network environment management discovering neighbors on the network

57
NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Upload: robert-davidson

Post on 28-Dec-2015

220 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

NETWORK ENVIRONMENT MANAGEMENT

Discovering Neighbors on the Network

Page 2: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CISCO DISCOVERY PROTOCOL

Page 3: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CDP continue–Cisco Discovery Protocol is a proprietary

utility that provides a summary of directly connected switches, routers, and other Cisco

devices.

–Cisco Discovery Protocol discovers

neighboring devices, regardless of which protocol suite they are running

–Physical media must support the SNAP encapsulation.

Page 4: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

DISCOVERING NEIGHBORS WITH CISCO DISCOVERY PROTOCOL

– Cisco Discovery Protocol runs on Cisco IOS devices.

– Summary information includes:

– Device identifiers– Address list– Port identifier– Capabilities list– Platform

Page 5: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

USING CISCO DISCOVERY PROTOCOL

RouterA#show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbors entries traffic CDP statistics <cr>RouterA(config)#no cdp run RouterA(config)#interface serial0/0/0 RouterA(config-if)#no cdp enable

Page 6: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

USING CISCO DISCOVERY PROTOCOL

RouterA# show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries traffic CDP statistics …RouterA(config)# no cdp run! Disable CDP GloballyRouterA(config)# interface serial0/0/0RouterA(config-if)# no cdp enable! Disable CDP on just this interface

Page 7: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

USING THE SHOW CDP NEIGHBORS COMMAND

RouterA# show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port IDSwitchA fa0/0 122 S I WS-C2960- fa0/2RouterB s0/0/0 177 R S I 2811 s0/0/1

Page 8: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

USING THE SHOW CDP ENTRY COMMAND

Device ID: RouterBEntry address(es): IP address: 10.1.1.2Platform: Cisco 2811, Capabilities: Router Switch IGMPInterface: Serial0/0/0, Port ID (outgoing port): Serial0/0/1Holdtime : 155 sec

Version :Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Fri 17-Nov-06 12:02 by prod_rel_team

Page 9: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

ADDITIONAL CISCO DISCOVERY PROTOCOL COMMANDS

RouterA# show cdp trafficCDP counters : Total packets output: 8680, Input: 8678 Hdr syntax: 0, Chksum error: 0, Encaps failed: 5 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 8680, Input: 8678

RouterA# show cdp interface s0/0/0Serial0/0/0 is up, line protocol is up Encapsulation PPP Sending CDP packets every 60 seconds Holdtime is 180 seconds

Page 10: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CREATING A NETWORK MAP

Page 11: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY

– Cisco Discovery Protocol is an information-gathering tool used by network administrators to obtain information about directly connected devices.

– Cisco Discovery Protocol exchanges hardware and software device information with its directly connected Cisco Discovery Protocol neighbors.

– Cisco Discovery Protocol on a router can be enabled or disabled as a whole or on a port-by-port basis.

Page 12: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Summary cont.–The show cdp neighbors command displays

information about the Cisco Discovery Protocol neighbors of a router.

–The show cdp entry, show cdp traffic, and show cdp interface commands display

detailed Cisco Discovery Protocol information on a Cisco device.

–Using the information obtained from the show cdp command output, a network topology map can be created to aid troubleshooting.

Page 13: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

MANAGING ROUTER STARTUP AND

CONFIGURATION

Page 14: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

ROUTER POWER-ON BOOT SEQUENCE1. Perform power-on self-test (POST).

2. Load and run bootstrap code.

3. Find the Cisco IOS Software.

4. Load the Cisco IOS Software.

5. Find the configuration.

6. Load the configuration.

7. Run the configured Cisco IOS Software.

Page 15: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

ROUTER INTERNAL COMPONENTS

Page 16: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

ROM FUNCTIONS

Contains microcode for basic functions

Page 17: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

FINDING THE CISCO IOS IMAGE

Order of search:

1. Checks configuration register

2. Parses configuration for boot system command

3. Defaults to first file in flash memory

4. Attempts to boot from network server

5. Boot helper image

6. ROMMON

Page 18: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

LOADING THE CISCO IOS IMAGE FROM FLASH MEMORY

The flash memory file is loaded into RAM.

