Network Management - Cisco2

7/31/2019 Network Management - Cisco2

1/24

Chapter 14Network Management, Part II

Introduction

Now that you know how to design and build networks, you can perform taskssuch as selecting, installing, and testing cable, along with determining where wir-ing closets will be located. However, network design and implementation are

only part of what you need to know. You must also know how to maintain thenetwork and keep it functioning at an acceptable level. This means that you mustknow how to troubleshoot problems when they arise. In addition, you mustknow when it is necessary to expand or change the networks configuration tomeet the changing demands placed on it. In this chapter, you begin to learn aboutmanaging a network using techniques such as documenting, monitoring, andtroubleshooting.

The Administrative Side of Network Management

The view of a network is important. A network is a collection of devices that

interact with one another to provide communication. When a network adminis-trator looks at a network, it should be looked at as a whole entity, not individualparts. In other words, each device in a network affects other devices and the net-work as a whole. As shown in Figure 14-1, nothing is isolated when its con-nected to a network.

A good analogy for the network, in this instance, is an automobile. A car is a col-lection of parts that provide transportation. The engine provides power to movethe car, but it doesnt work well if the fuel system goes bad or if the tires are flat.Brakes are also important components, but once again, without the hydraulic sys-tem, the brakes wont work and the car wont stop. Without all the componentsworking together, the car does not perform its designated task: transportation.

The same is true with a network system. If the network server is set up to workwith the IPX/SPX protocol and the hosts arent, they wont be able to communi-cate. Also, if the system is working fine and the administrator changes the proto-cols on only one end, the system stops working. One device affects how otherdevices function. Another example is having a DNS server located at IP address192.150.11.123. All your hosts are configured to find the DNS server at this IPaddress. If a network technician changes the IP address of the DNS server with-out changing the host identifiers, the hosts no longer have DNS services.


2/24

422

Chapter 14 Network Management, Part II

The important thing to remember when dealing with a network is to view it asa single unit instead of a group of individual connected devices. This alsoapplies to the wide-area connections that are used when connecting to theInternet. Changes that are made to the routers at your location directly affect

the efficiency and reliability of communication throughout the entire system.Understanding and Establishing the Boundaries of the Network

In an enterprise network, it is important that the network staff members knowtheir responsibilities. Is it the responsibility of the network staff to diagnoseproblems on a users desktop, or is it simply to determine that a users problemis not communication-related? Does the network staffs responsibility extendonly as far as the horizontal cabling wall plate, or does that responsibilityextend all the way to the NIC?

These definitions are important to a networking department because they affectthe workload of each person and the cost of network services for the enterprise.

The greater the responsibility of a network staff, the greater the resource cost.Imagine a restaurant owned and operated by a single individual. Only one per-son is responsible for all tasks, including cooking, serving, washing dishes, andpaying the bills. The human-resource cost of the restaurant is relatively low, butpossibilities for growth and expansion are limited until the owner hires cooks,waiters, bussers, and accountants. When responsibilities are divided, the restau-rant can serve more people more efficiently. The trade-off, of course, is thatresource costs have risen along with growth and expansion.

FIGURE 14-1

Basic network

setup.


3/24

The Administrative Side of Network Management

423Just as the restaurant example showed, the job of network support can encom-pass all aspects of the network, or it can be limited to just certain components.These responsibilities need to be defined and enforced on a department-by-department basis. The key to understanding this relationship is that makingthe responsibility area too large can overburden the resources of the depart-ment, but making the area too small can make it difficult to effectively resolvethe problems on the network.

Costs of a Network

Network administration encompasses many responsibilities, including costanalysis. This means determining not only the cost of network design andimplementation, but also the cost of maintaining, upgrading, and monitoringthe network. Determining the cost of network installation is not a particularlydifficult task for most network administrators. Equipment lists and costs canbe readily established; labor costs can be calculated using fixed rates. Unfortu-nately, the cost of building the network is just the beginning.

Some of the other cost factors that must be considered are the following:

Network growth over time

Technical and user training

Repairs

Software deploymentThese cost factors are much more difficult to project than the cost of buildingthe network. The network administrator must be able to look at historical andcompany growth trends to project the cost of growth in the network. A man-ager must look at new software and hardware to determine whether the com-pany needs to implement them (and when), as well as to determine what stafftraining is needed to support these new technologies.

