Network Time Protocol (NTP)

Questions and Answers

Why is it important to synchronize time across all devices on a network?

• To ensure all devices boot at the same time.
• To accurately determine the order of events and their causes. (correct)
• To reduce the amount of network traffic.
• To prevent unauthorized access to devices.

Which protocol is commonly used to synchronize time across network devices?

• Transmission Control Protocol (TCP)
• Network Time Protocol (NTP) (correct)
• Internet Control Message Protocol (ICMP)
• Simple Network Management Protocol (SNMP)

What is a primary advantage of using NTP in a growing network?

• It ensures all infrastructure devices use synchronized time. (correct)
• It reduces network congestion.
• It simplifies network configuration.
• It enhances network security.

What UDP port does NTP use for communication?

Port 123 (D)

What is a 'stratum' in the context of NTP?

A level in the hierarchical system of time sources. (D)

What does Stratum 0 refer to in NTP?

High-precision timekeeping devices assumed to be accurate. (D)

What is the role of a Stratum 1 server in an NTP hierarchy?

To act as the primary network time standard. (B)

What command is used to configure an NTP server in global configuration mode?

ntp server ip-address (D)

Which command is used to verify that a device is synchronized with an NTP server?

show ntp associations (D)

Which of the following is a key function of SNMP?

Monitoring and managing network performance (B)

Which layer of the OSI model does SNMP operate at?

Application layer (A)

What are the three elements of an SNMP system?

Manager, agent, and Management Information Base (MIB) (C)

On what UDP port does the SNMP manager typically poll agents to query the MIB?

Port 161 (C)

On what UDP port do SNMP agents send traps to the SNMP manager?

Port 162 (D)

What is the purpose of the 'get' action in SNMP?

To collect information from an SNMP agent (D)

What are 'traps' in the context of SNMP?

Unsolicited messages alerting the SNMP manager to a condition or event (C)

What information can be observed using SNMP to help create a baseline for the network administrator?

CPU utilization over a period of time (B)

Which command-line utility is used to retrieve data via SNMP from the NMS?

snmpget (B)

Which SNMP version is considered legacy and should not be used due to security risks?

SNMPv1 (B)

Which authentication method is used by SNMPv3?

Username authentication (C)

What is the role of 'community strings' in SNMPv1 and SNMPv2c?

To control access to the MIB (C)

What type of access is provided by a 'read-only' (ro) community string?

Access to the MIB variables, but only for reading (D)

What is an Object Identifier (OID) in the context of MIB?

A unique identifier for a specific managed object (C)

What does the term 'facility' refer to in the context of syslog messages?

The service identifier that identifies and categorizes system state data (A)

Which protocol does Syslog use to send event notification messages across IP networks?

UDP (A)

Which UDP port does Syslog use by default?

Port 514 (A)

Which of the following is NOT a primary function of the Syslog logging service?

To encrypt network traffic. (A)

Where can Syslog messages be sent?

RAM inside a router or switch, console line, terminal line, and Syslog server (A)

Which Syslog severity level indicates the most critical alarm?

Emergency (Level 0) (C)

In a Syslog message, what does the 'facility' component identify?

The system component or service that generated the message (A)

What command is used to configure what Syslog messages are sent to a Syslog server?

logging traps (D)

By default, are log messages timestamped?

No, they are not timestamped by default. (B)

What command is used to configure Syslog to timestamp messages?

service timestamps log datetime (B)

Flashcards

What is NTP?

A protocol used to synchronize the clocks of computer systems over a network.

What is the software clock?

The primary source of time for a router or switch.

What is stratum?

A hierarchical system of time sources used in NTP networks.

What is Stratum 0?

Authoritative time sources assumed to be accurate and with little delay.

What is Stratum 1?

Devices connected to authoritative time sources and act as the primary network time standard.

What is SNMP?

An application layer protocol that provides a message format for communication between managers and agents.

What is a SNMP manager?

Part of a network management system that collects information from agents.

What is a SNMP agent?

Resides on client devices, storing data and statistics.

What are SNMP Traps?

alerts the SNMP manager to a condition or event on the network.

What is a SNMP polling?

A method to observe CPU utilization over time by polling devices.

What is SNMPv1?

Legacy standard using a simple community-string based authentication.

What is SNMPv2c?

Uses a community-string based authentication and provides bulk retrieval options.

What is SNMPv3?

Uses username authentication and provides data protection.

What are community strings?

Passwords that control access to the MIB; come in read-only and read-write types.

What is Syslog?

A service for sending event notification messages across IP networks.

What are syslog facilities?

Service identifiers categorizing system state data.

What is severity level?

The degree of importance of a syslog message.

Study Notes

Network Management and Monitoring

NTP - Network Time Protocol

• NTP synchronizes time across network devices.
• Synchronization is important for event order determination.
• Manual configuration and network time protocol are two methods to configure the date and time settings.

NTP in Growing Networks

• NTP is better suited when networks are growing
• NTP ensures all infrastructure devices use synchronized time.
• NTP can synchronize with a private master clock or a publicly available NTP server.
• NTP uses UDP port 123.

NTP Operation

• NTP networks employ a hierarchical system, where each level is a stratum.
• Stratum level defines hop counts from authoritative source.
• Synchronized time distributes across the network using NTP.
• The maximum hop count is 15.
• Stratum 16 indicates an unsynchronized device.
• Stratum 0 refers to high-precision timekeeping devices that are accurate.
• Stratum 1 devices are directly connected to authoritative time sources and serve as the primary network time standard.
• Stratum 2 servers connect to stratum 1 devices.
• Stratum 2 devices synchronize time using NTP packets from stratum 1 servers.
• Stratum 2 devices can also provide act as servers for stratum 3 devices.
• Time servers at the same stratum level can be configured to act as peers for backup or verification.