Page 19: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

LOADING THE CONFIGURATION

Load and execute the configuration from NVRAM

If no configuration is present in NVRAM, enter setup mode

Page 20: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Displays the current and saved configuration

SHOW RUNNING-CONFIG AND SHOW STARTUP-CONFIG COMMANDS

Page 21: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

DETERMINING THE CURRENT CONFIGURATION REGISTER VALUECisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(5a), RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Sat 14-Jan-06 03:19 by alnguyen

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

RouterX uptime is 1 week, 5 days, 21 hours, 30 minutesSystem returned to ROM by reload at 23:04:40 UTC Tue Mar 13 2007System image file is "flash:c2800nm-ipbase-mz.124-5a.bin"

Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.Processor board ID FTX1013A1DJ2 FastEthernet interfaces2 Serial(sync/async) interfacesDRAM configuration is 64 bits wide with parity enabled.239K bytes of non-volatile configuration memory.62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Page 22: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CONFIGURATION REGISTER VALUES

– Configuration register bits 3, 2, 1, and 0 set boot option

– Check the configuration register value with the show version command

Page 23: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SHOW VERSION COMMANDCisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(5a), RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Sat 14-Jan-06 03:19 by alnguyen

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

RouterX uptime is 1 week, 5 days, 21 hours, 30 minutesSystem returned to ROM by reload at 23:04:40 UTC Tue Mar 13 2007System image file is "flash:c2800nm-ipbase-mz.124-5a.bin"

Cisco 2811 (revision 53.51) with 251904K/10240K bytes of memory.Processor board ID FTX1013A1DJ2 FastEthernet interfaces2 Serial(sync/async) interfacesDRAM configuration is 64 bits wide with parity enabled.239K bytes of non-volatile configuration memory.62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102 (will be 2104 at next reload)

Page 24: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SHOW FLASH COMMAND

RouterX#sh flash-#- --length-- -----date/time------ path1 14951648 Feb 22 2007 21:38:56 +00:00 c2800nm-ipbase-mz.124-5a.bin2 1823 Dec 14 2006 08:24:54 +00:00 sdmconfig-2811.cfg3 4734464 Dec 14 2006 08:25:24 +00:00 sdm.tar4 833024 Dec 14 2006 08:25:38 +00:00 es.tar5 1052160 Dec 14 2006 08:25:54 +00:00 common.tar6 1038 Dec 14 2006 08:26:08 +00:00 home.shtml7 102400 Dec 14 2006 08:26:22 +00:00 home.tar8 491213 Dec 14 2006 08:26:40 +00:00 128MB.sdf

41836544 bytes available (22179840 bytes used)

Page 25: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY

– When a router boots, it performs tests, finds, and loads software, finds and loads configurations, and finally runs the software.

– The major internal components of a router include RAM, ROM, flash memory, NVRAM, and the configuration register.

– When a router boots, it searches for the Cisco IOS Software image in a specific sequence: location specified in the configuration register, flash memory, a TFTP server, and ROM.

– The configuration register includes boot information specifying where to locate the Cisco IOS Software image. The register can be examined with a show command and change the register value with the config-register global configuration command.

Page 26: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

MANAGING CISCO DEVICES

Page 27: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CISCO IOS FILE SYSTEM AND DEVICES

Page 28: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

MANAGING CISCO IOS IMAGES

Page 29: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

• Verify that flash memory has room for the Cisco IOS image.

VERIFYING MEMORY AND DECIPHERING IMAGE

FILENAMESRouterX# sh flash-#- --length-- -----date/time------ path1 14951648 Feb 22 2007 21:38:56 +00:00 c2800nm-ipbase-mz.124-5a.bin2 1823 Dec 14 2006 08:24:54 +00:00 sdmconfig-2811.cfg3 4734464 Dec 14 2006 08:25:24 +00:00 sdm.tar4 833024 Dec 14 2006 08:25:38 +00:00 es.tar5 1052160 Dec 14 2006 08:25:54 +00:00 common.tar6 1038 Dec 14 2006 08:26:08 +00:00 home.shtml7 102400 Dec 14 2006 08:26:22 +00:00 home.tar8 491213 Dec 14 2006 08:26:40 +00:00 128MB.sdf

41836544 bytes available (22179840 bytes used)

Page 30: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

• Back up current files prior to updating flash memory.

