Professional Documents
Culture Documents
Introduction to Network
Administration
1
CCNA4 Module 6
Module Overview
The first PCs were designed as standalone desktop systems. The operating
system (OS) software allowed one user at a time to access files and system
resources. The user had physical access to the PC. As PC-based computer
networks gained popularity in the workplace, software companies developed
specialized network operating systems (NOS). Developers designed NOS to
provide file security, user privileges, and resource sharing among multiple users.
The explosive growth of the Internet compelled developers to build the NOS of
today around Internet-related technologies and services like the World Wide Web
(WWW).
Knowledge of different operating systems will ensure that the correct operating
system is selected to offer all the necessary services. UNIX, Linux, Mac OS X,
and several Windows operating systems will be introduced.
Various tools and protocols are available to monitor the network on a local and
remote basis. A comprehensive understanding of these tools is critical to
effective network management.
2
CCNA4 Module 6
6 . 1 . 1 Workstations
A workstation is a client computer that is used to run applications and is
connected to a server from which it obtains data shared with other computers. A
server is a computer that runs a NOS. A workstation uses special software, such
as a network shell program to perform the following tasks:
UNIX or Linux can serve as a desktop operating system but are usually found on
high-end computers. These workstations are employed in engineering and
scientific applications, which require dedicated high-performance computers.
Some of the specific applications that are frequently run on UNIX workstations
are included in the following list:
3
CCNA4 Module 6
Because a diskless workstation does not have any disk drives, it is not possible to
upload data from the workstation or download anything to it. A diskless
workstation cannot pass a virus onto the network, nor can it be used to take data
from the network by copying this information to a disk drive. As a result, diskless
workstations offer greater security than ordinary workstations. For this reason,
such workstations are used in networks where security is paramount.
Laptops can also serve as workstations on a LAN and can be connected through
a docking station, external LAN adapter, or a Personal Computer Memory Card
International Association (PCMCIA) card. A docking station is an add-on device
that turns a laptop into a desktop.
6 . 1 . 2 Servers
In a network operating system environment, many client systems access and
share the resources of one or more servers.
Desktop client systems are equipped with their own memory and peripheral
devices, such as a keyboard, monitor, and a disk drive. Server systems must be
equipped to support multiple concurrent users and multiple tasks as clients make
demands on the server for remote resources.
NOSs have additional network management tools and features that are designed
to support access by large numbers of simultaneous users. On all but the
smallest networks, NOSs are installed on powerful servers. Many users, known as
clients, share these servers. Servers usually have high-capacity, high-speed disk
drives, large amounts of RAM, high-speed NICs, and in some cases, multiple
CPUs. These servers are typically configured to use the Internet family of
protocols, TCP/IP, and offer one or more TCP/IP services.
Servers running NOSs are also used to authenticate users and provide access to
shared resources. These servers are designed to handle requests from many
clients simultaneously. Before a client can access the server resources, the client
must be identified and be authorized to use the resource. Identification and
authorization is achieved by assigning each client an account name and
password. The account name and password are then verified by an
authentication service to permit or deny access to the network. By centralizing
user accounts, security, and access control, server-based networks simplify the
work of network administration.
Servers are typically larger systems than workstations and have additional
memory to support multiple tasks that are active or resident in memory at the
same time. Additional disk space is also required on servers to hold shared files
and to function as an extension to the internal memory on the system. Also,
4
CCNA4 Module 6
servers typically require extra expansion slots on their system boards to connect
shared devices, such as printers and multiple network interfaces.
Since servers function as central repositories of resources that are vital to the
operation of client systems, these servers must be efficient and robust. The term
robust indicates that the server systems are able to function effectively under
heavy loads. It also means the systems are able to survive the failure of one or
more processes or components without experiencing a general system failure.
This objective is met by building redundancy into server systems. Redundancy is
the inclusion of additional hardware components that can take over if other
components fail. Redundancy is a feature of fault tolerant systems that are
designed to survive failures and can be repaired without interruption while the
systems are up and running. Because a NOS depends on the continuous
operation of its server, the extra hardware components justify the additional
expense.
