Sybex ICND2/CCNA R/S
Chapter 17: IP Services
Instructor & Todd Lammle
Chapter 17 Objectives
• The ICND2 Topics Covered in this
chapter include:
• IP Services
–
–
–
–
–
–
–
Recognize high availability (FHRP)
VRRP
HSRP
GLBP
Configure and verify Syslog
Utilize Syslog Output
Describe SNMP v2 & v3
• Troubleshooting
– Utilize netflow data
– Monitor NetFlow statistics
2
Default gateway
If you’re wondering how you can possibly configure a client to send data off its local link
when its default gateway router has gone down, you’ve targeted a key issue because the
answer is that usually, you can’t!
Proxy ARP
If a Proxy ARP–enabled router receives an ARP request for an IP address that it knows
isn’t on the same subnet as the requesting host, it will respond with an ARP reply packet
to the host
FHRPs use a virtual router with a
virtual IP address and virtual MAC
address.
First hop redundancy protocols (FHRPs) work by giving you a way to configure
more than one physical router to appear as if they were only a single logical one.
HSRP
HSRP is a Cisco proprietary protocol that
can be run on most, but not all, of Cisco’s router
and multilayer switch models. It defines a
standby group, and each standby group that you
define includes the following routers:




Active router
Standby router
Virtual router
Any other routers that maybe attached to the
subnet
HSRP active and standby routers
The problem with HSRP is that with it, only
one router is active and two or more routers just
sit there in standby mode and won’t be used
unless a failure occurs—not very cost effective
or efficient!
The standby group will always have at least
two routers participating in it. The primary
players in the group are the one active router
and one standby router that communicate to
each other using multicast Hello messages.
HSRP Virtual MAC
The HSRP MAC address has only
one variable piece in it. The first 24
bits still identify the vendor who
manufactured the device (the
organizationally unique identifier,
or OUI).
The next 16 bits in the address tells
us that the MAC address is a wellknown HSRP MAC
Here is an example of what an HSRP
MAC address would look like:
0000.0c07.ac0a



The first 24 bits (0000.0c) are the vendor
ID of the address; in the case of HSRP
being a Cisco protocol, the ID is assigned to
Cisco.
The next 16 bits (07.ac) are the well-known
HSRP ID. This part of the address was
assigned by Cisco in the protocol, so it’s
always easy to recognize that this address is
for use with HSRP.
The last 8 bits (0a) are the only variable bits
and represent the HSRP group number that
you assign. In this case, the group number
is 10 and converted to hexadecimal when
placed in the MAC address, where it
becomes the 0a that you see.
VRRP