CREATING A SOFTWARE IMAGE BACKUP

RouterX# copy flash tftp:Source filename []? c2800nm-ipbase-mz.124-5a.binAddress or name of remote host []? 10.1.1.1Destination filename [c2800nm-ipbase-mz.124-5a.bin]!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<output omitted>12094416 bytes copied in 98.858 secs (122341 bytes/sec)RouterX#

Page 31: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

UPGRADING THE IMAGE FROM THE NETWORK

RouterX#copy tftp flash:Address or name of remote host [10.1.1.1]?Source filename []? c2800nm-ipbase-mz.124-5a.binDestination filename [c2800nm-ipbase-mz.124-5a.bin]Accessing tftp://10.1.1.1/c2600-js-mz.122-21a.bin...Erase flash: before copying? [confirm]Erasing the flash filesystem will remove all files! Continue? [confirm]Erasing device... eeeeeeeeee (output omitted) ...erasedErase of flash: completeLoading c2800nm-ipbase-mz.124-5a.bin from 10.1.1.1 (via Ethernet0/0): !!!!!!!!!!!!!!!(output omited)[OK - 12094416 bytes]Verifying checksum... OK (0x45E2)12094416 bytes copied in 120.465 secs (100398 bytes/sec)RouterX

Page 32: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

DEVICE CONFIGURATION FILES

Page 33: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CISCO IOS COPY COMMAND

NVRAM Terminal TFTP server Erase start

Page 34: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CISCO IOS COPY COMMAND EXAMPLE

Page 35: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

COPY RUN TFTP AND COPY TFTP RUN COMMANDS

RouterX#copy running-config: tftp: Address or name of remote host []? 10.1.1.1 Destination filename [running-config]? wgroa.cfg .!!1684 bytes copied in 13.300 secs (129 bytes/sec) RouterX#copy tftp: running-config: Address or name of remote host []? 10.1.1.1 Source filename []? wgroa.cfg Destination filename [running-config]? Accessing tftp://10.1.1.1/wgroa.cfg... Loading wgroa.cfg from 10.1.1.1 (via Ethernet0): ![OK - 1684/3072 bytes]

1684 bytes copied in 17.692 secs (99 bytes/sec)

Page 36: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SHOW AND DEBUG COMMANDS

Page 37: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CONSIDERATIONS WHEN USING DEBUG COMMANDS

– May generate output in a variety of formats that may not identify the problem

– Require high overhead, possibly disrupting network device operation

– Useful for obtaining information about network traffic and router status

Page 38: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

COMMANDS RELATED TO DEBUG

service timestamps debug datetime msec

RouteX(config)#

Adds a time stamp to a debug or log message

no debug all

RouteX#

Disables all debug commands

show processes

RouteX#

Displays the CPU utilization for each process

RouteX#

terminal monitor

Displays debug output on your current vty session

Page 39: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY– The Cisco IFS feature provides a single interface to all

the file systems (NVRAM, RAM, TFTP, flash) that a router uses.

– As a network grows, storage of the Cisco IOS Software and configuration files on a central server enables control of the number and revision level of software images and configuration files that must be maintained.

– Having proper backup of the current device configuration stored in a TFTP server can help reduce device downtime.

Page 40: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY (CONT.)– The Cisco IOS Software copy commands can

be used to move configurations from one component or device to another, such as RAM, NVRAM, or a file server.

– The show and debug commands are built-in tools for troubleshooting. The show command is used to display static information, while the debug command is used to display dynamic data.

Page 41: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SECURING THE NETWORK

Page 42: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

CLOSED NETWORKS

Attacks from inside the network remain a threat.

Page 43: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

OPEN NETWORKS

Page 44: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

THREAT CAPABILITIES—MORE DANGEROUS AND EASIER TO USE

Page 45: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

E-BUSINESS CHALLENGE

Page 46: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

ADVERSARIES, ADVERSARY MOTIVATIONS, AND CLASSES

OF ATTACK

Adversaries Motivations Classes of Attack

§ Nation-states

§ Terrorists

§ Criminals

§ Hackers

§ Crackers

§ Competitors

§ “Script kiddies”

§ Disgruntled employees

§ Government

§ Intelligence

§ Theft

§ DoS

§ Embarrassment

§ Challenge

§ Passive

§ Active

§ Close-in

§ Insider

§ Distributed

Page 47: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

COMMON THREATS– Physical installations

• Hardware threats• Environmental threats• Electrical threats• Maintenance threats

– Reconnaissance attacks—Learning information about a target network by using readily available information and applications

– Access attacks—Attacks on networks or systems for these reasons:• Retrieve data• Gain access• Escalate their access privileges

– Password attacks—Tools used by hackers to compromise passwords

Page 48: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

PASSWORD ATTACK THREAT MITIGATION

• Here are password attack threat-mitigation techniques:– Do not allow users to use the same password on

multiple systems.

