CCNA試験対策 下巻ch9: Device Management Protocols
https://www.ciscopress.com/store/ccna-200-301-official-cert-guide-volume-2-9781587147135www.ciscopress.com
- System Message Logging (Syslog)
- Network Time Protocol (NTP)
- Analyzing Topology Using CDP and LLDP
- 英語
Chapter 9: Device Management Protocols
System Message Logging (Syslog)
Sending Messages in Real Time to Current Users
- デフォルトで全severity出力
Storing Log Messages for Later Review
Router(config)#logging ? A.B.C.D IP address of the logging host buffered Set buffered logging parameters console Set console logging parameters host Set syslog server IP address and parameters on Enable logging to all enabled destinations trap Set syslog server logging level userinfo Enable logging of user info on privileged mode enabling
- buffered
- 本体のRAM
- console
- console
- monitor
- vty
- Packet Tracerでは動かない
- vty
- host
- syslogサーバ
- プロダクション環境ではこれ
- severity levelの設定は
trap
で行う(後述)
Log Message Format
Router(config-if)#no shutdown %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up
- こういうやつ
Router(config)#service timestamps log datetime msec Router(config)#interface g0/0/1 Router(config-if)#no shutdown *3 01, 00:04:03.044: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up
- A timestamp
*3 01, 00:04:03.044:
- The facility on the router that generated the message
%LINK
- The severity level
5
- A mnemonic for the message
CHANGED
- The description of the message
Interface GigabitEthernet0/0/1, changed state to up
Log Message Severity Levels
Keyword | Numeral | 分類 |
---|---|---|
Emergency | 0 | severe |
Alert | 1 | severe |
Critical | 2 | impactful |
Error | 3 | impactful |
Warning | 4 | impactful |
Notification | 5 | normal |
Informational | 6 | normal |
Debug | 7 | debug |
logging console 4
のようにするとコンソールのログ出力をWarning以上(0-4)に絞ることができる- Packet Tracerでは動かなかった
Configuring and Verifying System Logging
Router#show logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: level debugging, 3 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 3 messages logged, xml disabled, filtering disabled Buffer logging: disabled, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. ESM: 0 messages dropped Trap logging: level informational, 3 message lines logged
The debug Command and Log Messages
- severity level 7 (debug)は特殊用途
- debugコマンド出力用
Router(config)#interface loopback 0 Router(config-if)#ip address 172.16.1.1 255.255.255.0 Router(config-if)#^Z Router#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/5 ms
- icmpメッセージのdebug logが出る
Router#debug ip icmp ICMP packet debugging is on Router#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ! ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1 ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1 ! ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1 ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1 ! ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1 ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1 ! ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1 ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1 ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms Router# ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1 ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1 Router#
- CPUを食うので気をつける
- 全無効化
Router#no debug all All possible debugging has been turned off
Network Time Protocol (NTP)
- 時計を合わせましょうという話
- メッセージを突合しやすくなる
- プロトコルによっては時刻がずれすぎると動作しない
Setting the Time and Timezone
- TZと時刻を設定できる
- サマータイムとかも
Router(config)#clock timezone GST 9 Router(config)#^Z
Router#clock set 19:28:00 28 June 2020 Router#show clock 4:28:3.880 GST Mon Jun 29 2020
Router(config)#clock timezone JST 0 Router(config)#^Z %SYS-5-CONFIG_I: Configured from console by console Router#show clock 19:28:25.31 JST Sun Jun 28 2020
Basic NTP Configuration
command | as an NTP client | as an NTP master |
---|---|---|
ntp master |
x | o |
ntp server |
o | o |
ntp server
はNTPサーバ/クライアント兼任するので、数珠つなぎできる- Stratum 3,4,...
R1(config)#interface g0/0/0 R1(config-if)#ip address 10.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ntp master 2 R1(config)#end
R2(config)#interface g0/0/0 R2(config-if)#ip address 10.0.0.2 255.255.255.0 R2(config-if)#no shutdown R2(config-if)# R2(config-if)#exit R2(config)#ntp server 10.0.0.1
- 定期的に時刻同期する
R2#debug ntp packets NTP packets debugging is on R2#6 28 19:41:24.418: NTP: xmit packet to 10.0.0.1 6 28 19:41:40.496: NTP: xmit packet to 10.0.0.1 6 28 19:41:56.560: NTP: xmit packet to 10.0.0.1 6 28 19:42:12.633: NTP: xmit packet to 10.0.0.1 6 28 19:42:28.751: NTP: xmit packet to 10.0.0.1 6 28 19:42:44.856: NTP: xmit packet to 10.0.0.1 6 28 19:43:00.932: NTP: xmit packet to 10.0.0.1 6 28 19:43:17.014: NTP: xmit packet to 10.0.0.1
NTP Reference Clock and Stratum
- stratumの話
- NTPの仕様的にNTPサーバには15までしか設定できないので注意
R1#show ntp status Clock is synchronized, stratum 2, reference is 127.127.1.1 nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24 reference time is 0C6E07DE.00000302 (20:30:22.770 UTC 日 6 28 2020) clock offset is 0.00 msec, root delay is 0.00 msec root dispersion is 0.00 msec, peer dispersion is 0.48 msec. loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 6, last update was 18 sec ago.