Server applications and functions include web services using Hypertext Transfer
Protocol (HTTP), File Transfer Protocol (FTP), and Domain Name System (DNS).
Standard e-mail protocols supported by network servers include Simple Mail
Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), and Internet Messaging
Access Protocol (IMAP). File sharing protocols include Sun Microsystems Network
File System (NFS) and Microsoft Server Message Block (SMB).
Network servers frequently provide print services. A server may also provide
Dynamic Host Configuration Protocol (DHCP), which automatically allocates IP
addresses to client workstations. In addition to running services for the clients on
the network, servers can be set to act as a basic firewall for the network. This is
accomplished using proxy or Network Address Translation (NAT), both of which
hide internal private network addresses from the Internet.
One server running a NOS may work well when serving only a handful of clients.
But most organizations must deploy several servers in order to achieve
acceptable performance. A typical design separates services so one server is
responsible for e-mail, another server is responsible for file sharing, and another
is responsible for FTP.
6 . 1 . 3 Client-server relationship
The client-server computing model distributes processing over multiple
computers. Distributed processing enables access to remote systems for the
purpose of sharing information and network resources. In a client-server
environment, the client and server share or distribute processing responsibilities.
Most network operating systems are designed around the client-server model to
provide network services to users. A computer on a network can be referred to as
a host, workstation, client, or server. A computer running TCP/IP, whether it is a
workstation or a server, is considered a host computer.
In a typical file server environment, the client might have to retrieve large
portions of the database files to process the files locally. This retrieval of the
6
CCNA4 Module 6
database files can cause excess network traffic. With the client-server model, the
client presents a request to the server, and the server database engine might
process 100,000 records and pass only a few back to the client to satisfy the
request. Servers are typically much more powerful than client computers and are
better suited to processing large amounts of data. With client-server computing,
the large database is stored, and the processing takes place on the server. The
client has to deal only with creating the query. A relatively small amount of data
or results might be passed across the network. This satisfies the client query and
results in less usage of network bandwidth. The graphic shows an example of
client-server computing. Note that the workstation and server normally would be
connected to the LAN by a hub or switch.
6 . 1 . 4 Introduction to NOS
A computer OS is the software foundation on which computer applications and
services run on a workstation. Similarly, a NOS enables communication between
multiple devices and the sharing of resources across a network. A NOS operates
on UNIX, Microsoft Windows NT, or Windows 2000 network servers.
7
CCNA4 Module 6
Performance
A NOS must perform well at reading and writing files across the network between
clients and servers. It must be able to maintain fast performance under heavy
loads, when many clients are making requests. Consistent performance under
heavy demand is an important standard for a NOS.
The management interface on the NOS server provides the tools for server
monitoring, client administration, file, print, and disk storage management. The
management interface provides tools for the installation of new services and the
configuration of those services. Additionally, servers require regular monitoring
and adjustment.
Security
A NOS must protect the shared resources under its control. Security includes
authenticating user access to services to prevent unauthorized access to the
network resources. Security also performs encryption to protect information as it
travels between clients and servers.
Scalability
Robustness/fault tolerance
8
CCNA4 Module 6
Based on the NT kernel, the more recent Windows 2000 has both desktop and
server versions. Windows 2000 supports “plug-and-play” technology, permitting
installation of new devices without the need to restart the system. Windows 2000
also includes a file encryption system for securing data on the hard disk.
Windows 2000 enables objects, such as users and resources, to be placed into
container objects called organizational units (OUs). Administrative authority over
each OU can be delegated to a user or group. This feature allows more specific
control than is possible with Windows NT 4.0.
Windows 2000 Professional is not designed to be a full NOS. It does not provide a
domain controller, DNS server, DHCP server, or render any of the services that
can be deployed with Windows 2000 Server. The primary purpose of Windows
2000 Professional is to be part of a domain as a client-side operating system. The
type of hardware that can be installed on the system is limited. Windows 2000
Professional can provide limited server capabilities for small networks and peer-
to-peer networks. It can be a file server, a print server, an FTP server, and a web
server, but will only support up to ten simultaneous connections.
