Configure and Verify Device Management

8/26/2019 Print content
Interconnecting Cisco Networking Devices (ICND1 v3.0)
Configure and Verify Device Management
Introduction
Exercise 1 - Configuring Device Monitoring
Exercise 2 - Backup and Restore Configurations
Exercise 3 - Configuring and Understanding CDP and LLDP
Summary
Introduction
The Configure and Verify Device Management module provides you with the
instructions and Cisco hardware to develop your hands on skills in managing Cisco
devices and configuring key network services. This module includes exercises that will
cover the following topics:
Configuring device monitoring features

Backing up and restoring device configurations
Configuring and understanding device discovery protocols
Lab Diagram
During your session, you will have access to the following lab configuration. Depending
on the exercises you may or may not use all of the devices, but they are shown here in the
layout to get an overall understanding of the topology of the lab.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/24
Connecting to your Lab
In this module, you will be working on the following equipment to carry out the steps
defined in each exercise.
NYEDGE1
NYCORE1
PLABCSCO01
To start, simply choose a device and click Power on. In some cases, the devices may
power on automatically.
For further information and technical support, please see our Help and Support
page.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2016. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the
following:
1. You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2. You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express written
permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any
other website or other form of electronic retrieval system.
Exercise 1 - Configuring Device Monitoring

Routers and switches have a small log buffer by default where they store syslog messages.
The size of the buffer can be increased. However, it is not considered good practice to
store thousands of log entries on the device itself. Increasing the buffer size somewhat
from the default is quite useful. Still, it is more practical to have log entries to go to a
dedicated logging server that has large storage space such that you can view events that
have happened on a device over a long period of time.
Configuring a syslog server is straightforward. You will use PLABCSCO01 as the server
to which logs will be sent, and you will configure NYEDGE1 to function as the log
source.
Before you begin, make sure the PLABCSCO01 has been powered on.
Step 1
In this step, you will configure a syslog server on PLABCSCO01. On the desktop of the
server, there is an icon labeled TFTP. Double-click this icon to open the software:
Figure 1.1 Configure a Syslog server: The TFTP software icon can be seen on the
desktop.
Once the software is open, ensure the Server interface IP address is 192.168.16.10
and then click the Syslog server tab:
Figure 1.2 Configure a Syslog server: The syslog server software is now running.
Here you can see the window is empty as there are no log entries. Leave this software up
and running and go back to the command line interface of NYEDGE1.
Step 2
On NYEDGE1 configure the logging server to be 192.168.16.10. This is the IP address
of the PLABCSCO01 server:
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with
CNTL/Z.
NYEDGE1(config)#logging 192.168.16.10
NYEDGE1(config)#
Sep 10 11:11:53.467: %SYS-6-LOGGINGHOST_STARTSTOP: Logging
to host 192.168.16.10 port 514 started - CLI initiated

NYEDGE1(config)#
Step 3
Go back to PLABCSCO01. You should see the first log entry as shown below:
Figure 1.3 Configure a Syslog server: The first syslog message has been sent to
the syslog server.
Step 4
Return to the NYEDGE1 command line interface. Press CTRL+Z, and after a few
seconds, you should see a log message appear on the CLI stating that a configuration
change has been made. This same log message should also appear on the Syslog server:
Figure 1.4 Configure a Syslog server: Additional syslog messages are sent to the
syslog server.
Experiment with additional changes to the NYEDGE1 router and see the resulting log
messages that are sent to the syslog server.
Step 5
As mentioned before, the router maintains a logging buffer that stores the most recent
syslog messages. You can view these messages by issuing the following command:
NYEDGE1#show logging
Syslog logging: enabled (0 messages dropped, 3 messages
rate-limited, 0 flushes, 0 overruns, xml disabled,
filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.