The cost of redundant equipment for mission-critical operations should alsobe added to the cost of maintaining the network. Think of running an Internet-based business that uses a single router to connect to the Internet. If that routerfails, your company is out of business until you replace that router, which

could cost the company thousands of dollars in lost sales. A wise networkadministrator might keep a spare router on the premises to minimize the timethat the company is offline.

Error Report Documentation

As mentioned in the previous semesters materials, effective network manage-ment requires thorough documentation, so when problems arise, some form of


4/24

424


error document should be generated (see Figure 14-2). This document is usedto gather the basic information necessary to identify and assign a networkproblem, and it also provides a way of tracking the progress and eventual solu-tion of the problem. Problem reports provide justification to senior manage-ment for hiring new staff, purchasing equipment, and providing additionaltraining. This documentation also provides solutions to recurring problemsthat have already been resolved.

All the material presented so far in this chapter deal with the nontechnicalissues of network management. The rest of this chapter deals with the toolsthat are available to monitor and diagnose problems on a wide-area network

(WAN).

Monitoring the Network

Although there are many reasons to monitor a network, the two primary rea-sons are to predict changes for future growth and to detect unexpectedchanges in network status. Unexpected changes might include things such as arouter or switch failing, a hacker trying to gain illegal access to the network,or a communication link failure. Without the ability to monitor the network,an administrator can only react to problems as they occur instead of preemp-tively preventing these problems.

In the previous semester, network management topics were covered with pri-mary focus on local-area networks. Monitoring a WAN involves many of thesame basic management techniques as managing a local-area network (LAN).One of the major differences between WANs and LANs is the physical place-ment of equipment. The placement and use of monitoring tools becomes criti-cal to the uninterrupted operation of the WAN.

FIGURE 14-2

Error reportdocumentation.


5/24


425Connection Monitoring

One of the most basic forms of connection monitoring takes place every dayon a network. The process of users logging on to the network verifies that con-nections are working properly, or the networking department will soon becontacted. This is not the most efficient or preferable method of connectionmonitoring available, however. Simple programs can enable the administratorto enter a list of host IP addresses so that these addresses are periodicallypinged. If a connection problem exists, the program will alert the administra-tor by the ping output. This is an inefficient and primitive way to monitor thenetwork, but it is better than nothing.

Another aspect of this type of monitoring is that it determines that there is acommunication breakdown only somewhere between the monitoring stationand the target device. The fault could be a bad router, switch, or network seg-ment. The ping test indicates only that the connection is down; it does notindicate where the problem is.

Checking all the hosts on a WAN using this type of monitoring involves manyresources. If the network has 3000 hosts on it, pinging all the network devicesand hosts can use a great deal of system resources. A better way is to ping justa few of the important hosts, servers, routers, and switches to verify their con-nectivity. These ping tests will not give true data unless workstations arealways left on. Again, this method of monitoring should be used only if noother method is available.

Traffic Monitoring

Traffic monitoringis a more sophisticated method of network monitoring. Itlooks at the actual packet traffic on the network and generates reports basedupon the network traffic. Programs, such as Microsoft Windows NT NetworkMonitor and Flukes Network Analyzer, are examples of this type of software.These programs not only detect failing equipment, but they also determinewhether a component is overloaded or poorly configured. The drawback tothis type of program is that it normally works on a single segment at a time; ifdata needs to be gathered from other segments, the monitoring software must

be moved to that segment. You can overcome this by using agents on theremote network segments (as shown in Figure 14-3). Equipment, such asswitches and routers, can generate and transmit traffic statistics as part of theiroperating system. So, how is the data gathered and organized in one centrallocation to be useful to the network administrator? The answer: the SimpleNetwork Management Protocol.


6/24

426


Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is a protocol that allows man-agement to transmit statistical data over the network to a central management

console. SNMP is a component of the Network Management Architecture,which consists of four major components:

Management stationThe network managers interface into the networksystem. It has the programs to manipulate data and control the network.The management station also maintains a Management Information Base(MIB) extracted from the devices under its management.

