1.2.1.1 system OBJECT IDENTIFIER ::= { mib-2 1 } -- 1.3.6.1.2.1.1.1 sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters." ::= { system 1 }

Page 1 of 46

• A unique object identifier, which is a number in dot notation, identifies each managed object

• Each object identifier is described using abstract syntax notation (ASN.1).


6.2.5 Structure of management information and MIBs IfEntry ::= SEQUENCE { ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, ifMtu INTEGER, ifSpeed Gauge, ifPhysAddress PhysAddress, ifAdminStatus INTEGER, ifOperStatus INTEGER, ifLastChange TimeTicks, ifInOctets Counter, ifInUcastPkts Counter, ifInNUcastPkts Counter, ifInDiscards Counter, ifInErrors Counter, ifInUnknownProtos Counter, ifOutOctets Counter, ifOutUcastPkts Counter, ifOutNUcastPkts Counter, ifOutDiscards Counter, ifOutErrors Counter, ifOutQLen Gauge, ifSpecific OBJECT IDENTIFIER } -- 1.3.6.1.2.1.2.2.1.1 ifIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each interface. Its value ranges between 1 and the value of ifNumber. The value for each interface must remain constant at least from one re-initialization of the entity's network management system to the next re- initialization." ::= { ifEntry 1 }

• A unique object identifier, which is a number in dot notation, identifies each managed object

• Each object identifier is described using abstract syntax notation (ASN.1).

Win2000Pro


6.2.5 Structure of management information and MIBs ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual string containing information about the interface. This string should include the name of the manufacturer, the product name and the version of the hardware interface." ::= { ifEntry 2 } -- 1.3.6.1.2.1.2.2.1.3 ifType OBJECT-TYPE SYNTAX INTEGER { other(1), regular1822(2), hdh1822(3), ddn-x25(4), rfc877-x25(5), ethernet-csmacd(6), iso88023-csmacd(7), iso88024-tokenBus(8), iso88025-tokenRing(9), iso88026-man(10), starLan(11), proteon-10Mbit(12), proteon-80Mbit(13), hyperchannel(14), fddi(15),

Formatted Raw

Win2000Pro


6.2.5 Structure of management information and MIBs -- 1.3.6.1.2.1.11.29 snmpOutTraps OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The total number of SNMP Trap PDUs which have been generated by the SNMP protocol entity." ::= { snmp 29 } -- 1.3.6.1.2.1.11.30 snmpEnableAuthenTraps OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Indicates whether the SNMP agent process is permitted to generate authentication-failure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authentication-failure traps may be disabled. Note that it is strongly recommended that this object be stored in non-volatile memory so that it remains constant between re-initializations of the network management system." ::= { snmp 30 } END

Page 46 of 46



IEEE reference

dot1qForwardUnregisteredTable OBJECT-TYPE SYNTAX SEQUENCE OF Dot1qForwardUnregisteredEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing forwarding information for each VLAN, specifying the set of ports to which forwarding of multicast group-addressed frames for which there is no more specific forwarding information applies. This is configured statically by management and determined dynamically by GMRP. An entry appears in this table for all VLANs that are currently instantiated." REFERENCE "IEEE 802.1Q/D11 Section 12.7.2, 12.7.7" ::= { dot1qTp 5 }



Once an assigned enterprise value has been given, the vendor is responsible for creating and maintaining sub-trees.


6.2.6 SNMP protocol

The agent is a software function embedded in most networked devices, such as routers, switches, managed hubs, printers, and servers.


6.2.6 SNMP protocol

• Interaction between the manager and the agent is facilitated by (SNMP). • The term simple comes from the restricted number of message types that are

part of the initial protocol specification.

The initial protocol specification is referred to as SNMPv1


6.2.6 SNMP protocol

SNMPv2c addressed limitations in SNMPv1 introduced the GetBulkRequest message type and the addition of 64-bit counters to the MIB.

NMS has the ability to issue changes of a value in the managed device. This allows an administrator to configure a managed device using SNMP.


6.2.6 SNMP protocol

• The interaction between the manager and the managed device introduces traffic to the network.

• Aggressive monitoring strategies can negatively affect network performance.

• Bandwidth utilizations will go up, which may be an issue for WAN environments.

• Moreover, monitoring has a performance impact on the devices themselves being monitored, since they are required to process the manager requests.

• This processing should not take precedence over production services.

• A general rule is that a minimum amount of information should be polled as infrequently as possible.

• Determine which devices and links are most critical and what type of data is required.


6.2.6 SNMP protocol

Each SNMP message contains a clear text string, called a community string. The community string is used like a password to restrict access to managed devices.