Console logging: level debugging, 36 messages logged, xml
disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml
disabled,
filtering disabled
Buffer logging: level debugging, 36 messages logged, xml
disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 39 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (8192 bytes):
*Jan 2 00:00:04.959: %IOS_LICENSE_IMAGE_APPLICATION-6-
LICENSE_LEVEL: Module name = c2900 Next reboot level =
ipbasek9 and License = ipbasek9
securityk9 and License = securityk9
datak9 and License = d
atak9
*Oct 3 06:01:22.247: c3600_scp_set_dstaddr2_idb(184)add =
80 name is Embedded-Service-Engine0/0
!<-- Output Omitted -->
*Oct 3 06:01:44.391: %LINEPROTO-5-UPDOWN: Line protocol on
Interface GigabitEthernet0/1, changed state to up
Interface GigabitEthernet0/2, changed state to down
Interface Serial0/0/0, changed state to down
Interface Serial0/0/1, changed state to down

*Oct 3 06:01:45.259: %SYS-6-STARTUP_CONFIG_IGNORED: System
startup configuration is ignored based on the configuration
register set
NYEDGE1#
The output can be extensive. Only an excerpt is included above. Scroll through the output
and determine the size of the Log Buffer. The above output indicates a buffer size of
8192 bytes. You can see several types of messages such as those pertaining to IOS
Licensing, Line Protocol, Crypto as well as information about the Startup Config.
Step 6
You can increase the logging buffer size to store more syslog messages. Keep in mind that
if you have a syslog server, these messages are also sent and stored there for future
reference. The logging buffer is only a matter of convenience.
Change the buffer size to twice its current value that is, 16384 using the following
commands:
CNTL/Z.
NYEDGE1(config)#logging buffer 16384
NYEDGE1(config)#exit
NYEDGE1#
Step 7
Examine the logging buffer size again to verify your changes:
NYEDGE1#show logging
Syslog logging: enabled (0 messages dropped, 3 messages
rate-limited, 0 flushes, 0 overruns, xml disabled,
filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 36 messages logged, xml
disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml
disabled,
filtering disabled
Buffer logging: level debugging, 36 messages logged, xml
disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 42 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (16384 bytes):
!<-- Output Omitted -->
NYEDGE1#
The buffer size has changed.
Step 8
Examine additional options that the logging buffer command gives you by using the
context-sensitive help with the character “?.” Type the following commands to do so:
CNTL/Z.
NYEDGE1(config)#logging buffer ?
<0-7> Logging severity level
<4096-2147483647> Logging buffer size
alerts Immediate action needed
(severity=1)
critical Critical conditions
(severity=2)
debugging Debugging messages
(severity=7)
discriminator Establish MD-Buffer association
emergencies System is unusable
(severity=0)
errors Error conditions
(severity=3)
filtered Enable filtered logging
informational Informational messages
(severity=6)
notifications Normal but significant conditions
(severity=5)
warnings Warning conditions
(severity=4)
xml Enable logging in XML to XML logging
buffer
NYEDGE1#exit
You can choose which types of syslog messages will be included in the buffer based on
their severity. The default configuration is severity level 7, that is, level 7 and all lower
levels.
You have completed configuring the syslog on the router. Close the syslog server
application on PLABCSCO01 and continue on to the next exercise.
Exercise 2 - Backup and Restore Configurations

When configuring a Cisco device, it is always good practice to make backups of its
configuration on a regular basis. This can be configured automatically, or it can be done
manually.
In this exercise, you will manually back up the configuration of the NYEDGE1 router to
a TFTP server on PLABCSCO01. You will then restore it to the NYEDGE1 router.
Task 1 - Backup Running Configuration
Step 1
Start by connecting to the PLABCSCO01 server and activating the TFTP server.
Double-click on the desktop icon labeled TFTP.
Figure 1.4 Backing up and restoring configuration: The TFTP server on

PLABCSCO01 is running.
Step 2
Next, connect to NYEDGE1 router and copy the running configuration to the TFTP
server. The IP address of PLABCSCO01 which is running the TFTP server is
192.168.16.10. To do this, issue the following command. When prompted for the name
of the Destination filename, press Enter to accept the default:
NYEDGE1#copy run tftp