Management agentThe component that is contained in the devices thatare to be managed. Bridges, routers, hubs, and switches might containSNMP agents to allow them to be controlled by the management station.The management agent responds to the management station in two ways.First, through polling, the management station requests data from the

agent, and the agent responds with the requested data. Second, trappingis a data-gathering method designed to reduce traffic on the network andprocess on the devices being monitored. Instead of the management sta-tion polling the agents at specific intervals continuously, thresholds (topor bottom limits) are set on the managed device. If this threshold on thedevice is exceeded, the managed device sends an alert message to themanagement station. This eliminates the need to continuously poll all themanaged devices on the network. Trapping is beneficial on networks witha large number of devices that need to be managed. It reduces the amount

FIGURE 14-3

SNMP layout.


7/24


427of SNMP traffic on the network to provide more bandwidth for datatransfer.

Management Information Base (MIB)Has a database structure and resideson each device that is managed. The database contains a series of objects,which are resource data gathered on the managed device. Some of the cate-gories in the MIB include port interface data, TCP data, and ICMP data.

Network management protocolUsed is SNMP. SNMP is an applicationlayer protocol designed to communicate data between the managementconsole and the management agent. It has three key capabilities: the capa-bility to GET the management console retrieving data from the agent, to

PUT the management console setting object values on the agent, and toTRAP the agent notifying the management console of significant events.

The key word to remember in Simple Network Management Protocol is simple.When SNMP was developed, it was designed to be a short-term system thatwould later be replaced. But just like TCP/IP, it has become one of the majorstandards in Internet/intranet management configurations. Over the last fewyears, enhancements have been added to SNMP to expand its monitoring andmanagement capabilities. One of the greatest enhancements to SNMP is calledRemote Monitoring (RMON). RMON extensions to SNMP give you the abil-ity to look at the network as a whole instead of looking at individual devices.

Remote Monitoring

Probes gather remote data in Remote Monitoring (RMON). A probe has thesame function as an SNMP agent. A probe has RMON capabilities; an agentdoes not. When working with RMON, as with SNMP, a central managementconsole is the point of data collection. An RMON probe is located on eachsegment of the network monitored. These probes can be dedicated hosts, resi-dent on a server, or can be included in a standard networking device, such as arouter or a switch. These probes gather the specified data from each segmentand relay it to the management console. Redundant management consoles pro-vide two major benefits to network management processes. First is the capabil-ity to have more than one network administrator in different physicallocations monitor and manage the same network (for example, one in NewYork and one in San Jose). Second is the all-important concept of redundancy.

Having two or more management consoles means that if one console fails, theother console still can be used to monitor and control the network until thefirst console is repaired (see Figure 14-4).

The RMON extension to the SNMP protocol creates new categories of data.These categories add more branches to the MIB database. Each of the majorcategories is explained in the following list:

The Ethernet Statistics GroupContains statistics gathered for each moni-tored subnetwork. These statistics include counters (incremental that start


8/24

428


from zero) for bytes, packets, errors, and frame size. The other type of datareference is an index table. The table identifies each monitored Ethernetdevice, which allows counters to be kept for each individual Ethernetdevice. The Ethernet Statistics Group provides a view of the overall loadand health of a subnetwork by measuring different types of errors, includ-ing CRC, collisions, and over- and undersized packets.

The History Control GroupContains a data table that records samples ofthe counters in the Ethernet Statistics Group over a specified period of time.The default time set up for sampling is every 30 minutes (1800 seconds),and the default table size is 50 entries, giving a total of 25 hours of contin-uous monitoring. As the history is created for the specified counter, a newentry is created in the table at each sample interval until the limit of 50 isreached. Then as each new entry is created, the oldest entry in the table is

deleted. These samples provide a baseline of the network and can be usedto compare against the original baseline to resolve problems or to updatethe baseline as the network changes.

The Alarm GroupUses user-specified limits called thresholds. If the datacounters being monitored cross the thresholds, a message or alarm is sentto the specified people. This process, known as an error trap, can automatemany functions of network monitoring. Instead of having a person con-stantly and directly monitoring the network or waiting for a user to

FIGURE 14-4

Network with

dual manage-

ment consoles.


9/24


429identify a problem with the network, the network process itself can sendmessages to the network personnel because of a failure or, more impor-tantly, an impending failure. This is an important component of preemptivetroubleshooting.