Windows 2000 Server adds to the features of Windows 2000 Professional many
new server-specific functions. It can also operate as a file, print, web and
application server. The Active Directory Services feature of Windows 2000 Server
serves as the centralized point of management of users, groups, security
services, and network resources. It includes the multipurpose capabilities
9
CCNA4 Module 6
Microsoft has developed Windows .NET server with the ability to provide a secure
and reliable system to run enterprise-level web and FTP sites to compete with
the Linux, UNIX and Novell’s One NET. The Windows .NET Server provides XML
Web Services to companies which run medium to high volume web traffic.
UNIX is the name of a group of operating systems that trace their origins back to
1969 at Bell Labs. Since its inception, UNIX was designed to support multiple
users and multitasking. UNIX was also one of the first operating systems to
include support for Internet networking protocols. The history of UNIX, which now
spans over 30 years, is complicated because many companies and organizations
have contributed to its development.
UNIX was first written in assembly language, a primitive set of instructions that
control the internal instructions of a computer. However, UNIX could only run on
a specific type of computer. In 1971, Dennis Ritchie created the C language. In
1973, Ritchie along with fellow Bell Labs programmer Ken Thompson rewrote the
UNIX system programs in C language. Because C is a higher-level language, UNIX
could be moved or ported to another computer with far less programming effort.
The decision to develop this portable operating system proved to be the key to
the success of UNIX. During the 1970s, UNIX evolved through the development
work of programmers at Bell Labs and several universities, notably the University
of California, at Berkeley.
When UNIX first started to be marketed commercially in the 1980s, it was used
to run powerful network servers, not desktop computers. Today, there are dozens
of different versions of UNIX, including the following:
10
CCNA4 Module 6
UNIX, in its various forms, continues to advance its position as the reliable,
secure OS of choice for mission-critical applications that are crucial to the
operation of a business or other organization. UNIX is also tightly integrated with
TCP/IP. TCP/IP basically grew out of UNIX because of the need for LAN and WAN
communications.
The Sun Microsystems Solaris Operating Environment and its core OS, SunOS, is
a high-performance, versatile, 64-bit implementation of UNIX. Solaris runs on a
wide variety of computers, from Intel-based personal computers to powerful
mainframes and supercomputers. Solaris is currently the most widely used
version of UNIX in the world for large networks and Internet websites. Sun is also
the developer of the "Write Once, Run Anywhere" Java technology.
Origins of Linux
As with UNIX, there are numerous versions of Linux. Some are free downloads
from the web, and others are commercially distributed. The following are a few of
the most popular versions of Linux:
Linux is one of the most powerful and reliable operating systems in the world
today. Because of this, Linux has already made inroads as a platform for power
users and in the enterprise server arena. Linux is less often deployed as a
corporate desktop operating system. Although graphical user interfaces (GUIs)
11
CCNA4 Module 6
are available to make Linux user-friendly, most beginning users find Linux more
difficult to use than Mac OS or Windows. Currently, many companies, such as
Red Hat, SuSE, Corel, and Caldera, are striving to make Linux a viable operating
system for the desktop.
6 . 1 . 7 Apple
Apple Macintosh computers were designed for easy networking in a peer-to-peer,
workgroup situation. Network interfaces are included as part of the hardware and
networking components are built into the Macintosh operating system. Ethernet
and Token Ring network adapters are available for the Macintosh.
Mac OS X (10)
Some of the features of Mac OS X are in the GUI called Aqua. The Aqua GUI
resembles a cross between Microsoft Windows XP and Linux X-windows GUI. Mac
OS X is designed to provide features for the home computer, such as Internet
browsing, video and photo editing, and games, while still providing features that
offer powerful and customizable tools that IT professionals need in an operating
system.
12
CCNA4 Module 6
The Mac OS X is fully compatible with older versions of the Mac operating
systems. Mac OS X provides a new feature that allows for AppleTalk and Windows
connectivity. The Mac OS X core operating system is called Darwin. Darwin is a
UNIX-based, powerful system that provides stability and performance. These
enhancements provide Mac OS X with support for protected memory, preemptive
multitasking, advanced memory management, and symmetric multiprocessing.
