This document summarizes a packet tracer lab where SNMP, Netflow, and syslog protocols were configured to monitor network traffic and generate log messages. Key aspects covered include:
- SNMP allows network monitoring through protocols that transmit data to SNMP servers. It was configured to send traffic logs and router status updates to a server.
- Netflow captures detailed traffic information like source/destination IP/port and protocol from router interfaces and exports it to a server for analysis. Random traffic was generated to test netflow collection.
- Syslog messages of different severity levels were configured to be sent from routers to a server for logging and troubleshooting purposes.
Axa Assurance Maroc - Insurer Innovation Award 2024
Packet Tracer: SNMP, Netflow, Sys-log
1. Packet Tracer Lab
Rafat Khandaker
SNMP
Netflow, Syslog, Trap
05-17-16
.
ABSTRACT
In this lab, I'm going to research and study Cisco routing protocols that include SNMP,
HSRP and GLBP. Those protocols will be used to configure load balancing, network monitering
and generate sys log messages and transport to a snmp server/syslog server.
INTRODUCTION
SNMP
Simple Network management protocol, was developed in 1988 to allow applications to
access the traffic information being passed through cisco routers. SNMP allowed, servers to log
error messages about the network. SNMP also allowed active network monitoring such as
netflow application to be transmitted and logged into a server. SNMP protocols are usually
configured with a management device and an agent. The agent usually contains MIB or message
information block, which inside an OID ( object identifier ) can be configured from an SNMP
manager. The manager is allowed to query or ask for variables inside the OID. It can also be
configured with " trap " notifications, which is a preconfigured detection feature to be logged
into the SNMP manager.
SNMP had security flaws, it only used community strings ( read /write private... read only )
they were pre-configured with default values.
SNMP v2 never caught on in the market... V2c allowed more information to be transmitted
through a single query. still used community strings.
SNMP v3 - good security, encryption, integrity check and authentication services.
SIMULATION
2. In this example, a server is connected on the network to log snmp traffic. The router will be
configured to send the snmp traffic into the server when PC 1 is communicating to pc0, and log
information about the status of the router in general, including links going up and down.
to set up this lab, I made sure that all links have connectivity through pc1 .
3. ONCE CONNECTIVITY IS CONFIRMED , I am now going to configure SNMP protocol and
view the SYS log on the server.
Enable TRAP to send syslog messages to the server
Entering severity 7 ... just for demonstration purpose... almost like a network analyzer... at this
point. Usually severity 4 is used for administration.
4. we can see the server sys log entering messages
5. server is actively logging
NETFLOW
Netflow is a feature on cisco routers that allows us to get a very detailed information about the
network traffic.
netflow has 7 things in common
1.source ip address 2. destination ip address 3. Source port number 4. Destination Port number
5. Layer 3 protocol type. 6. Type of service (ToS) value 7. ingress interface.
We can get very detailed information of the packet in the flow within the network.
configuring netflow on the interface ingress ( inbound ) egress ( outbound )
6. The idea is to create connections from the pc to internet and monitor the traffic
- here i have some random garbage requests to the pc accross the simulated internet.
7. We can see from the command show ip cache flow, that the router is capturing traffic from the
netflow configuration.
Now I'm going to export the netflow to a server... ( version depends on the netflow collector
documentation ) ** usually the app you are using..
8. here we configured ip flow export on loopback 0
version 9 and export destination to the server on port 9996. ( usual port number but can be
different )
On the server interface, netflow is configured.. and I will do some garbage pings and failed
telnet attempts and let netflow collect information.
10. CONCLUSION:
In this lab I have successfully configured SNMP, Netflow and syslog onto a server.
These protocols are very useful for administrators to check for network downtime,
troubleshooting and monitoring a network.