cwlms30 module s01

8/6/2019 CWLMS30 Module S01

1/48

Lesson 1

Defining Network Management

OverviewDue to the increased use and complexity of networks, a proper network management strategy iscritical for the network administrator and the company. You must provide users with a

predictable high quality of service. You need a network management strategy to minimize

network downtime and take advantage of advances in technology. By using network

management tools and processes to gain visibility into the network, you can proactively resolve

problems, plan for changes in resource usage, and securely control and manage valuable

network resources.

Objectives

Upon completing this lesson, you will be able to define network management by identifying

goals for proper network operation and breaking the network down into functional areas. This

ability includes being able to meet these objectives:

Define network management by identifying goals for proper network operation and the

evolution of network management

Break network management down into the five functional areas defined by the ISO

Describe the increased productivity and the ROI of network management


2/48

What Is Network Management?This topic describes the goals for network management and breaks down network management

into functional areas.

2007 Cisco Systems, Inc. All rights reserved. CWLMS v3.0 1-2

What Is Network Management?

The Goals:

Ensure that users of a networkreceive information technologyservices with the quality of servicethey expect.

Ensure the strategic and tacticalplanning of the engineering,operations, and maintenanceof a network and its services.

Help network engineers manage

the complexity of a data networkand ensure that data can goacross the network with maximumefficiency and transparency.

Prepare for disaster recovery.

Network management can be defined in terms of the goals a company hopes to achieve from

employing a network management strategy. From the perspective of end users, the network

should provide consistent, high-level services. The actual method of providing the services

should be as transparent to the user as possible. The user does not care so much about thenetwork itself, but rather that they can retrieve their e-mail quickly at any time, access

application servers or network printers, transfer files, or browse web pages in a timely manner.

To ensure that these needs are met, network engineers and administrators need effective

network management tools to deal with network complexities, provide maximum efficiency,

and minimize downtime by preparing for disaster recovery.


3/48


Evolution of Network Growth

Networks are increasing in scale and complexity.

You must not only manage the elements of the network infrastructure,but also the services across the element.

Support staff and budget do not always keep pace with technology.

Network traffic andnetwork technology

Network resources(support staff, $$)

Growth

Time

A good network management strategy must be a high priority. Because of the ever-increasing

uses and complexity of networks, you must strive to keep up with network demands. Ten years

ago, the main concerns of a network administrator, for the smaller, less-demanding user

population, were uptime and availability. Today, uptime and availability are still important, but

now more complex issues must be considered, including IP telephony, secure remote access,

quality of service (QoS), and a larger, more demanding user population. You must now employ

a management strategy that maximizes network efficiency and helps to reduce demands on the

network administrator.

Unfortunately, the growth of a support staff and budget does not always keep pace with new

technologies being implemented in the network. You must often do more in your position with

less support and staff. Having the correct tools to automate many routine tasks can make your

job much more efficient.


4/48

What Is FCAPS?This topic describes five functional areas of network management.


What Is FCAPS?

ISO defines five functional areas

of network management:

Fault management

Configuration management

Accounting management

Performance management

Security management

Some management issues may span several areas.

To assist in focused management, the International Organization for Standardization (ISO) has

defined five functional areas of network management, known as the FCAPS model, as follows:

Fault management

Configuration management

Accounting management

Performance management

Security management

Note Network issues do not always fit neatly into one functional area. Functional areas are used

to define various management issues.


5/48

A fault can be identified as a failure of a system, device, or component to operate as expected,

and requires action to resolve. Failures are indicated by excessive errors, such as alignment

errors in Ethernet. However, not all errors are considered faults. Some errors, such as collisions

in an Ethernet environment, are normal as long as they fall within an acceptable threshold.

Fault management is the detection, isolation, and correction of either persistent or transient

faults that cause networks to perform below expectations. Monitoring, the most basic function

of fault management systems, includes collecting information about device hardware and

software. Monitoring can also include data collection about device status, health, and

performance. Monitoring also includes post-collection analyzing and reporting based on thedata collected.


6/48

Documenting and understanding the network is at the very root of all network management

tasks. If you do not have a clear picture of network connectivity and the network configuration,

you cannot effectively maintain the network and resolve problems as they arise. Just as

important is that you have a secure and accurate archiving and tracking system for the

configuration files that drive network traffic. By maintaining an accurate archive of

configurations, you have better control of the network devices because you have rapid access to

vital configuration data about those devices, and you can compare and change configurations as

necessary.


