Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (19)
Similar a Packet Tracer: SNMP, Netflow, Sys-log
Similar a Packet Tracer: SNMP, Netflow, Sys-log (20)
Más de Rafat Khandaker
Más de Rafat Khandaker (10)
Último
Último (20)
Packet Tracer: SNMP, Netflow, Sys-log
- 1. Packet Tracer Lab Rafat Khandaker SNMP Netflow, Syslog, Trap 05-17-16 . ABSTRACT In this lab, I'm going to research and study Cisco routing protocols that include SNMP, HSRP and GLBP. Those protocols will be used to configure load balancing, network monitering and generate sys log messages and transport to a snmp server/syslog server. INTRODUCTION SNMP Simple Network management protocol, was developed in 1988 to allow applications to access the traffic information being passed through cisco routers. SNMP allowed, servers to log error messages about the network. SNMP also allowed active network monitoring such as netflow application to be transmitted and logged into a server. SNMP protocols are usually configured with a management device and an agent. The agent usually contains MIB or message information block, which inside an OID ( object identifier ) can be configured from an SNMP manager. The manager is allowed to query or ask for variables inside the OID. It can also be configured with " trap " notifications, which is a preconfigured detection feature to be logged into the SNMP manager. SNMP had security flaws, it only used community strings ( read /write private... read only ) they were pre-configured with default values. SNMP v2 never caught on in the market... V2c allowed more information to be transmitted through a single query. still used community strings. SNMP v3 - good security, encryption, integrity check and authentication services. SIMULATION
- 2. In this example, a server is connected on the network to log snmp traffic. The router will be configured to send the snmp traffic into the server when PC 1 is communicating to pc0, and log information about the status of the router in general, including links going up and down. to set up this lab, I made sure that all links have connectivity through pc1 .
- 3. ONCE CONNECTIVITY IS CONFIRMED , I am now going to configure SNMP protocol and view the SYS log on the server. Enable TRAP to send syslog messages to the server Entering severity 7 ... just for demonstration purpose... almost like a network analyzer... at this point. Usually severity 4 is used for administration.
- 4. we can see the server sys log entering messages
- 5. server is actively logging NETFLOW Netflow is a feature on cisco routers that allows us to get a very detailed information about the network traffic. netflow has 7 things in common 1.source ip address 2. destination ip address 3. Source port number 4. Destination Port number 5. Layer 3 protocol type. 6. Type of service (ToS) value 7. ingress interface. We can get very detailed information of the packet in the flow within the network. configuring netflow on the interface ingress ( inbound ) egress ( outbound )
- 6. The idea is to create connections from the pc to internet and monitor the traffic - here i have some random garbage requests to the pc accross the simulated internet.
- 7. We can see from the command show ip cache flow, that the router is capturing traffic from the netflow configuration. Now I'm going to export the netflow to a server... ( version depends on the netflow collector documentation ) ** usually the app you are using..
- 8. here we configured ip flow export on loopback 0 version 9 and export destination to the server on port 9996. ( usual port number but can be different ) On the server interface, netflow is configured.. and I will do some garbage pings and failed telnet attempts and let netflow collect information.
- 10. CONCLUSION: In this lab I have successfully configured SNMP, Netflow and syslog onto a server. These protocols are very useful for administrators to check for network downtime, troubleshooting and monitoring a network.