The Host GroupContains counters maintained about each host discov-ered on the subnetwork segment. Some of the counter categories main-tained are packets, octets, errors, and broadcasts. Types of countersassociated with each of the previously mentioned items could be, for exam-ple, total packets, packets received, and packets sent, along with manycounters specific to the type of item.

The Host TOPN GroupUsed to prepare reports about a group of hoststhat top a statistical list based on a measured parameter. The best way todescribe this group is by example. A report could be generated for the topten hosts generating broadcasts for a day. Another report might be gener-ated for the most packets transmitted during the day. This category pro-vides an easy way to determine who and what type of data traffic mostoccupies the selected subnetwork.

The Matrix GroupRecords the data communication between two hostson a subnetwork. This data is stored in the form of a matrix (a multidimen-sional table). One of the reports that can be generated from this category iswhich host utilizes a server. Reorganizing the matrix order can create other

reports. For example, one report might show all users of a particular server,while another report shows all the servers used by a particular host.

The Filter GroupProvides a way that a management console can instructan RMON probe to gather selected packets from a specific interface on aparticular subnetwork. This selection is based on the use of two filters, thedata and the status filter. The data filter is designed to match or not matchparticular data patterns, which allows for the selection of that particulardata. The status filter is based on the type of packet looked at, such as aCRC packet or a valid packet. These filters can be combined using logicaland and or to create very complicated conditions. The filter groupenables the network administrator to selectively look at different types of

packets to provide better network analysis and troubleshooting. The Packet CaptureGroupAllows the administrator to specify a method

to use to capture packets that have been selected by the Filter Group. Bycapturing specified packets, the network administrator can look at theexact detail for packets that meet the basic filter. The packet group alsospecifies the quantity of the individual packet captured and the total num-ber of packets captured.


10/24

430


The Event GroupContains events generated by other groups in the MIBdatabase. An example is a counter exceeding the threshold for that counterspecified in the Alarm Group. This action would generate an event in theEvent Group. Based on this event, an action could be generated, such asissuing a warning message to all the people listed in the Alarm Groupsparameters or creating a logged entry in the event table. An event is gener-ated for all comparison operations in the RMON MIB extensions.

The Token Ring GroupContains counters specific to Token Ring net-works. Although most of the counters in the RMON extensions are notspecific to any type of data-link protocol, the Statistics and History Groups

are. They are particularly attuned to the Ethernet protocol. The TokenRing Group creates counters necessary to monitor and manage Token Ringnetworks using RMON.

Remember that RMON is an extension to the SNMP protocol. Specifically,this means that although RMON enhances the operation and monitoringcapabilities of SNMP, SNMP is still required for RMON to operate on a net-work. As a last point, it is important to mention that there are later revisionsof both SNMP and RMON, labeled as SNMPv2 and RMON2. This curricu-lum does not cover all the new capabilities of these versions.

Troubleshooting NetworksProblems happen! Even when the network is monitored, the equipment is reli-able, and the users are careful, things will go wrong. The test of a good net-work administrator is the ability to analyze, troubleshoot, and correctproblems under pressure of a network failure that causes company downtime.The suggestions in this section review troubleshooting techniques and offerother tools for troubleshooting a network. This is a review of previous andsome additional techniques for troubleshooting a network. As stated previ-ously, these techniques can be the best tools in curing network problems.

The first and most important thing in troubleshooting networks is to use yourengineering journal and to take notes. Note-taking can define a clear path todiagnosing a problem. It can tell you what you have already tried and whateffect that had on the problem. This can be extremely valuable to the trouble-shooter so that previous attempts at resolving the problem wont be needlesslyrepeated. Taking notes is also valuable if the problem is handed off to anothertechnician because it prevents that person from having to redo all that work.A copy of these notes should be included with the resolution of the problemwhen the trouble ticket on this job is completed. This provides a reference forsimilar problems that might happen.


11/24

Troubleshooting Networks

431Another essential element of preemptive troubleshooting is labeling. Labeleverything, including both ends of a horizontal cable run. This label shouldinclude not only the number of the cable but also where the other end islocated and the usage of the cable, such as voice, data, or video. This type oflabel can be even more valuable than a wiring cut sheet when it comes to trou-bleshooting because it is located right where the unit is, not stuck in a drawersomewhere. Along with the wire labels, labeling each port on a hub, switch, orrouter as to location, purpose, and point of connection greatly improves theease with which problems can be solved.