7/48


8/48

The purpose of performance management is to monitor, evaluate, and report on the behavior

and effectiveness of network and system equipment, including devices, links, circuits, systems

and their components, and applications. This reporting has value for both real-time monitoring

as well as for historical reporting purposes. For example, you can use performance management

systems to poll for data from network devices, links, systems, components, or applications in

real time to alert support organizations of performance problems. In addition, you can collect

and store performance data over time to identify utilization patterns, such as the flow of hourly,

daily, weekly, and monthly data cycles. You can then use the performance data to identify

trends to support more informed capacity planning for network and system upgrades.

Performance management looks at the network as a whole, at all of the links between any two

points, to identify bottlenecks in performance and provide data to support more informed

solutions to performance problems. Performance management focuses on evaluation metrics

that indicate how network and system resources are used, how well resources are performing,

and how those utilization patterns affect the delivery of network services, both for current

analysis and future planning.


9/48

The primary focus of security management is to protect networks, systems, and data from

unauthorized access. Security management is an important consideration for both technical and

management staff because the security of a network extends beyond the network itself. The

security of a network extends to the physical environment that also controls access to networks

and data. Therefore, security management must include policies defined by both management

and technical staff to ensure secure access to networks. Security management also involves

securing access to, and securing the manipulation of, data that resides on the network, and

should include identifying procedures to follow when a security breach occurs.


10/48

Benefits of Network ManagementThis topic describes some of the benefits of a well-planned network management strategy.

Most users do not care how they get their data, just that they get it. Improperly managed

networks lead to downtime and loss of access to important data, making users painfully aware

of their dependence on the network. Often, every little problem is blamed on the network,

amplifying the need for network management. Employing network management allows

network administrators to be constantly aware of the status and health of the network.Deviations from expected behavior can be detected early and corrected before impacting users.

Managing the network cannot stop all network service degradation, but it can minimize the

degradation and provide the necessary data to assist the network administrator in a quick

resolution of the problem.

A well-planned and implemented network management strategy provides you with a

consistently high level of network services, which helps increase productivity. The collected

management data can also be used to maximize the return on investment, verify third-party

service-level agreements, and quantify change and growth. The time spent in formulating a

network management strategy will lead to an overall increase in network reliability and

effectiveness, and can save the organization money.

Note Good network management and statistics can provide a safe and effective way to deploy

new applications in a busy network. Network management information should be one of the

basic types of information that you gather when you deploy new applications in the network.


11/48

SummaryThis topic summarizes the key points that were discussed in this lesson.


Summary

Network management is often defined in terms of its goalsensuring network usability, easing day-to-day operations,and minimizing technology complexity.

Network management can be broken down into five functionalareasFault, Configuration, Accounting, Performance,and Security (FCAPS).

A good network management strategy reduces network downtimeand increases user productivity.


12/48


13/48

Lesson 2

Exploring the NetworkManagement Process

OverviewTo achieve the benefits of network management, you must collect and process the status and

health information of the network. This lesson describes the process of collecting network

information, focusing on the network management standards for information, and the

communication of that information.

Although it is important, network management traffic and resource consumption is considered

overhead. You should be familiar with how network management data can be collected, and the

network management information and communication models. This lesson will help you

understand the resource ramifications of performing various network management tasks, and

how to properly interpret the collected data.

Objectives

Upon completing this lesson, you will be able to describe the process of collecting network

status and health information, focusing on network management standards for information and

the communication protocol. This ability includes being able to meet these objectives:

Describe the process of collecting network status and health information from network

devices using an NMS

Define SMI and the MIB hierarchy to determine the OID for proprietary andnonproprietary MIB objects

Describe the SNMP communication model, SNMP versions, and polling versus traps


14/48

Performing Network ManagementThis topic describes the benefits of network management to network users, network

administrators, and the corporation. A clear understanding of these benefits is important for a

successful implementation of a network management strategy.

To achieve the benefits of network management, you must determine how to gather and

analyze the network status and health information. You can obtain this information from many

intelligent sources within the network environment. The data sources must be capable ofproviding visibility into the status and health of the network and its shared components, and

monitoring and storing the network information.

Network management should also allow for convenient and simple ways to modify devices to

change their behavior to meet stated requirements. Therefore, the purpose of a network

management system (NMS) is to automatically gather this information and present it to the

network administrator in a meaningful and useful way, to help ensure the availability,

reliability, performance, and security of the network. The NMS should also include tools to

assist in the modification of devices.