Address or name of remote host []? 192.168.16.10
Destination filename [nyedge1-confg]?
!!
1222 bytes copied in 0.344 secs (3552 bytes/sec)
NYEDGE1#
Each “!” indicates that ten packets have been sent successfully. After the transfer is
complete, you will get a message that informs you of that it was successful.
Alert: Notice that the default filename is nyedge1-confg and not nyedge1-
config.
Note: When managing configuration files, it is important to keep in mind that the
running-config is stored in RAM and is the configuration that is currently in
effect, and the startup-config is the configuration that is loaded and copied to
the running-config when the device boots up. Any changes that are made at any
time will be made to the running-config. To save them to the startup-config
you must issue the command copy running-config startup-config, or simply
write. In this lab you will only be transferring the running-config to the TFTP
server and back. However, the same commands can be implemented on the
startup-config as well.
Step 3
Now you will make a change to the running configuration of NYEDGE1. Specifically,
change the hostname of NYEDGE1 to NYEDGE3. To do this, issue the following
command:
CNTL/Z.
NYEDGE1(config)#hostname NYEDGE3
NYEDGE3#
Notice that the hostname changes immediately.
Step 4
In this step, you will restore the running configuration that you backed up to the TFTP
server. When asked for the Destination filename, enter nyedge1-confg which is the
name you gave to the destination file you uploaded in Step 2:
NYEDGE3#copy tftp running-config

Address or name of remote host []? 192.168.16.10
Source filename []? nyedge1-confg
Destination filename [running-config]?
Accessing tftp://192.168.16.10/nyedge1-confg...
Loading nyedge1-confg from 192.168.16.10 (via
GigabitEthernet0/0): !
[OK - 1222 bytes]
1222 bytes copied in 9.088 secs (134 bytes/sec)
NYEDGE1#
You will see that the hostname changes back to NYEDGE1 immediately as the running
configuration.
Note: In this lab, the TFTP server has no username or password. In a production
environment, this would not be the case. A TFTP server with a username and
password would require the following syntax of the copy command: copy
tftp://username:password@192.168.16.10 running-config. You can also
use the FTP protocol instead of the TFTP protocol by replacing tftp with ftp in all
related commands.
You have successfully backed up and restored your running configuration. Leave the
devices in their current states and continue to the next exercise.
Exercise 3 - Configuring and Understanding CDP

and LLDP
The Cisco Discovery Protocol or CDP is a device discovery protocol that runs over
Layer 2 on all Cisco-manufactured devices. CDP allows network management
applications to automatically discover and learn about other Cisco devices connected to
the network.
To support non-Cisco devices and to allow for interoperability with other devices, the
Link Layer Discovery Protocol or LLDP is used. It is an IEEE standard neighbor
discovery protocol (802.1ab) for network devices to advertise information about
themselves to other devices on the network. This protocol runs over Layer 2 as well and
allows two systems running different network layer protocols to learn about each other.
In this exercise, you will configure both CDP and LLDP and understand how they
function.
Task 1 - Cisco Discovery Protocol
CDP is enabled on all Cisco devices by default.
Step 1
First of all, you will connect to NYCORE1 and issue the following command to view all
of the connected CDP enabled devices:
NYCORE1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source
Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability
Platform Port ID
NYACCESS1 Fas 1/0/22 145 S I
WS-C2960- Fas 0/24
NYEDGE1 Fas 1/0/1 169 R S I
CISCO2911 Gig 0/0
NYCORE2 Fas 1/0/24 144 S I
WS-C3750V Fas 1/0/24
NYCORE2 Fas 1/0/23 144 S I
WS-C3750V Fas 1/0/23
NYCORE1#
The above output shows that there are four devices that have been detected that are
physically connected to NYCORE1 that are running CDP. The following information is
made available via this protocol:
The Device ID or hostname

