Quick Network Assessment

The network assessment is an effective tool to understand infrastructure, performance and network management components. The network engineer can spend 30 minutes going through some basic Cisco IOS commands to document the current network. The following is a description of a network assessment.

Infrastructure

The infrastructure includes all networking equipment, circuits, firewalls, load balancers and WAN optimization devices. In addition there is network topology and software code versions.

Step 1: Topology

The show cdp neighbor command lists the neighbor equipment model, vendor and interface uplink. In addition the engineer can map the network topology (connectivity) for campus and WAN. The command is issued at all switches and routers. That will show Cisco IP phones and wireless devices as well.

# show cdp neighbor detail

Step 2: IOS Software Code

The Cisco switches, routers, wireless and firewall devices all have software code running on each device. In addition there is hardware information that is now included with show version. It replaces the show hardware command. The network modules, interfaces and memory is available.

There are multiple feature license packages available for each Cisco platform. They enable various networking features based on requirements. The show version provides the feature license level installed. The show license feature command provides specific information on enabled licenses for routers. That would include security, optimization and telephony features. The show inventory provides specific information on serial numbers and Cisco PID numbers for support purposes. SmartNET contracts and TAC support are based on equipment serial numbers as well.

# show version

# show license feature (routers)

# show license right-to-use (3850 switch)

# show license usage (nexus)

# show inventory

Distribution and Core Switches

The show module command provides a listing of the 4500 and 6500 switch line cards installed. In addition there are sup engines, power supplies and MAC address for each component listed as well. The command works as well for any Nexus 5500 and 7000 switches.

# show module

Step 3: Interface Type and Status

The Cisco switches and routers have a variety of show interface commands available. The show interface will list all interfaces with detailed information for each. That includes connection status and interface settings. The following include the interface commands and purpose.

# show interface [interface]

# show interface status

# show interface port channel

# show etherchannel

Network Performance

The following Cisco IOS commands show various performance metrics per device and operational status.

Step 4: Run show interface command on all switch and router uplinks to examine packet drops, throughput (bps) and interface errors.

# show interface [interface]

Step 5: Run show processes cpu command on all devices to examine CPU utilization.

# show processes cpu

Step 6: Run show environment all command at each device. That will show operational status for power supply, fan and temperature. In addition the number of power supplies and model number is listed as well.

# show environment all

Step 7: Run show policy-map to list currently deployed QoS features.

# show policy-map

Step 8: Run Iperf to examine bandwidth throughput between desktop and server for each WAN link. The first command starts the service on the network server (destination). The second command starts the service on the client (source).

# iperf –c [ip address]

# iperf -s

Network Management

Step 9: The show running-config command is used at each device to examine the current running configuration. Make note of any syslog server, NTP server, Netflow and IP SLA configuration.

# show running-config

Syslog Server

All device system notifications and errors are sent to a syslog server for management and troubleshooting purposes. The network engineer can assign multiple Syslog servers for redundancy. The network engineer configures the Syslog IP address at each network device.

# show logging

NTP Server

The Network Time Protocol (NTP) is deployed to all cisco devices to synchronize the time of day. That correlates the system logs and various other time stamped activities and events. The NTP server receives time information from an external source and forwards that to multiple network devices based on UDP. The network device is configured with the NTP designated IP address. The AAA settings integrate authentication with the TACACS server for managing device access.

# show ntp status

Netflow

Cisco NetFlow is available for deployment with most Cisco routers, switches and wireless controllers. The performance monitoring software must support NetFlow collection for their reporting facility. NetFlow collects performance data per flow to report what applications, servers and devices are using bandwidth. NetQoS has the most effective reports including Top N servers, applications and protocols.

# show ip cache flow

IP SLA

The purpose of Cisco IP SLA is to monitor specific performance metrics. The performance metrics include latency, packet loss, jitter, throughput and availability. It is typically deployed for performance monitoring of WAN links. The monitoring software must support Cisco IP SLA.

# show ip sla statistics

Security

Step 10: The following Cisco IOS commands examine basic device password security for managing access. The Cisco best practices recommend password encryption with secret password. In addition the VTY lines should be password protected with timeout values. The SSH protocol is preferred over Telnet for added security. The show running-config command is used to examine the following items:

# show running-config

password encryption password secret vty lines ssh

Applications

Step 11: Do a quick survey of the network applications that are available.

Application Name IP Subnet Assigned VLAN TCP/UDP Port Location

Shaun Hummel is author of Cisco Design Fundamentals at Amazon.com

Copyright © 2015 CiscoNet Solutions Rights Reserved