15/48


Sources for Information

`

GAUGEs TIMERs

0 9 1 2 3

COUNTERs TABLEs FILEs

Operating System Data Structures

Manageable Device

show

CommandsWebServer

SystemLogging

SNMPSNMP

AGENTAGENT

ProductionServices

Layer N Forwarding

HTTP80/TCP

syslog514/UDP

SNMP161/UDP

MIBObjects

SNMP-Trap162/UDP

Built-inIntelligence

Cisco Discovery Protocol,VTP, and Cisco IOS IPSLA

TelnetCLI

TFTPClient

TFTP69/UDP

Ping

Trace Route

Every computer-based system has internal mechanisms designed to report on the status of the

system and the production services provided by the system. Many network-based devices have

built-in intelligence, such as VLAN Trunking Protocol (VTP), Cisco Discovery Protocol, and a

Cisco IOS IP service level agreement (SLA) to assist in management activities that can be

configured and reported on using the same internal mechanisms. Access to the data provided by

these internal mechanisms is essential for network management activities.

Note The mechanism implementations vary from one system to another. Factors such as device

type, device model, operating system, and the version of operating system can be used to

characterize the mechanisms.

The internal mechanisms can consist of counters, gauges, tables, timers, and files. The retrieval

and modification of the information in these mechanisms for network management purposes

can be achieved through numerous communication protocols (depending on the device type),

including the traditional command-line interface (CLI), Telnet, HTTP, syslog, and TFTP. Other

simple applications, such as ping and traceroute, can also provide network management

information. In an effort to standardize the mechanism used for device status information that is

necessary for network management tasks, the MIB information model was created. Likewise,

the Simple Network Management Protocol (SNMP) is the standard communication model for

retrieving information held by the MIB.

Note The MIB objects consist of a database of values on the device that you can monitor or

modify using a NMS.
http://www.webopedia.com/TERM/M/database.htmlhttp://www.webopedia.com/TERM/M/database.html


16/48

Standards for Informationthe MIBThis topic describes the standard network management information model for the MIB.


Standards for Information

the MIBMIB:

Set of variables defining the status of a device (e.g. temp = 85 degrees)

Just factsnot whether it is good or bad

Defined according to SMI rules

Each managed object is described using a unique object ID (OID)

MIB I/MIB II:

Standard MIB (nonproprietary)

Objects included are considered essential for either fault or configuration management

Other standard MIBs:

RMON, host, router, etc.

Proprietary vendor MIBs:

Extensions to standard MIBs

SNMPAGENT

Thousands ofmanageable objects

following rules definedin the SMI standards

Each OID is described using ASN.1

An MIB is used to store information that represents device elements and their status. The

structure itself is called a Structure of Management Information (SMI). The SMI is a tree

structure that allows for efficient organization and retrieval of information. The leaves of the

tree are the actual MIB variables that contain information about some aspect of the device.

These values typically state a fact about the device, for example, temp = 85 degrees, rather thana health index. Once this value is retrieved, it is up to the NMS application or the network

administrator to make the determination as to the significance of this value. An object identifier

(OID) uniquely identifies each MIB variable. Each OID is described using Abstract Syntax

Notation One (ASN.1).

MIBs are highly structured depositories for information about a device. Many standard

nonproprietary MIBs exist to manage standard features. However, many more MIBs that are

proprietary exist to uniquely manage the devices of different vendors. These nonstandard

proprietary MIBs are simply extensions to MIB I/II.


17/48


Experimental (3)

Object Identifiers

SNMPSNMP

AGENTAGENT

ISO (1)

ORG (3)

DOD (6)

Internet (1)

Mgmt (2) Private (4)Directory (1)

mib-2 (1)

TCP (6)

UDP (7)

EGP (8)

CMOT (9)

Transmission (10)

SNMP (11)

System (1)

Interfaces (2)

AddressTranslation

(3)

IP (4)

ICMP (5)

.

.

.

Hierarchically structured

Each object uniquely identified

Sun (42)

Microsoft (311)

Apple (63)

Cisco (9)

IBM (2)

HP (11)

Proteon (1)

Internet Activities Board Administered Vendor Administered

Wellfleet (18) Unassigned(9118)

OID for system1.3.6.1.2.1.1 Enterprise (1)

Each managed object within a MIB has a unique OID, which is a number in dotted notation,

providing the code to traverse the SMI tree to reach the MIB variable. The MIB structure can

be viewed as containing two parts:

Standard or public part (nonproprietary) implemented on all devices and administered by

the Internet Architecture Board (IAB)

Private part (proprietary) that is used by individual vendors to manage the unique features

of their own devices

It would be convenient if a standard MIB existed for each device type, allowing for the

homogeneous management of devices of all vendors. However, each vendor implements their

MIBs differently and therefore must be managed using a different set of variables. Logically,

this makes sense, because the manufacturer of the device can best determine how to manage the

device.