This makes Mac OS X a formidable competitor amongst operating systems.
Depending on the NOS, some of these key network processes may be enabled
during a default installation. Most popular network processes rely on the TCP/IP
suite of protocols. Because TCP/IP is an open, well-known set of protocols, TCP/IP-
based services are vulnerable to unauthorized scans and malicious attacks.
Denial of service (DoS) attacks, computer viruses, and fast-spreading Internet
worms have forced NOS designers to reconsider which network services are
started automatically.
Recent versions of popular NOSs, such as Windows and Red Hat Linux, restrict
the number of network services that are on by default. When deploying a NOS,
key network services will need to be enabled manually.
When a user decides to print in a networked printing environment, the job is sent
to the appropriate queue for the selected printer. Print queues stack the
incoming print jobs and services them using a first-in, first-out (FIFO) order. When
a job is added to the queue, it is placed at the end of the waiting list and printed
last. The printing wait time can sometimes be long, depending on the size of the
print jobs at the head of the queue. A network print service will provide system
administrators with the necessary tools to manage the large number of print jobs
being routed throughout the network. This includes the ability to prioritize,
pause, and even delete print jobs that are waiting to be printed.
File sharing
The ability to share files over a network is an important network service. There
are many file sharing protocols and applications in use today. Within a corporate
or home network, files are typically shared using Windows File Sharing or the NFS
protocol. In such environments, an end user may not even know if a given file is
on a local hard disk or on a remote server. Windows File Sharing and NFS allow
users to easily move, create, and delete files in remote directories.
13
CCNA4 Module 6
FTP
Although FTP clients must logon, many FTP servers are configured to allow
anonymous access. When users access a server anonymously, they do not need
to have a user account on the system. The FTP protocol also allows users to
upload, rename, and delete files, so administrators must be careful to configure
an FTP server to control levels of access.
Web services
The World Wide Web is now the most visible network service. In less than a
decade, the World Wide Web has become a global network of information,
commerce, education, and entertainment. Millions of companies, organizations,
and individuals maintain websites on the Internet. Websites are collections of
web pages stored on a server or group of servers.
Web pages are hosted on computers running web service software. The two most
common web server software packages are Microsoft Internet Information
Services (IIS) and Apache Web Server. Microsoft IIS runs on a Windows platform
and Apache Web Server runs on UNIX and Linux platforms. A Web service
software package is available for virtually all operating systems currently in
production.
DNS
Without this directory lookup service, the Internet would be almost impossible to
use.
DHCP
As more network resources are available to users, the network becomes more
complex, and maintaining the network becomes more complicated. Loss of
network resources and poor performance are results of increased complexity and
are not acceptable to the users.
• Organization
• Information
• Communication
• Functional
This is a view of network management from the top-down, divided into four
submodels and recognized by the OSI standard.
16
CCNA4 Module 6
• Fault
• Configuration
• Accounting
• Performance
• Security
6 . 2 . 4 SNMP operation
SNMP is an application layer protocol designed to facilitate the exchange of
management information between network devices. By using SNMP to access
management information data, such as packets per second sent on an interface
or number of open TCP connections, network administrators can more easily
manage network performance to find and solve network problems.
Today, SNMP is the most popular protocol for managing diverse commercial,
university, and research internetworks.
17
CCNA4 Module 6
The organizational model for SNMP based network management includes four
elements:
• Management station
• Management agent
• Management information base
• Network management protocol
The NMS performs a monitoring function by retrieving the values from the MIB.
The NMS can cause an action to take place at an agent. The communication
between the manager and the agent is carried out by an application layer
network management protocol. SNMP uses User Datagram Protocol (UDP) and
communicates over ports 161 and 162. It is based on an exchange of messages.
There are three common message types:
• Get - Enables the management station to retrieve the value of MIB objects
from the agent.
• Set - Enables the management station to set the value of MIB objects at the
agent.
• Trap - Enables the agent to notify the management station of significant
events.
18
CCNA4 Module 6
However, it assumes that all network elements are manageable by SNMP. This is
not always the case, as some devices have a proprietary management interface.
In these cases, a three-tiered model is required.