VRRP is an IEEE standard (RFC 2338) for router redundancy;
HSRP is a Cisco proprietary protocol.
The virtual router that represents a group of routers is known as a
VRRP group.
The active router is referred to as the master virtual router.
The master virtual router may have the same IP address as the
virtual router group.
Multiple routers can function as backup routers.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit
Ethernet interfaces as well as on Multi-protocol Label Switching
(MPLS) virtual private networks (VPNs) and VLANs.
GLBP
Cisco designed a proprietary load-balancing
protocol, Gateway Load Balancing Protocol
(GLBP), to allow automatic selection and
simultaneous use of multiple available
gateways as well as permit automatic failover
between those gateways.
GLBP takes an active/active approach on a persubnet basis to support first-hop (default router)
traffic when implemented with two routers on
the same LAN. Multiple routers share the load
of frames that, from a client perspective, are
sent to a single default gateway address, as
shown in the figure
GLBP Functions
GLBP essentially provides clients with the following:
 An active virtual gateway (AVG)
 An active virtual forwarder (AVF)
It also allows members of the group to communicate with each other
through Hello messages sent every 3 seconds to the multicast address
224.0.0.102, User Datagram Protocol (UDP) port 3222.
GLBP AVG
Members of a GLBP group elect one gateway to be the AVG for that group.
Other group members provide backup for the AVG in the event that the AVG
becomes unavailable. The AVG assigns a different virtual MAC address to
each member of the GLBP group.
GLBP AVF
Each gateway assumes responsibility for forwarding packets that are sent to the
virtual MAC address assigned to that gateway by the AVG. These gateways are
known as AVFs for their virtual MAC address.
Syslog
Reading system messages from a switch’s or router’s internal buffer is the
most popular and efficient method of seeing what’s going on with your network at
a particular time. But the best way is to log messages to a syslog server, which
stores messages from you and can even time-stamp and sequence them for you, and
it’s easy to set up and configure!
Severity Levels
Severity Level
Explanation
Emergency (severity 0)
System is unusable.
Alert (severity 1)
Immediate action is needed.
Critical (severity 2)
Critical condition.
Error (severity 3)
Error condition.
Warning (severity 4)
Warning condition.
Notification (severity 5)
Normal but significant condition.
Information (severity 6)
Normal information message.
Debugging (severity 7)
Debugging message.
Understand that only emergency-level messages will be displayed if you’ve
configured severity level 0. But if, for example, you opt for level 4 instead, level 0
through 4 will be displayed, giving you emergency, alert, critical, error, and warning
messages too.
Show logging
Notice that the default trap (message from device to NMS) level is informational
(level6), but you can change this too.
Router#sh logging
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 29 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level informational, 33 message lines logged
Log Buffer (4096 bytes):
*Jun 21 23:09:37.822: %SYS-5-CONFIG_I: Configured from console by console
Router#
SNMP
SNMP is an Application layer protocol that provides a message format for agents on
a variety of devices to communicate with network management stations (NMSs)
The NMS periodically queries or polls the SNMP agent on a device to gather and
analyze statistics via GET messages. End devices running SNMP agents would send
an SNMP trap to the NMS if a problem occurs.
SNMP versions
SNMP has three versions, with version 1 being rarely, if ever
implemented today. Here’s a summary of these three versions:
SNMPv1
Supports plaintext authentication with community strings and uses only by
UDP.
SNMPv2c
Supports plaintext authentication (using community strings) with MD5 or
SHA with no encryption but provides GET BULK, which is a way to gather
many types of information at once and minimize the number of GET
requests. It offers a more detailed error message reporting method, but it’s
not more secure than v1. It uses UDP even though it can be configured to use
TCP.
SNMPv3
Supports strong authentication with MD5 or SHA, providing confidentiality
(encryption) and data integrity of messages via DES or DES-256 encryption
between agents and managers. GET BULK is a supported feature of
SNMPv3, and this version also uses TCP.
NetFlow
Cisco IOS NetFlow efficiently provides a key set of services for IP applications,
including network traffic accounting for baselining, usage-based network billing for
consumers of network services, network design and planning, general network
security, and DoS and DDoS monitoring capabilities as well as general network
monitoring.
Service providers use NetFlow to do
the following:
 Efficiently measuring who is using network
service and for which purpose
 Accounting and charging back according to the
resource utilizing level
 Using the measure information for more effective
network planning so that resource allocation and
deployment are well aligned with customer
requirements
 Using the information to better structure and
customize the set of available applications and
services to meet user needs and customer service
requirements
NetFlow Uses
 Major users of the network, meaning top talkers, top
listeners, top protocols, and so on
 Websites that are routinely visited, plus what’s been
downloaded
 Who’s generating the most traffic and using excessive
bandwidth
 Descriptions of bandwidth needs for an application as
well as your available bandwidth
Configuring NetFlow
SF(config)#int fa0/0
SF(config-if)#ip flow ingress
SF(config-if)#ip flow egress
SF(config-if)#exit
SF(config)#ip flow-export destination
172.16.20.254 9996
SF(config)#ip flow-export version ?
1
5
9
SF(config)#ip flow-export version 9
SF(config)#ip flow-export source loopback 0
Show ip cache flow
SF#sh ip cache flow
IP packet size distribution (161 total packets):
[output cut]
IP Flow Switching Cache, 278544 bytes
1 active, 4095 inactive, 1 added
215 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
1 active, 1023 inactive, 1 added, 1 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol
Total
Flows
Packets Bytes Packets Active(Sec) Idle(Sec)
-------Flows
/Sec
/Flow /Pkt
/Sec
/Flow
/Flow
TCP-Telnet
14
0.0
19
58
0.1
6.5
11.7
TCP-WWW
8
0.0
9
108
0.1
2.5
1.7
SrcIf
SrcIPaddress
DstIf
DstIPaddress
Pr SrcP DstP Pkts
Fa0/0
172.16.10.1
gig0/1
255.255.255.255 11 0044 0050 1161
Written Labs and Review
Questions
– Read through the Exam Essentials
section together in class
– Open your books and go through all the
written labs and the review questions.
– Review the answers in class.
22