The public side of the MIB (nonproprietary) contains variables that are common to all devices.

All devices should implement these variables to comply with common management needs. For

example, an OID for a variable in the System group would always begin with (1.3.6.1.2.1.1).

The private side of the MIB allows vendors to manage unique statistics that allow network

management personnel to track unique features and functions that the vendor has implementedin their devices.


18/48


Scalar Objects (Instance 0)

Sal A. Mander

OID for SNMP object sysContact1.3.6.1.2.1.1.4

OID for SNMP variable Sal A. Mander1.3.6.1.2.1.1.4.0

ISO (1)

Org (3)

DOD (6)

Mgmt (2)

MIB-2 (1)

System (1)sysDescr (1)

sysObjectID (2)

sysUpTime (3)

sysContact (4)

sysLocation (6)

sysServices (7)

sysName (5)

Scalar objects have only oneinstance of a variable.

Internet (1)

The OID for each MIB variable is appended with an instance identifier to differentiate it from

multiple occurrences of the same variable. This results in multiple instances of an MIB

variable. For example, there is an MIB variable called interface errors identified by a unique

OID. For each interface, there exists a separate instance of this variable. To distinguish

interface errors for each interface on a device, an instance identifier must be associated with

each interface and appended to the interface errors OID.

In some cases, such as the MIB variable system name, there exists only one instance of the

variable. These objects are known as scalar variables. To retrieve a scalar variable, the instance

identifier of 0 is appended to the end of the OID of the scalar variable.


19/48


Multiple Instances

Vector objects have appended instancesuffixes >0 to identify the row in two

dimensional tabular data structures.

ISO (1)

Org (3)

DOD (6)

Internet (1)Mgmt (2)

Mib-2 (1)

System (1)

ifTable (2)

Ifnumber (1)

Interfaces (2)

ifEntry (1)

value

ifSpecific (22)...ifMtu (5)ifType (4)ifDescr (3)ifIndex (1)

column

row 1

2

3

1.3.6.1.2.1.2.2.1.3.2

OID for variable: Instance 2 of ifDescr

Conceptualized Table

If each object is to be uniquely identified, MIB variables that can have more than one value,

such as multiple interfaces, present an interesting problem. The solution is to append an

instance identifier to the OID; the OID string alone identifies the object, whereas the OID string

with an appended instance identifies the value for the instance of the object.

Device objects that have multiple instances in which multiple MIB variables are defined are

represented using a table, in which the column is the MIB variable, and the row is the instance

of the device object.

In the figure, the NMS wants to retrieve the interface description for interface 2 (the instance

number of an interface may not always be corresponding). When traversing the MIB tree using

the OID, the number branch or object before the interface description leaf points to a table. The

next number in the OID indicates the column of the table, which corresponds to the interface

description MIB variable. The final number of the OID is the instance of the variable, and is

used to access the row of the table. The result is the interface description for interface 2. The

same OID with a different instance would result in the interface description for a different

interface.

Most management software applications append the appropriate instance identifier to an OID.


20/48


avgBusy1(57)

Cisco MIB

lsystem(1)

Cisco (9)

locIfOutBitsSec(8)

locIfInBitsSec(6)linterfaces(2)

.

.

.

CiscoMgmt(9)

CiscoPolicyAuto(18)

Temporary (3)

Local (2)

CiscoProducts (1)

CISCO-SMIv1-MIB

OLD-CISCO-INTERFACES-MIB

OLD-CISCO-SYS-MIB

All Cisco MIBs can be downloaded from Cisco.com.

Iso (1)Org (3)

DOD (6)Internet (1)

Private (4)Enterprise (1)

The figure presents a partial look at the structure of the MIB that is administered by Cisco.

There are many objects administered by Cisco, which are declared in more than 150 different

MIB definitions.

In the past, all of the objects under the Cisco MIB branch were documented in one large

document, updated with each new release of Cisco IOS Software. Therefore, there was a 9.0

Cisco MIB, a 10.0 Cisco MIB, and so on. The product line at that time consisted exclusively of

routers.

As Cisco IOS Software matured and the product line grew, this massive MIB model became

unscalable. Within one revision level of Cisco IOS Software, there were different versions,

such as the IP-only image and the IBM feature set version. The product line also began to

include other devices such as LAN switches running completely different software.

Starting with Cisco IOS Release 10.2, the Cisco MIB was broken into individual component

MIB documents, each focusing on a specific feature, technology, or device type. This structure

allows quicker implementation of new features and allows you to compile only the parts you

need into your NMS.

