CCNP ENCOR 350-401 Exam Cram Notes

IV. Network Assurance

1.Diagnose network problems using tools such as debugs, conditional debugs, trace route,ping, SNMP, and syslog.

This is a syslog config command, where you want to collect the logs related to the trap level you configured via this command.

Trap level is nothing but the severity level, and lower the trap level/number higher the severity.

Trap Level Severity
1 Alert
2 Critical
3 Error
4 Warning
5 Notificational
6 Informational
7 Debugging

Now if you configure this command: "# logging trap 3" then it means that logging is enabled for level 3 and lower (i.e. 3, 2, 1 & 0), in other words severity from "Error" ( trap level-3) to "Emergency" (trap level-0) is logged.

Note that by default logging is enabled.

From the show logging command output, we can interpret that the router has the following logging configuration:

1. Syslog logging and is sending it to host,

2. In addition, console logging is at the debugging level, and

3. The setting for local buffered logging is 1048576 bytes.

Cisco routers log messages can handle in five different ways:

Console logging:By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.

Terminal logging:It is similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default.

Use the following commands to collect the Syslog messages when you are connected to an SSH terminal.

CertExamsR1#terminal monitor

Buffered logging:This type of logging uses router's RAM for storing log messages. buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router accomplishes this by deleting old messages from the buffer as new messages are added. Use the following commands to store the Syslog messages in Cisco Router's / Switch's memory. "4048" is the size of memory allocated to store Syslog messages and "0" is the severity level.

CertExamsR1#configure terminal
CertExamsR1(config)#logging buffered 4048 0

Syslog Server logging : The router can use syslog to forward log messages to external syslog servers for storage. This is considered to be the best best practice as there is no loss of data (huge storage capacities) and there is no overload on the router or switch as in the case of buffered logging. A syslog server also provides for centralized logging for all network devices. Use the following commands to send Syslog messages to a Syslog server, configured at

CertExamsR1#configure terminal

SNMP trap logging:The router can send syslog message to an external SNMP server. This is accomplished using SNMP trap.

Security Model Security Level Authentication Encryption Type
SNMPv1 noAuthNoPriv Community string None
SNMPv2c noAuthNoPriv Community string None
SNMPv3 noAuthNoPriv User name None
AuthNoPriv MD5 or SHA None
authPriv MD5 or SHA CBC-DES (DES-56)

Internet Protocol (IP) networks use managing devices such as Simple Network Management Protocol (SNMP) to monitor network attached devices. In a computer network, a group of devices are attached, and they are managed and monitored by a manager. An agent, which is a software module in a managed device, reports information through the SNMP to the manager which has a Network Management System (NMS) that executes the applications that monitor and control managed devices.

There are seven SNMP protocol data units (PDU):

1. GetRequest - request to retrieve the value of a variable from the manager to the agent.

2. SetRequest - request to change the value of a variable from the manager to the agent.

3. GetNextRequest - request to find variables from the manager to the agent.

4. GetBulkRequest - enhanced version of GetNextRequest.

5. Response - reply from the agent to the manager through the return of variables.

6. Trap - simultaneous message from the agent to the manager.

7. InformRequest - simultaneous messages between managers.

There are three versions of SNMP:

1. SNMPv1, which is the network management protocol being used by the Internet.

2. SNMPv2, which is a revised version of the SNMPv1. It contains improvements in performance, confidentiality, security, and communications between managers. Its party-based security system is very complex, though, and has to be revised in order to be able to use it with the SNMPv1.

3. SNMPv3, which has added cryptographic security and new concepts, terminology, remote configuration enhancements, and textual conventions.

The main difference between SNMP v3 and v2 (or v1) is that the v3 version addresses the security and privacy issues. For example, in SNMP v2, passwords are transmitted in plain text, whereas v3 uses encryption.

The advantages are given below, in brief:

1. Authentication

2. Privacy

3. Authorization and Access Control

4. Remote configuration and administration capabilities

2. Configure and verify NetFlow and Flexible NetFlow

NetFlow has two components that must be configured: NetFlow Data Capture and NetFlow Data Export. NetFlow Data Capture captures the traffic statistics. NetFlow Data Export exports the statistical data to a NetFlow collector, such as Cisco DNA Center or Cisco Prime Infrastructure.

Flexible NetFlow was created to aid in more complex traffic analysis configuration than is possible with traditional NetFlow.

Flexible NetFlow Components

1. Flow Records: Combination of key and non-key fields. There are predefined and user-defined records.

2. Flow Monitors: Applied to the interface to perform network traffic monitoring.

3. Flow Exporters: Exports NetFlow Version 9 data from the Flow Monitor cache to a remote host or NetFlow collector.

4. Flow Samplers: Samples partial NetFlow data rather than analyzing all NetFlow data.

show ip flow interface: shows the interfaces that are configured for NetFlow.

show ip flow export: command, which shows the destination for the NetFlow data to be exported to as well as statistics on the export, including any errors that may arise.

show ip cache flow: command shows the traffic flows that NetFlow is capturing.

show ip interface brief: command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.

