Chapter 9: Device Management Protocols
System Message Logging (Syslog)
Sending Messages in Real Time to Current Users
- デフォルトで全severity出力
Storing Log Messages for Later Review
Router(config)#logging ?
A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
console Set console logging parameters
host Set syslog server IP address and parameters
on Enable logging to all enabled destinations
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling-
buffered
- 本体のRAM
-
console
- console
-
monitor
- vty
- Packet Tracerでは動かない
-
host
- syslogサーバ
- プロダクション環境ではこれ
- severity levelの設定は
trapで行う(後述)
Log Message Format
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up- こういうやつ
Router(config)#service timestamps log datetime msec
Router(config)#interface g0/0/1
Router(config-if)#no shutdown
*3 01, 00:04:03.044: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up-
A timestamp
*3 01, 00:04:03.044:
-
The facility on the router that generated the message
%LINK
-
The severity level
5
-
A mnemonic for the message
CHANGED
-
The description of the message
Interface GigabitEthernet0/0/1, changed state to up
Log Message Severity Levels
| Keyword | Numeral | 分類 |
|---|---|---|
| Emergency | 0 | severe |
| Alert | 1 | severe |
| Critical | 2 | impactful |
| Error | 3 | impactful |
| Warning | 4 | impactful |
| Notification | 5 | normal |
| Informational | 6 | normal |
| Debug | 7 | debug |
-
logging console 4のようにするとコンソールのログ出力をWarning以上(0-4)に絞ることができる- Packet Tracerでは動かなかった
Configuring and Verifying System Logging
Router#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 3 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 3 messages logged, xml disabled,
filtering disabled
Buffer logging: disabled, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 3 message lines loggedThe debug Command and Log Messages
- severity level 7 (debug)は特殊用途
- debugコマンド出力用
Router(config)#interface loopback 0
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#^Z
Router#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/5 ms- icmpメッセージのdebug logが出る
Router#debug ip icmp
ICMP packet debugging is on
Router#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!
ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1
ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1
!
ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1
ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1
!
ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1
ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1
!
ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1
ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms
Router#
ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.1
ICMP: echo reply rcvd, src 172.16.1.1, dst 172.16.1.1
Router#- CPUを食うので気をつける
- 全無効化
Router#no debug all
All possible debugging has been turned offNetwork Time Protocol (NTP)
-
時計を合わせましょうという話
- メッセージを突合しやすくなる
- プロトコルによっては時刻がずれすぎると動作しない
Setting the Time and Timezone
-
TZと時刻を設定できる
- サマータイムとかも
Router(config)#clock timezone GST 9
Router(config)#^ZRouter#clock set 19:28:00 28 June 2020
Router#show clock
4:28:3.880 GST Mon Jun 29 2020Router(config)#clock timezone JST 0
Router(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#show clock
19:28:25.31 JST Sun Jun 28 2020Basic NTP Configuration
| command | as an NTP client | as an NTP master |
|---|---|---|
ntp master |
x | o |
ntp server |
o | o |
-
ntp serverはNTPサーバ/クライアント兼任するので、数珠つなぎできる- Stratum 3,4,…
R1(config)#interface g0/0/0
R1(config-if)#ip address 10.0.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ntp master 2
R1(config)#endR2(config)#interface g0/0/0
R2(config-if)#ip address 10.0.0.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
R2(config-if)#exit
R2(config)#ntp server 10.0.0.1- 定期的に時刻同期する
R2#debug ntp packets
NTP packets debugging is on
R2#6 28 19:41:24.418: NTP: xmit packet to 10.0.0.1
6 28 19:41:40.496: NTP: xmit packet to 10.0.0.1
6 28 19:41:56.560: NTP: xmit packet to 10.0.0.1
6 28 19:42:12.633: NTP: xmit packet to 10.0.0.1
6 28 19:42:28.751: NTP: xmit packet to 10.0.0.1
6 28 19:42:44.856: NTP: xmit packet to 10.0.0.1
6 28 19:43:00.932: NTP: xmit packet to 10.0.0.1
6 28 19:43:17.014: NTP: xmit packet to 10.0.0.1NTP Reference Clock and Stratum
-
stratumの話
- NTPの仕様的にNTPサーバには15までしか設定できないので注意
R1#show ntp status
Clock is synchronized, stratum 2, reference is 127.127.1.1
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is 0C6E07DE.00000302 (20:30:22.770 UTC 日 6 28 2020)