R1#show ntp associations address ref clock st when poll reach delay offset disp *~127.127.1.1 .LOCL. 1 11 64 377 0.00 0.00 0.48 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
Redundant NTP Configuration
ntp server time-a-b-nist.cov ntp server time-a-g-nist.cov ntp master
- インターネット上のNTPサーバーの接続が絶たれたらinternal clockにフェイルオーバーして自身がNTPサーバーになる
NTP Using a Loopback Interface for Better Availability
- 経路を冗長化しているとき、特定の物理interfaceのIPアドレスを設定すべきでない
- そのrouterに到達可能でも、そのinterfaceがdownになったらNTPの同期がとれなってしまうため
- こういうときはloopback interfaceを用いる
- routerが生きていて、かつ明示的にshutdownしない限り常にup/upな論理interface
- OSPFのRIDに使ったりもした
- サーバの設定
R1(config)#interface loopback 0 R1(config-if)#ip address 1.2.3.4 255.255.255.255 R1(config-if)#exit R1(config)#ntp source loopback 0
ntp source <interface>
はPacket Tracerで動作しなかった- routing確認
R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.2.3.4/32 is directly connected, Loopback0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.0/24 is directly connected, GigabitEthernet0/0/0 L 10.0.0.1/32 is directly connected, GigabitEthernet0/0/0
これ:
C 1.2.3.4/32 is directly connected, Loopback0
- どの物理interfaceから入ってきたかによらず、このrouterにさえ到達できれば疎通できるIPアドレス
- クライアント側も設定
- しかるべきrouting設定をしてあること
R2(config)#ntp server 1.2.3.4
Analyzing Topology Using CDP and LLDP
Examining Information Learned by CDP
- Cisco Discovery Protocol
- Cisco独自の隣接ノード探索プロトコル
- やりとりできる情報
- Device identifier
- ホスト名など
- Address list
- Port identifier
- Capabilities list
- routerかswitchか、など
- Platform
- モデル、OSレベルなど
- Device identifier
R2#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID R1 Gig 0/0/0 126 R ISR4300 Gig 0/0/0
R2#show cdp neighbors detail Device ID: R1 Entry address(es): IP address : 10.0.0.1 Platform: cisco ISR4300, Capabilities: Router Interface: GigabitEthernet0/0/0, Port ID (outgoing port): GigabitEthernet0/0/0 Holdtime: 152 Version : Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Sun 08-Jul-18 04:33 by mcpre advertisement version: 2 Duplex: full
- hostname指定可能
R2#show cdp entry R1 Device ID: R1 Entry address(es): IP address : 10.0.0.1 Platform: cisco ISR4300, Capabilities: Router Interface: GigabitEthernet0/0/0, Port ID (outgoing port): GigabitEthernet0/0/0 Holdtime: 133 Version : Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Sun 08-Jul-18 04:33 by mcpre advertisement version: 2 Duplex: full
Configuring and Verifying CDP
- グローバルで有効/無効化設定できる(
run
)
R2(config)#cdp ? run Enable CDP
- interfaceごとに設定上書きできる(
enable
)- 送信/受信個別の設定はできない (cf. lldpはできる)
R2(config-if)#cdp ? enable Enable CDP on interface
- CDP自体の有効/無効の確認、update/holdtime timerの確認
R2#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled
- 個々のinterfaceについて確認
R2#show cdp interface ? Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z Serial Serial <cr> R2#show cdp interface g0/0/0 GigabitEthernet0/0/0 is up, line protocol is up Sending CDP packets every 60 seconds Holdtime is 180 seconds
- トラフィックの統計情報を確認できるらしいがPacket Tracerで動作せず:
R2#show cdp traffic
Examining Information Learned by LLDP
R2#show lldp neighbors % LLDP is not enabled
- 有効化
R2(config)#lldp run R2(config)#^Z
R2#show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID R1 Gig0/0/0 120 R Gig0/0/0
- CDPとの比較
R2#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID R1 Gig 0/0/0 137 R ISR4300 Gig 0/0/0
- LLDPをCDPと比較したときの特徴
- platform情報がない
- capability codesが異なる
B
(bridge) ... L2SW台頭前のportが数個しかないやつ
R2#show lldp neighbors detail ------------------------------------------------ Chassis id: 0030.A33D.4801 Port id: Gig0/0/0 Port Description: GigabitEthernet0/0/0 System Name: R1 System Description: Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Sun 08-Jul-18 04:33 by mcpre Time remaining: 90 seconds System Capabilities: R Enabled Capabilities: R Management Addresses - not advertised Auto Negotiation - supported, enabled Physical media capabilities: 1000baseT(FD) Media Attachment Unit type: 10 Vlan ID: 1 Total entries displayed: 1
show lldp entry <hostname>
で特定のhostの情報だけ取得できるはずだが、Packet Tracerで動作せず
Configuring and Verifying LLDP
- グローバルコンフィグで有効/無効化できる(
run
)
R2(config)#lldp ? run Enable LLDP
- ほか、interfaceごとに受信(
receive
)/送信(transmit
)の有効/無効化ができる
R2(config)#int g0/0/0 R2(config-if)#lldp ? receive Enable LLDP reception on interface transmit Enable LLDP transmission on interface
- グローバル設定確認
R2#show lldp Global LLDP Information: Status: ACTIVE LLDP advertisements are sent every 30 seconds LLDP hold time advertised is 120 seconds LLDP interface reinitialisation delay is 2 seconds
show lldp interface <interface>
でインタフェースごとの設定確認もできるはずだがPacket Tracerでは動作せずshow lldp traffic
で統計情報を確認できるはずだが、やはりPacket Tracerでは動作せず
英語
- by virtue of
- おかげで