The local interface on NYCORE1 on which this device is connected
The Holdtime which you will configure shortly
The Capability which is indicated by a Code for which a key is provided at the
beginning of the output
The Platform of the device, including model number
The Port ID on the remote device via which it is connected to NYCORE1
Look at the lab diagram and confirm the ports via which you are connected to these
devices.
Step 2
You can view detailed information about a device by indicating the specific device that
you would like to examine using its Device ID, or hostname. View the detailed CDP
information about the NYEDGE1 router from the NYCORE1 switch using the following
command:
NYCORE1#show cdp entry NYEDGE1

-------------------------
Device ID: NYEDGE1
Entry address(es):
IP address: 192.168.16.1
Platform: Cisco CISCO2911/K9, Capabilities: Router Switch
IGMP
Interface: FastEthernet1/0/1, Port ID (outgoing port):
GigabitEthernet0/0
Holdtime : 156 sec
Version :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M),
Version 15.2(4)M6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 19-Mar-14 19:23 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full
Power Available TLV:
Power request id: 0, Power management id: 0, Power
available: 0, Power management level: 0
Management address(es):
NYCORE1#
Notice how detailed the information about the NYEDGE1 router is. It includes IP
address, IOS version, VTP information and even Power management information.
Step 3
CDP periodically sends CDP packets to update information between devices. It is
possible to adjust the frequency with which these packets are sent. Examine the number
of CDP advertisements that have been sent by the NYCORE1 device to gauge the
amount of traffic that CDP adds to your network. To do this, issue the following
command:
NYCORE1#show cdp traffic

CDP counters :
Total packets output: 615, Input: 466
Hdr syntax: 0, Chksum error: 2, Encaps failed: 0
No memory: 0, Invalid packet: 0,
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 615, Input: 466
NYCORE1#
Step 4
You determine that there are too many CDP advertisements occurring and this is
disrupting your network communications. You can adjust the frequency with which these
advertisements are sent.
When adjusting frequency, there are two values that must be defined: The timer which
is the frequency of the advertisements and the holdtime which defines amount of time a
receiving device should hold the information sent before discarding it.
The default timer value is 60 seconds and the default holdtime value is 180 seconds.
It is recommended that the holdtime always be 3 times the timer. For the purposes of
this lab, you will configure the timer to be 70 seconds and the holdtime to be 210
seconds.
To configure both of these values, issue the following commands:
NYCORE1#configure terminal
CNTL/Z.
NYCORE1(config)#cdp timer 70
NYCORE1(config)#cdp holdtime 210
NYCORE1(config)#exit
NYCORE1#
Step 5
View the CDP neighbors once again:
NYCORE1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source
Route Bridge
S - Switch, H - Host, I - IGMP, r - Repea
ter, P - Phone,
D - Remote, C - CVTA, M - Two-
port Mac Relay
Device ID Local Intrfce Holdtme Capability P