Configuring and Verifying NTP

• The show clock command displays the current software clock time before NTP configuration.
• The detail option shows time source from user configuration.
• The ntp server ip-address command configures an NTP server in global configuration mode.
• The show clock detail command verifies the time source is set to NTP.
• The show ntp associations command verifies that R1 is synchronized with the NTP server.
• R1 synchronizes with a Stratum 1 NTP server, which itself is synchronized with a GPS clock.
• The show ntp status command shows that R1 is a stratum 2 device synchronized with the NTP server.
• The clock on S1 synchronizes to R1 using the ntp server command and configuration is verified with show ntp associations command.
• The output of the show ntp associations command verifies S1 is synchronized with R1 via NTP.
• R1 is a stratum 2 device meaning S1 is a stratum 3 device that can provide NTP service to other devices on the network

SNMP - Simple Network Management Protocol

• SNMP enables network administrators to monitor and manage network performance.
• It also allows them to solve network problems and plan for network growth.
• SNMP is an application layer protocol with a message format for communication between managers and agents.
• The SNMP system has three elements: SNMP manager, SNMP agents (managed node), and Management Information Base (MIB).
• SNMP manager polls agents and queries the MIB on UDP port 161.
• SNMP agents send SNMP traps to the SNMP manager on UDP port 162.
• The SNMP manager is part of a network management system (NMS).
• The SNMP manager can collect information using the "get" request and can change configurations on an agent via the "set" action.
• SNMP agents can forward information using "traps".
• SNMP agents and MIBs reside on SNMP client devices.
• MIBs contain data about a device and operations, and are to be available to authenticated remote users.
• The SNMP agent provides access to the local MIB.

SNMP Operation

• When an SNMP agent receives a GetRequest-PDU, the agent retrieves the requested MIB variable and responds to the network manager.
• When an SNMP agent receives a SetRequest-PDU, the agent changes the value of the MIB variable and includes the new settings in its reply.
• SNMP traps alert the SNMP manager to a condition or event on the network, reducing resource needs by eliminating some polling requests.
• An SNMP trap can alert the network administrator that an interface has failed.
• NMS software can send a text, pop up a window or change the router icon color in the NMS GUI .

SNMP Polling

• SNMP can observe CPU utilization over time by polling devices.
• Statistics are compiled on the NMS and graphed, creating a baseline for the network administrator.
• Data retrieves via the snmpget utility and issued on the NMS.
• The snmpget utility to manually retrieve real-time data , or have the NMS run a report to provide data to get the average.

SNMP Versions

• SNMPv1 is a legacy standard that uses a simple community-string for authentication and is not secure.
• SNMPv2c is also uses a simple community-string for authentication but includes detailed error messages.
• SNMPv3 uses username authentication, data protection with HMAC, and DES, 3DES, or AES encryption.
• Community strings are used by SNMPv1 and SNMPv2c to control access to the MIB and are plaintext passwords.
• Read-only community strings (ro) provide read access but no modification rights.
• Read-write community strings (rw) provide read and write access to all MIB objects.
• Specification of correct community string is required to view/set MIB variables.

MIB Organization

• The MIB organizes variables hierarchically, defining each variable as an object ID (OID).
• OIDs uniquely identify managed objects using RFC standards.
• An MIB tree includes branches with variables common to many devices and some specific to the device or vendor.
• RFCs define common public variables and vendors can define private branches.
• OIDs can be described in words or numbers to help locate a particular variable in the tree.
• A network management product with a GUI interface (Cisco SNMP Object Navigator) is used for the MIB data variable naming.
• The Cisco SNMP Object Navigator website provides details about a particular OID.

Syslog Protocol

• Syslog uses UDP port 514 for sending event notification messages across IP networks to event message collectors.

Syslog Logging Service Functions

• Gather logging information for monitoring and troubleshooting.
• Select the type of logging information that is captured.
• Specify the destinations of captured syslog messages.
• Syslog originates from system and debug output, sent across the network to external syslog.
• Syslog messages can be sent to an internal buffer, viewable through the CLI of the device.
• Destinations for syslog messages include a logging buffer, console line, terminal line, and a syslog server.
• Syslog messages contain a severity level and facility. The smaller the numerical level is, the more critical the syslog alarms.
• Syslog facilities are service identifiers that identify and categorize system state data for error and event message reporting.
• Common syslog message facilities are IP, OSPF protocol, SYS operating system, IP security (IPsec), Interface IP (IF).

Syslog Message Format and Configuration

• The format of syslog messages on Cisco IOS Software is %facility-severity-MNEMONIC: description.
• Examples include %LINK-3-UPDOWN, %SYS-5-CONFIG, and %SYS-6-CLOCKUPDATE.
• Configure logs to be sent to a Syslog server
• By default, all logs for every severity level are logged, and it must be specified from which severity level logs should be kept
• logging host 10.0.0.1 and logging traps warning are used to configure logs to be sent to a Syslog server.
• service timestamps log datetime command configures the logging of message timestamps.
• Configure NTP on R1 and R2 to allow time synchronization.
• It is important to set NTP 'off' and 'on' again to force update on Packet Tracer and keep in mind the stratum is often 16.
• Surveys on the understanding of network monitoring, research network monitoring tools and monitor selection of a monitoring tool are key to network monitoring.