clock offset is 0.00 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.48 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 6, last update was 18 sec ago.R1#show ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.1.1 .LOCL. 1 11 64 377 0.00 0.00 0.48
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configuredRedundant NTP Configuration
ntp server time-a-b-nist.cov
ntp server time-a-g-nist.cov
ntp master- インターネット上のNTPサーバーの接続が絶たれたらinternal clockにフェイルオーバーして自身がNTPサーバーになる
NTP Using a Loopback Interface for Better Availability
-
経路を冗長化しているとき、特定の物理interfaceのIPアドレスを設定すべきでない
- そのrouterに到達可能でも、そのinterfaceがdownになったらNTPの同期がとれなってしまうため
-
こういうときはloopback interfaceを用いる
- routerが生きていて、かつ明示的にshutdownしない限り常にup/upな論理interface
- OSPFのRIDに使ったりもした
- サーバの設定
R1(config)#interface loopback 0
R1(config-if)#ip address 1.2.3.4 255.255.255.255
R1(config-if)#exit
R1(config)#ntp source loopback 0ntp source <interface>はPacket Tracerで動作しなかった- routing確認
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.2.3.4/32 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly connected, GigabitEthernet0/0/0
L 10.0.0.1/32 is directly connected, GigabitEthernet0/0/0これ:
C 1.2.3.4/32 is directly connected, Loopback0- どの物理interfaceから入ってきたかによらず、このrouterにさえ到達できれば疎通できるIPアドレス
-
クライアント側も設定
- しかるべきrouting設定をしてあること
R2(config)#ntp server 1.2.3.4Analyzing Topology Using CDP and LLDP
Examining Information Learned by CDP
- Cisco Discovery Protocol
- Cisco独自の隣接ノード探索プロトコル
-
やりとりできる情報
- Device identifier
- ホスト名など
- Address list
- Port identifier
- Capabilities list
- routerかswitchか、など
- Platform
- モデル、OSレベルなど
R2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Gig 0/0/0 126 R ISR4300 Gig 0/0/0R2#show cdp neighbors detail
Device ID: R1
Entry address(es):
IP address : 10.0.0.1
Platform: cisco ISR4300, Capabilities: Router
Interface: GigabitEthernet0/0/0, Port ID (outgoing port): GigabitEthernet0/0/0
Holdtime: 152
Version :
Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 04:33 by mcpre
advertisement version: 2
Duplex: full- hostname指定可能
R2#show cdp entry R1
Device ID: R1
Entry address(es):
IP address : 10.0.0.1
Platform: cisco ISR4300, Capabilities: Router
Interface: GigabitEthernet0/0/0, Port ID (outgoing port): GigabitEthernet0/0/0
Holdtime: 133
Version :
Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 04:33 by mcpre
advertisement version: 2
Duplex: fullConfiguring and Verifying CDP
- グローバルで有効/無効化設定できる(
run)
R2(config)#cdp ?
run Enable CDP-
interfaceごとに設定上書きできる(
enable)- 送信/受信個別の設定はできない (cf. lldpはできる)
R2(config-if)#cdp ?
enable Enable CDP on interface- CDP自体の有効/無効の確認、update/holdtime timerの確認
R2#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled- 個々のinterfaceについて確認
R2#show cdp interface ?
Ethernet IEEE 802.3
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Serial Serial
<cr>
R2#show cdp interface g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds- トラフィックの統計情報を確認できるらしいがPacket Tracerで動作せず:
R2#show cdp trafficExamining Information Learned by LLDP
- Link Layer Discovery Protocol
-
IEEE802.1AB標準
- cf. CDPはCisco独自
- デフォルト無効
R2#show lldp neighbors
% LLDP is not enabled- 有効化
R2(config)#lldp run
R2(config)#^ZR2#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
R1 Gig0/0/0 120 R Gig0/0/0- CDPとの比較
R2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Gig 0/0/0 137 R ISR4300 Gig 0/0/0-
LLDPをCDPと比較したときの特徴
- platform情報がない
- capability codesが異なる
B(bridge) … L2SW台頭前のportが数個しかないやつ
R2#show lldp neighbors detail
------------------------------------------------
Chassis id: 0030.A33D.4801
Port id: Gig0/0/0
Port Description: GigabitEthernet0/0/0
System Name: R1
System Description:
Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 04:33 by mcpre
Time remaining: 90 seconds
System Capabilities: R
Enabled Capabilities: R
Management Addresses - not advertised
Auto Negotiation - supported, enabled
Physical media capabilities:
1000baseT(FD)
Media Attachment Unit type: 10
Vlan ID: 1
Total entries displayed: 1show lldp entry <hostname>で特定のhostの情報だけ取得できるはずだが、Packet Tracerで動作せず
Configuring and Verifying LLDP
- グローバルコンフィグで有効/無効化できる(
run)
R2(config)#lldp ?
run Enable LLDP- ほか、interfaceごとに受信(
receive)/送信(transmit)の有効/無効化ができる
R2(config)#int g0/0/0
R2(config-if)#lldp ?
receive Enable LLDP reception on interface
transmit Enable LLDP transmission on interface- グローバル設定確認
R2#show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 secondsshow lldp interface <interface>でインタフェースごとの設定確認もできるはずだがPacket Tracerでは動作せずshow lldp trafficで統計情報を確認できるはずだが、やはりPacket Tracerでは動作せず
英語
-
by virtue of
- おかげで