Finally, all other components attached to the network should also be labeled as

to their location and purpose. With this type of labeling, all components canbe located, and their purpose on the network can be easily defined. Properlabeling, used with the network documentation created when the network wasbuilt and updated, will give a complete picture of the network and its relation-ships. One other important reminder from the previous semester is that thedocumentation is useful only if it is current. All changes made to the networkmust be documented both on the devices or wire that is changed and in thepaper documentation used to define the complete network.

The first step in network troubleshooting is to define the problem. This defini-tion can be a consolidation of many different sources. One of the sourcescould be a trouble ticket or help desk report, which initially identifies a prob-

lem. Another source might be a phone conversation with the user where youdiscuss the problem to gather more information about it. Network monitoringtools can provide a more complete idea about the specific problem that needsto be resolved. Other users and your own observations will provide informa-tion. Evaluating all this information might give the troubleshooter a muchclearer starting place to resolve the problem, rather than by working from anyone source.

Troubleshooting Methods

The process of elimination and divide and conquer techniques are the mostsuccessful methods for network troubleshooting. The following scenariosexplain these techniques.

The Process of Elimination Technique

Imagine that a user on your network calls the help desk to report that his com-puter can no longer connect to the Internet. The help desk fills out the errorreport form and forwards it to you, the network support department.

You call and talk to the user, who tells you that he has done nothing differentlyto get to the Internet. You check the hardware logs for the network and find


12/24

432


out that the users computer was upgraded last night. Your first hypothesis isthat the computers network drivers must be incorrectly configured. You go tothe machine and check the network configuration information on the com-puter. It seems to be correct, so you ping the server on that subnet. It doesntconnect (see Figure 14-5).

The next solution is to check to see if the workstation cable is plugged in.You check both ends of the cable and try pinging the server again.

Next, you ping 127.0.0.1, the loopback address for the computer (see Figure14-6). The ping is successful, so that eliminates a possible problem betweenthe computer, the driver configuration, and the NIC card.

You decide that there might be a problem with the server for this networksegment. Another networked computer is at the next desk, so you ping theservers address, and the result is successful (see Figure 14-7). This eliminatesthe server, the backbone, and the servers connection to the backbone as the

problem.You then go to the IDF and switch the port for the workstation, go back to theworkstation, and try to ping the server again. The solution still does not work(see Figure 14-8). This narrows your search down to the horizontal cabling orthe workstation patch cable. You go back to the IDF, put the cable back in theoriginal switch port, get a new workstation patch cable, and return to theworkstation.

FIGURE 14-5

Bad ping output.C:\WINDOWS>ping 110.0.1.1

Pinging 110.0.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 110.0.1.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


13/24


433

You replace the workstation cable and try to ping the server again (see Figure14-9). This time, you are successful, so the problem is fixed.

The last step is to document the problem solution on the error report form andreturn it to the help desk so that it can be logged as completed.

FIGURE 14-6

Loopback ping

output.

FIGURE 14-7

Next ping

output.

C:\WINDOWS>ping 127.0.0.1


Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Reply from 127.0.0.1: bytes=32 time


14/24

434


The Divide and Conquer TechniqueHere, you combine two networks that work fine when not connected (see Fig-ure 14-10), but when they are joined, the entire combined network fails (seeFigure 14-11).

The first step to correct this problem is to divide the network back into twoseparate networks and verify that the two still operate correctly when sepa-rated. If this is true, then you remove all the subnet connections for one of theconnecting routers and reconnect it to the other working network. Verify thatit is still working correctly.

FIGURE 14-8

Bad ping output.

FIGURE 14-9

Next ping

output.



Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 110.0.1.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Reply from 110.0.1.1: bytes=32 time=1ms TTL=128

Reply from 110.0.1.1: bytes=32 time


15/24


435

If the network is still functioning, add each of that routers subnetworks backinto the router until the overall system fails (see Figure 14-12). Remove the lastsubnet that was added, and see if the whole network returns to its normaloperation.