6.2.6 SNMP protocol

An example of an SNMPv2c message.


6.2.6 SNMP protocol

• An example of an SNMPv3 message.• (SNMPv3 addresses clear text security

concerns.)


6.2.6 SNMP protocol



ro – (Optional) Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.

rw – (Optional) Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects


6.2.8 RMON


6.2.8 RMON

• RMON was developed to overcome limitations in the capabilities of SNMP. SNMP can store only limited amounts of information (counters for overall traffic, number of errors, etc.), and, as it is a polled system, network loading is high.

• RMON on the other hand, provides much more detailed information and offers a simplified manner of data collection.

• RMON makes use of a client (like a Network Management Console, a Protocol Analyzer, or a Network Analyzer like the new Fluke Networks OptiView). The client then gathers the statistics from either one or more agents. These agents can be stand-alone RMON probes (located in strategic spots in the network) and/or embedded RMON agents in routers and switches.

• In total RMON specifies 10 services called RMON Groups. Not all devices have to support all services as some of the RMON groups require extensive overhead (memory and processor power). Most stand-alone RMON probes will typically support all services, but embedded RMON may be limited to only a few groups.

• The RMON client communicates directly to the RMON agent. RMON1 only collects data at the MAC level, so you will only get information on the captured packets by decoding them with a Protocol Analyzer. A switch will limit your view of the network.

• RMON2 has been developed to provide data on higher level protocols such as IP and IPX, and up through the stack to the applications layer.

• RMON2 provides full information on which protocols are being used on the network and the mix between them, standard RMON host and matrix information also for the network an applications layers, and a customizable history function that can be used for base-lining.


6.2.8 RMON

RMON

RMON2


6.2.8 RMON

1. Statistics (OID: 1.3.6.1.2.1.16.1) This group provides basic statistics for the given network interface type on the probe. For example, it will collect a breakdown of packet sizes on the segment over time.

2. History (OID: 1.3.6.1.2.1.16.2) The history group is responsible for storing periodic samples of the segment for later analysis.

3. Alarm (OID: 1.3.6.1.2.1.16.3) Using preconfigured thresholds on the probe, this group can generate alarm events when a parameter surpasses a threshold.

4. Hosts (OID: 1.3.6.1.2.1.16.4) This group keeps track of the MAC addresses of the devices that are communicating on this segment.

5. HostTopN (OID: 1.3.6.1.2.1.16.5) This group is used to store data regarding the top "talkers" based on some criteria provided by the management station.

6. Matrix (OID: 1.3.6.1.2.1.16.6) This group holds a table that defines pairs of devices who are talking to one another.

7. Filter (OID: 1.3.6.1.2.1.16.7) This group allows a Network Manager to define one or more filters, based on a value and offset, for packets that want to be captured. The definition of that filter(s) exists in this group.

8. Capture Packets (OID: 1.3.6.1.2.1.16.8) This group requires the presence of the Filter group and provides a means of capturing packet flowing through the network interface for later review. This group actually stores the contents of each packet flowing into the interface and meeting the filter criteria.

9. Event (OID: 1.3.6.1.2.1.16.9) This group provides the mechanism for the device to generate events and alarms. It is basically the holding table for any events that occur on the device, either through configuration or exception.


6.2.8 RMON


6.2.9 Syslog

• The syslog utility is a mechanism for applications, processes, and the operating system of Cisco devices to report activity and error conditions.

• The syslog protocol is used to allow Cisco devices to issue these unsolicited messages to a network management station.

Direct to the console raw

data.

To a host running an NMS client for a better display.

To a server for further processing.


6.2.8 RMON


6.2.9 Syslog

To enable logging to all supported destinations:Router(config)#logging on

To send log messages to a syslog server host, such as CiscoWorks2000: Router(config)#logging hostname | ip address

To set logging severity level to level 6, informational:Router(config)#logging trap informational

To include timestamp with syslog message:Router(config)#service timestamps log datetime

1. Emergencies2. Alerts3. Critical4. Errors5. Warnings6. Notifications7. Informationa

l8. Debugging


1. The functions of a workstation and a server 2. The roles of various equipment in a client/server

environment 3. The development of Networking Operating Systems (NOS) 4. An overview of the various Windows platforms 5. An overview of some of the alternatives to Windows

operating systems 6. Reasons for network management 7. The layers of OSI and network management model 8. The type and application of network management tools 9. The role that SNMP and CMIP play in network monitoring 10. How management software gathers information and

records problems 11. How to gather reports on network performance


FIN

http://www.isc.tamu.edu/~lewing/linux/sit3-shine.7.gif

Module 6 – Introduction to Network Administration

Documents

Transcript of Module 6 – Introduction to Network Administration