3.Configure and verify SPAN/RSPAN/ERSPAN

The following methods are used for implementing Spanning-Tree in a VLAN environment:

1. PVST (Per VLAN Spanning Tree): This is a Cisco proprietary method. Requires Cisco ISL encapsulation. Separate instances of Spanning-Tree are for every VLAN.

2. CST (Common Spanning Tree): This is supported by IEEE802.1Q. Here, A single instance of Spanning Tree runs for all VLANs. BPDU information is exchanged on VLAN1

3. PVST+ (Per VLAN Spanning Tree Plus): This is also a Cisco proprietary method for implementing STP in VLAN environment.

4.Configure and verify IPSLA

Given below are the basic steps involved in configuring ICMP echo-based IP SLA, assuming that you are already in appropriate configuration mode:

1. Begins configuration for an IP SLAs operation and enters IP SLA configuration mode Switch(config)# ip sla 10

2. Defines an ICMP Echo operation and enters IP SLA ICMP Echo configuration mode Switch(config-ip-sla)# icmp-echo

3. Sets the rate at which a specified IP SLAs operation repeats Switch(config-ip-sla-echo)# frequency 300

4. Exits to privileged EXEC mode - Exits to privileged EXEC mode

There are three different types of Switch Port Analyzers:

1. Local SPAN: Mirrors traffic from one or more interface on the switch to one or more interfaces on the same switch

2. Remote SPAN (or RSPAN): RSPAN allows you to monitor traffic from source ports distributed over multiple switches, which means that you can centralize your network capture devices. RSPAN works by mirroring the traffic from the source ports of an RSPAN session onto a VLAN that is dedicated for the RSPAN session. This VLAN is then trunked to other switches, allowing the RSPAN session traffic to be transported across multiple switches. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port.

3. Encapsulated remote SPAN (ERSPAN): Encapsulated Remote SPAN (ERSPAN), as the name says, brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains. ERSPAN is a Cisco proprietary feature

The primary advantage of MST over RSTP (or Cisco's PVSTP+) is that it requires less number of Spanning Tree instances running on a switch network. Several VLANs can be grouped and assigned to an MST instance. Cisco supports a maximum of 16 MSTIs in each region. IST always exists as MSTI number 0, leaving MSTI 1 through 15 available for use. MST must be manually configured on the all switches using CLI or SNMP.

All switches in the same MST regison must have the same VLAN-to-instance mapping to exchange VLAN information.

You need to configure region name, revision number, and VLAN-to-instance mapping on each switch running MST. On enabling MST, all VLANs are mapped to instance 0 by default, MST (802.1s) uses a modified version of RSTP (802.1w). This modified version is incorporated inside of MST and provides a fast convergence time in case of a failure in the network. Note that RSTP that gets enabled with MST is different from Cisco's PVSTP+. The UplinkFast, BackboneFast, and cross-stack UplinkFast features are not supported with the RSTP and MSTP.

Three parameters are required for defining an MST region. These are:

a. The region name

b. Configuration revision number

c. Instance to VLAN mappings

5.Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management

Cisco Digital Network Architecture (DNA) offers centralized, intuitive management that makes it fast and easy to design, provision, and apply policies across your network environment. The Cisco DNA Center GUI provides end-to-end network visibility and uses network insights to optimize network performance and deliver the best user and application experience. Cisco DNA Center allows you to:

Move faster: Provision thousands of devices across your enterprise network. Act fast with centralized management and automate device deployment.

Lower costs: Reduce errors with automation. Policy-driven deployment and onboarding deliver better uptime and improved security.

Reduce risk: Predict problems early. Use actionable insights for optimal performance of your network, devices, and applications

DNA center stores network snapshot for 1 week

The code preview feature can generate a simple code snippet for several programming language so you can quickly add it into your script

Overall Health Summary dashlet contains the following:

1. Network Devices area, which provides the following information:

  • Network Score - Percentage of healthy (good) devices (routers, switches, wireless controllers, and access points) in your overall enterprise.

  • Device Category Health Score - Provides score distribution between device categories: Router, Core, Access , Distribution, Controller and Access Point. The device category score is the percentage of healthy (good) devices in a particular device category.

2. Wired Clients and Wireless Clients area that provides score distribution between wired and wireless clients. The Wired Client score or the Wireless Client score is the percentage of healthy (good) wired or wireless client devices in your overall enterprise.

Previous   Contents   Next

CCNP ENCOR Cram Notes Contents
certexams ad

simulationexams ad