If the network is again functioning normally, remove the hosts from the net-work segment (see Figure 14-13), and replace them one at a time, again check-ing to see when the network fails (see Figure 14-14). When you find theoffending device, remove it and verify that the network returns to normal.

FIGURE 14-10

Sample network

example.

FIGURE 14-11

The network

without the A

and B subnet-

works.

FIGURE 14-12

The network

without the B

subnetwork.

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1


16/24

436


If the network still functions normally, you have isolated the faulty piece ofequipment. It is now possible to troubleshoot this individual piece of equip-ment to find out why it was causing the entire network to crash. If nothingproves to be wrong with this device upon analysis, it might be that this device,in conjunction with another device on the opposite network, is causing theproblem. To find the other end of the problem, you have to repeat the processused previously.

First, reconnect the host that caused the network to fail. Then, disconnect allthe subnetworks from the other router. Check that the network has returnedto operating status.

If the network is functioning again, add each of that routers subnetworksback into the router until the overall system fails. Remove the last subnet thatwas added before the failure and see if the whole network returns to its normaloperation.

FIGURE 14-13

The B network

segment without

the hosts.

FIGURE 14-14

The B network

segment without

one host.

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1


17/24


437

If the network again functions normally, remove the hosts from the networksegment and replace them one at a time (see Figure 14-16), again checking tosee when the network fails (see Figure 14-17). When you find the offendingdevice, remove it and verify that the network returns to normal.

If the network still functions normally, you have isolated the other faulty pieceof equipment. It is now possible to troubleshoot this individual piece of equip-ment to find out why it was causing the entire network to crash. If nothingproves to be wrong with this device upon analysis, compare the two hosts andfind the reason for their conflict. By resolving this conflict, you will be able toreconnect both stations into the network and it will still function normally (seeFigure 14-18).

FIGURE 14-15

The network

without the C

and D subnet-

works.

FIGURE 14-16

The C network

segment without

the hosts.

FIGURE 14-17

The C network

segment without

one host.

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1


18/24

438


Software Tools

Along with the processes described previously, software tools are available forthe network administrator to use to solve network connectivity problems.These tools can help in LAN troubleshooting, but they are especially helpful ina WAN troubleshooting situation.

We will look at the commands that are available to a network administratorin most client software packages. These commands include ping, tracert(traceroute), telnet, netstat, ARP, and IPconfig (WinIPcfg).

ping

ping sends ICMP echo packets to verify connections to a remote host. The out-

put in Figure 14-19 displays whether the ping is successful. The output showsthe number of packets responded to and the return time of the echo.

FIGURE 14-18

The complete

functioning

network.

FIGURE 14-19

ping output.

D2 D3 D4 D5 D6

C1

D1S0 S1

B2 B3 B4 B5 B6

A2 A3 A4 A5 A6 C2 C3 C4 C5 C6

A1

B1



Reply from 127.0.0.1: bytes=32 time=1ms TTL=128Reply from 127.0.0.1: bytes=32 time


19/24


439ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-r count] destination

tracert (traceroute)

tracert (traceroute) shows the route that a packet took to reach its destination.The output in Figure 14-20 shows the trace command.

-t ping until interrupted

-a Resolves hostname and ping address

-n Resolves hostname and ping address

-l Specifies length; send specified size echo packets

-f Issues the DO NOT FRAGMENT command to gateways

-i Here, ttl sets the TTL field

-r Here, countrecords the route of the outgoing and returningpackets

destination Specifies the remote host to ping, by domain name or by IPaddress

FIGURE 14-20

tracert output.

C:\WINDOWS>tracert 192.31.7.130

Tracing route to CISCO.com [192.31.7.1301]

over a maximum of 30 hops:

1 1 ms


20/24

440


tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

telnet

This is a terminal emulation program that enables you to run interactive com-mands on the Telnet server. Until a connection is established, no data will pass;if the connection breaks, telnet will inform you. This is good for testing loginconfiguration parameters to a remote host (see Figure 14-21).

netstat

netstat displays protocol statistics and current TCP/IP network connections(see Figure 14-22).

-d Specifies that IP addresses shouldnt be resolved to host names

-h max_hopsGives the maximum number of hops searched

-j host-listSpecifies the loose source route

-w Specifies the timeout to wait the number of milliseconds specifiedfor each reply

FIGURE 14-21

telnet output.