– Disable accounts after a certain number of unsuccessful login attempts.

– Do not use cleartext passwords.

– Use “strong” passwords; for example, “mY8!Rthd8y”

rather than “mybirthday.”

Page 49: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY– Sophisticated attack tools and open networks continue

to generate an increased need for network security policies and infrastructure to protect organizations from internally and externally based attacks.

– Organizations must balance network security needs against e-business processes, legal issues, and government policies. Establishing a network security policy is the first step in changing a network over to a secure infrastructure.

– Network adversaries come in many shapes and sizes and with multiple motivations.

Page 50: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

SUMMARY (CONT.)

– It is very important to provide physical installation security for enterprise network devices.

– Password attack threats can be mitigated.

• Restrict password use.

• Disable accounts after unsuccessful logins.

• Do not use cleartext passwords; use strong passwords.

Page 51: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Managing the Configuration Register• You can change the configuration register value to modify how the router

boots and runs.

• These are the main reasons you would want to change the configuration register:

• To force the system into the ROM monitor mode

• To select a boot source and default boot filename

• To enable or disable the Break function

• To control broadcast addresses

• To set the console terminal baud rate

• To load operating software from ROM

• To enable booting from a Trivial File Transfer Protocol (TFTP) server

Page 52: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Configuration Register

16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

0x0 0 0 0 0 0 0 0 0

0x1 0 0 0 0 0 0 0 1

0x2102 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

0x3 0 0 0 0 0 0 1 1

0x4 0 0 0 0 0 1 0 0

0x5 0 0 0 0 0 1 0 1

0x6 0 0 0 0 0 1 1 0

0x7 0 0 0 0 0 1 1 1

0x8 0 0 0 0 1 0 0 0

0x9 0 0 0 0 1 0 0 1

0xA 0 0 0 0 1 0 1 0

Page 53: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Boot Field Configuration Register Bit Descriptions

0000 (0x0) At the next power cycle or reload, the router boots to the ROM monitor (bootstrap program). To use the ROM monitor, you must use a terminal or PC that is connected to the router console port. For information about connecting the router to a PC or terminal, see the hardware installation guide for your router. In ROM monitor mode, you must manually boot the system image or any other image by using the boot ROM monitor command.

0001 (0x01) Boots the first image in flash memory as a system image

0010 – 1111 (0x0 – 0xF)

At the next power cycle or reload, the router sequentially processes each boot system command in global configuration mode that is stored in the configuration file until the system boots successfully. If no boot system commands are stored in the configuration file, or if executing those commands is unsuccessful, then the router attempts to boot the first image file in flash memory.

Page 54: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Boot fields of the Configuration Resister• 0–3 0x0000–0x000F Boot field (see Table 5.4).

• 6 0x0040 Ignore NVRAM contents.

• 7 0x0080 OEM bit enabled.

• 8 0x101 Break disabled.

• 10 0x0400 IP broadcast with all zeros.

• 5, 11–12 0x0800–0x1000 Console line speed.

• 13 0x2000 Boot default ROM software if network boot fails.

• 14 0x4000 IP broadcasts do not have net numbers.

• 15 0x8000 Enable diagnostic messages and ignore NVRAM contents.

Page 55: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Password Recovery

• Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROM monitor mode.

• Change the configuration register by turning on bit 6 (with the value 0x2142).

• Reload the router.

• Enter privileged mode.

Page 56: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

Password Recovery (cont)

• Copy the startup-config file to running-config.

• Change the password.

• Reset the configuration register to the default value.

• Save the router configuration.

• Reload the router (optional).

Page 57: NETWORK ENVIRONMENT MANAGEMENT Discovering Neighbors on the Network

END

Questions