latform Port ID
NYACCESS1 Fas 1/0/22 124 S I W
S-C2960- Fas 0/24
NYEDGE1 Fas 1/0/1 206 R S I C
ISCO2911 Gig 0/0
NYCORE2 Fas 1/0/24 169 S I W
S-C3750V Fas 1/0/24
NYCORE2 Fas 1/0/23 169 S I W
S-C3750V Fas 1/0/23
NYCORE1#
If you repeatedly issue this command, you will see that the Holdtime does reset to
values up to 210 seconds, thus confirming the change in configuration.
Step 6
Issuing the following command will also display the timers that you configured:
NYCORE1#show cdp
Global CDP information:
Sending CDP packets every 70 seconds
Sending a holdtime value of 210 seconds
Sending CDPv2 advertisements is enabled
NYCORE1#
Notice that it also tells you the version of CDP that is being used. In this instance it is
CDPv2.
Step 7
If you choose to, CDP can be disabled on a device. This can be achieved with the
following command:
CNTL/Z.
NYCORE1(config)#no cdp run
NYCORE1(config)#exit
NYCORE1#
Note: Although CDP is very useful, it can lead to network vulnerabilities and
security issues. The easiest and most effective way of mitigating those
vulnerabilities is to shut CDP down completely.
You have completed the section on Cisco Discovery Protocol. Leave the devices in their
current states and continue on to the next section.
Task 2 - Link Layer Discovery Protocol
LLDP is disabled on all Cisco devices by default.
Step 1
First of all, you will connect to NYCORE1 and issue the following command enable
LLDP globally on the device:
CNTL/Z.
NYCORE1(config)#lldp run
NYCORE1(config)#
Step 2
Connect to NYEDGE1 and enable LLDP on this device as well:
CNTL/Z.
NYEDGE1(config)#lldp run
NYEDGE1(config)#
Step 3
Examine the LLDP information on NYEDGE1 by issuing the following two commands
and observing the resulting output:
NYEDGE1#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
NYEDGE1#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable
Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability
Port ID
NYCORE1 Gi0/0 120 B
Fa1/0/1
Total entries displayed: 1
NYEDGE1#
Notice the similarities between LLDP and CDP. Notice also the advertisement and
the hold time timers of 30 and 120 seconds respectively. Notice here the ratio between
these timers is 4 to 1 as opposed to 3 to 1 for CDP.
Note: LLDP has an additional timer called the Interface Reinitialisation Delay.
This is the specific the delay time in seconds for LLDP to initialize on any
interface. The range is 2 to 5 seconds; the default is 2 seconds.
Step 4
To change the advertisement and hold time timers to 45 and 180 respectively on
NYEDGE1 and verify your configuration:
CNTL/Z.
NYEDGE1(config)#lldp timer 45
NYEDGE1(config)#lldp holdtime 180
NYEDGE1#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 45 seconds
LLDP hold time advertised is 180 seconds
LLDP interface reinitialisation delay is 2 seconds
NYEDGE1#
The changes have been verified.
Step 5
Finally, to disable LLDP on NYEDGE1 and verify that it is no longer running:
CNTL/Z.
NYEDGE1(config)#no lldp run
NYEDGE1#show lldp
% LLDP is not enabled
NYEDGE1#
You have successfully completed this exercise and this lab.
Summary
In this module you achieved the following activities:
You configured a syslog server

You configured a Cisco device to send syslog messages to the server
You increased the logging buffer size of a Cisco device to view syslog messages on
the CLI
You backed up and restored the configuration of a Cisco device using an external
TFTP server
You configured CDP and learned how to tweak it
You configured LLDP and learned how it functions

Configure and Verify Device Management

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configure and Verify Device Management

Uploaded by

Copyright:

Available Formats

8/26/2019 Print content

Interconnecting Cisco Networking Devices (ICND1 v3.0)

Configure and Verify Device Management

Configuring device monitoring features

Connecting to your Lab

Exercise 1 - Configuring Device Monitoring

to host 192.168.16.10 port 514 started - CLI initiated

No Inactive Message Discriminator.

Interface Serial0/0/1, changed state to down

The buffer size has changed.

Exercise 2 - Backup and Restore Configurations

Task 1 - Backup Running Configuration

Figure 1.4 Backing up and restoring configuration: The TFTP server on

NYEDGE1#copy run tftp

Notice that the hostname changes immediately.

NYEDGE3#copy tftp running-config

Exercise 3 - Configuring and Understanding CDP

Task 1 - Cisco Discovery Protocol

CDP is enabled on all Cisco devices by default.

NYCORE1#show cdp neighbors

The Device ID or hostname

NYCORE1#show cdp entry NYEDGE1

NYCORE1#show cdp traffic

To configure both of these values, issue the following commands:

NYCORE1#show cdp neighbors

Device ID Local Intrfce Holdtme Capability P

Task 2 - Link Layer Discovery Protocol

LLDP is disabled on all Cisco devices by default.

The changes have been verified.

You have successfully completed this exercise and this lab.

You configured a syslog server

You might also like