21/24


441

netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

FIGURE 14-22

netstat output.

-a Displays all connections and listening ports. (Server-side con-nections are normally not shown.)

-e Displays Ethernet statistics. This may be combined with the -soption.

-n Displays addresses and port numbers in numerical form.

-pproto Shows connections for the protocol specified by proto; protomay be tcp or udp. If used with the -s option to display per-protocol statistics, proto may be tcp, udp, or ip.

-r Displays the contents of the routing table.

-s Displays per-protocol statistics. By default, statistics are shownfor TCP, UDP, and IP; the -p option may be used to specify a

subset of the default.

interval Redisplays selected statistics, pausing intervalseconds betweeneach display. Press CTRL+C to stop redisplaying statistics. Ifthis is omitted, netstat will print the current configurationinformation once.

C:\WINDOWS>netstat-a

Active Connections

Prothocal Address Foreign AddressState

TCP matc-tag--:80 MATCNT:0 LISTENING






TCP matc-tag--:nbsession MATCNT:0 LISTENING

UDP matc-tag--:1028 *:*

UDP matc-tag--:nbname *:*

UDP matc-tag--:nbdatagram *:*

C:\WINDOWS>netstat-e

Interface Statistics

Received Sent

Bytes 4599931 364384056

Unicast packets 348078 57374

Non-unicast packets 109119 4774

Discards 0 0

Errors 0 0

Unknown protocols 989407


22/24

442


ARP

ARP gathers hardware addresses of local hosts and the default gateway. Youcan view the ARP cache and check for invalid or duplicate entries (see Figure14-23).

arp -a [inet_addr] [-N [if_addr]]

arp -d inet_addr[if_addr]

arp -s inet_addr ether_addr[if_addr]

IPconfig (Windows NT)/WinIPcfg (Windows 95/98)

These Windows utilities display IP addressing information for the localnetwork adapter(s) or a specified NIC (see Figure 14-24).

ipconfig [/all | /renew [adapter] | /release [adapter]]

FIGURE 14-23

ARP.

-a or -g Displays the current contents of the ARP cache

-d Deletes the entry specified by inet_addr

-s Adds a static entry to the cache

-N Displays the ARP entries for the specified physical address

inet_addr Gives the IP address, in dotted decimal formatif_addr Gives the IP address whose cache should be modified

ether_addr Shows the MAC address in hex separated by hyphens

/all Shows all information about adapter(s)

/renew Renews DHCP lease information for all local adapters if noneis named

/release Releases DHCP lease information disabling TCP/IP on thisadapter

C:\WINDOWS>arp-a

Interface: 198.150.221.107 on Interface 0x2000002

Internet Address Physical Address Type

198.150.221.254 00-10-2f-0b-44-00 dynamic


23/24

Summary

443

These are the tools that enable a network administrator to remotely monitorand control the network. It is important to implement the proper securitywhen using SNMP and RMON so that the network is not violated.

Summary

Now that you have completed this chapter, you should understand thefollowing:

The administrative side of network management How to establish the boundaries of the network

Costs of a network

Error report documentation

How to monitor the network

Connection monitoring

Traffic monitoring

SKILL BUILDER

AUX Dial-Up

This lab focuses on the Frame Relay Packet Switching Protocol for connectingdevices on a wide-area network (WAN).

FIGURE 14-24

WinIPcfg.


24/24

444


Simple Network Management Protocol

Remote Monitoring (RMON)

Troubleshooting methods

Software tools for troubleshooting

Washington School District Project Task:

Finishing the TCS

In this chapter, you learned about network management techniques that canhelp you run the individual school site LANs and the overall WashingtonSchool District WAN.

You now need to complete all TCS LAN and WAN tasks from Semesters 3 and4. You should finish your Web-based portfolio solution to the TCS. You canuse this as part of an electronic resume on a CD or a Web site to show youraccomplishments. Be sure that you have completed the following tasks:

WAN requirements document

WAN physical topology

WAN logical topology, including IP addressing scheme

WAN electronics WAN media

PPP implementation

ISDN implementation

Frame Relay implementation

Traffic flow and routing update analysis

WAN pros and cons

Network Management - Cisco2

Documents

Transcript of Network Management - Cisco2