It has a large amount of RAM, to hold all the management applications running at
the same time. The manager runs a typical network protocol stack, such as
TCP/IP. The network management applications rely on the host operating system,
and on the communication architecture. Examples of network management
applications are Ciscoworks2000, HP Openview, and IBM NetView.
An alternative is that all distributed NMSs have equal responsibility, each with
their own manager databases, so the management information is distributed
over the peer NMSs.
MIBs are highly structured depositories for information about a device. Many
standard MIBs exist, but more MIBs that are proprietary exist to uniquely manage
different vendor’s devices. The original SMI MIB was categorized into eight
different groups, totaling 114 managed objects. More groups were added to
define MIB-II, which now replaces MIB-I.
19
CCNA4 Module 6
the bottom of the diagram, are the actual managed objects. Each managed
object represents some resource, activity or related information that is to be
managed. A unique object identifier, which is a number in dot notation, identifies
each managed object. Each object identifier is described using abstract syntax
notation (ASN.1).
SNMP uses these object identifiers to identify the MIB variables to retrieve or
modify. Objects that are in the public domain are described in MIBs introduced in
Request for Comments (RFCs). They are readily accessible at: http://www.ietf.org
All vendors are encouraged to make their MIB definitions known. Once an
assigned enterprise value has been given, the vendor is responsible for creating
and maintaining sub-trees.
6 . 2 . 6 SNMP protocol
The agent is a software function embedded in most networked devices, such as
routers, switches, managed hubs, printers, and servers.
Interaction between the manager and the agent is facilitated by the SNMP. The
term simple comes from the restricted number of message types that are part of
the initial protocol specification. The strategy was designed to make it easier for
developers to build management capabilities into network devices. The initial
protocol specification is referred to as SNMPv1 (version 1).
There are three types of SNMP messages issued on behalf of an NMS. They are
GetRequest, GetNextRequest and SetRequest.
All three messages are acknowledged by the agent in the form of a GetResponse
message. An agent may issue a Trap message in response to an event that
affects the MIB and the underlying resources.
It is responsible for soliciting information from the agent. The solicitations are
based on very specific requests. The manager processes the retrieved
information in a number of ways. The retrieved information can be logged for
20
CCNA4 Module 6
Not all manager functions are based on data retrieval. There is also the ability to
issue changes of a value in the managed device. This feature enables an
administrator to configure a managed device using SNMP.
The interaction between the manager and the managed device does introduce
traffic to the network. Caution should be taken when introducing managers on to
the network. Aggressive monitoring strategies can negatively affect network
performance. Bandwidth utilizations will go up, which may be an issue for WAN
environments. Also, monitoring has a performance impact on the devices being
monitored, since they are required to process the manager requests. This
processing should not take precedence over production services.
SNMP uses user datagram protocol (UDP) as a transport protocol. Since UDP is
connectionless and unreliable, it is possible for SNMP to lose messages. SNMP
itself has no provision for guarantee of delivery, so it is up to the application
using SNMP to cope with lost messages.
Each SNMP message contains a cleartext string, called a community string. The
community string is used like a password to restrict access to managed devices.
The fact that the community string is cleartext is no surprise to anyone who has
studied the Internet Protocol (IP) protocol suite. All fields specified in the protocol
suite are cleartext, except for security authentication and encryption
specifications.
The community string was essentially a security placeholder until the SNMPv2
working group could ratify security mechanisms. The efforts were referred to the
SNMPv3 working group. All SNMP-based management applications need to be
configured to use the appropriate community strings. Some organizations
frequently change the community string values to reduce the risk of malicious
activity from the unauthorized use of the SNMP service.
21
CCNA4 Module 6
6 . 2 . 7 Configuring SNMP
n order to have the NMS communicate with networked devices, the devices must
have SNMP enabled and the SNMP community strings configured. These devices
are configured using the command line syntax described in the following
paragraphs.
More than one read-only string is supported. The default on most systems for
this community string is public. It is not advisable to use the default value in an
enterprise network. To set the read-only community string used by the agent,
use the following command:
• String – Community string that acts like a password and permits access to
the SNMP protocol
• ro – (Optional) Specifies read-only access. Authorized management stations
are only able to retrieve MIB objects.
More than one read-write string is supported. All SNMP objects are available for
write access. The default on most systems for this community string is private. It
is not advisable to use this value in an enterprise network. To set the read-write
community string used by the agent, use the following command:
There are several strings that can be used to specify location of the managed
device and the main system contact for the device.
These values are stored in the MIB objects sysLocation and sysContact .
6 . 2 . 8 RMON
MON is a major step forward in Internetwork management. It defines a remote
monitoring MIB that supplements MIB-II and provides the network manager with
vital information about the network. The remarkable feature of RMON is that
while it is simply a specification of a MIB, with no changes in the underlying
SNMP protocol, it provides a significant expansion in SNMP functionality.
With MIB-II, the network manager can obtain information that is purely local to
individual devices.
22
CCNA4 Module 6
Consider a LAN with a number of devices on it, each with an SNMP agent. An
SNMP manager can learn of the amount of traffic into and out of each device, but
with MIB-II it cannot easily learn about the traffic on the LAN as a whole.
The RMON standard originally designated as IETF RFC 1271, now RFC 1757, was
designed to provide proactive monitoring and diagnostics for distributed LAN-
based networks. Monitoring devices, called agents or probes, on critical network
segments allow for user-defined alarms to be created and a wealth of vital
statistics to be gathered by analyzing every frame on a segment.
The RMON standard divides monitoring functions into nine groups to support
Ethernet topologies and adds a tenth group in RFC 1513 for Token Ring-unique
parameters. The RMON standard was crafted to be deployed as a distributed
computing architecture, where the agents and probes communicate with a
central management station, a client, using SNMP. These agents have defined
SNMP MIB structures for all nine or ten Ethernet or Token Ring RMON groups,
allowing interoperability between vendors of RMON-based diagnostic tools. The
RMON groups are defined as:
• Statistics group - Maintains utilization and error statistics for the subnetwork
or segment being monitored. Examples are bandwidth utilization, broadcast,
multicast, CRC alignment, fragments, and so on.
• History group - Holds periodic statistical samples from the statistics group
and stores them for later retrieval. Examples are utilization, error count, and
packet count.
• Alarm group - Allows the administrator to set a sampling interval and
threshold for any item recorded by the agent. Examples are absolute or
relative values and rising or falling thresholds.
• Host group - Defines the measurement of various types of traffic to and
from hosts attached to the network. Examples are packets sent or received,
bytes sent or received, errors, and broadcast and multicast packets.
• Host TopN group - Provides a report of TopN hosts based on host group
statistics.
• Traffic matrix group - Stores errors and utilization statistics for pairs of
communicating nodes of the network. Examples are errors, bytes, and
packets.
• Filter group - A filter engine that generates a packet stream from frames
that match the pattern specified by the user.
• Packet capture group - Defines how packets that match filter criteria are
buffered internally.
• Event group - Allows the logging of events, also called generated traps, to
the manager, together with time and date. Examples are customized
reports based upon the type of alarm.
23
CCNA4 Module 6
6 . 2 . 9 Syslog
he Cisco syslog logging utility is based on the UNIX syslog utility. System events
are usually logged to the system console unless disabled. The syslog utility is a
mechanism for applications, processes, and the operating system of Cisco
devices to report activity and error conditions. The syslog protocol is used to
allow Cisco devices to issue these unsolicited messages to a network
management station.
There are eight levels of severity, 0-7, with level 0 (zero) being the most critical,
and level 7 the least critical. The levels are as follows:
0 Emergencies
1 Alerts
2 Critical
3 Errors
4 Warnings
5 Notifications
6 Informational
7 Debugging
The facility and severity level fields are used for processing the messages. Level
0 (zero) to level 7 are facility types provided for custom log message processing.
The Cisco IOS defaults to severity level 6.This setting is configurable.
In order to have the NMS receive and record system messages from a device, the
device must have syslog configured.
Below is a review of the command line syntax on how to configure these devices.
Router(config)#logging on
24
CCNA4 Module 6
Module Summary
An understanding of the following key points should have been achieved:
25