Brief descriptions of the main subordinate branches under Cisco (9) are listed as follows:

CiscoProducts (1): The root of the Cisco product sysObjectID values that are declared inCISCO-PRODUCTS-MIB.

Local (2): The subtree beneath which releases prior to Cisco IOS Release 10.2 MIBs were

built.

Temporary (3): The Cisco IOS Release 10.2 experiments were placed here.

pakmon (4): Reserved for pakmon.

Workgroup (5): Reserved for use by the Workgroup Business Unit.


21/48

OtherEnterprises (6): The location that MIBs from other companies are rerooted to in

order to maintain a controlled version.

CiscoAgentCapability (7): The root for the assigned AGENT-CAPABILITIES value.

CiscoConfig (8): The main subtree for configuration MIBs.

CiscoMgmt (9): The main subtree for new MIB development.

CiscoExperiment (10): This branch provides a root OID from which experimental MIBs

may be temporarily based. MIBs are typically based here if they fall into one of two

categories: Internet Engineering Task Force (IETF) work-in-process and Cisco work-in-

process. IETF works-in-process are MIBs that have not been assigned a permanent OID by

the Internet Assigned Numbers Authority (IANA). Cisco works-in-process are MIBs that

have not been assigned a permanent object identifier by the Cisco assigned number

authority, typically because the MIB is not ready for deployment. Support for MIBs in the

CiscoExperiment subtree are deleted when a permanent OID assignment is made.

CiscoAdmin (11): Reserved for OIDs not associated with MIB objects.

CiscoModules (12): The root for the MODULE-IDENTITY objects.

Lightstream (13): Reserved for use by LightStream.

Ciscoworks (14): The root for MIBs applicable to the CiscoWorks family of network

management products.

Newport (15): Reserved for Newport Systems Solutions, now part of the Access Business

Unit.

CiscoPartnerProducts (16): This is the root OID from which partner sysObjectID values

may be assigned. Partner sysObjectID values are composed of the CiscoPartnerProducts

prefix, followed by a single identifier that is unique for each partner, followed by the value

of sysObjectID of the Cisco product from which the partner product is derived. Note that

the chassisPartner MIB object defines the value of the identifier assigned to each partner.

CiscoPolicy (17): The root of the policy management subtree.

CiscoPolicyAuto (18): This branch is a subtree for OIDs that are automatically assigned

for use in policy management.

Note The current URL to download Cisco MIBs is

www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml , or searchcisco.comfor

software center download mibs.
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlhttp://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlhttp://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


22/48


Basic MIB Variable Types

String

A text string that provides information.

Gauge

A value that can go up or down. (for example, speedometer)

A gauge variable is not time-dependent.

Counter

A value that is always incrementing. (for example, odometer)

It requires two reads to associate it with time.

What is this device? sysDescr Cisco Systems WS-C55005

What is the temperature of the device? Temperature

What is the collision rate?

88

3567451 3567433 = 18/min

ethCollisions

ethCollisions

t=0

t=60s

3567433

3567451

The values returned by the MIB variables are used to make determinations about the health of a

system. It is important to understand the different types of MIB variables to properly interpret

the value returned. The following describes three basic types of MIB variables:

String: The value returned is simply a text string describing some aspect of the device.

Gauge: One way to describe a gauge would be an absolute value. The value returned by a

gauge represents the condition at the time the value was polled. The value can go up or

down. An analogy would be the speedometer in a car. At any time, the speedometer

indicates how fast the car is going at that moment.

Counter: A counter can be described as a delta value. Counters simply increment every

time the corresponding event takes place, such as Ethernet collisions. An analogy would be

the odometer in a car; the odometer indicates how many total miles the car has traveled

since the car was built. To properly analyze a counter variable, two readings must be taken

to associate the variable with respect to time, or other measuring metric. You should not be

alarmed when the Ethernet collisions MIB variable returns a large value, because there is

no association with how long the counter has been counting. You should reread the variable

some time later, and the two values should be compared, resulting in a delta value. The

result is the number of collisions that occurred during the polling period, which is the time

between each reading of the MIB variable.


23/48

Standards for CommunicationSNMPThis topic describes the standard network management communication model, SNMP, used to

retrieve information from the MIBs.

The SNMP protocol defines the rules that govern communication between the manager and the

management agents in network elements. As its name suggests, SNMP is a simple protocol

that, in its original version, SNMPv1, had five protocol message types that defined how

information was exchanged between manager and agents. The original five message types areas follows:

get-request: The SNMP manager generates get-request messages when it requests the

value of an MIB variable.

get-next-request: These messages are very similar to get-request messages except that a

get-next-request message obtains the value for the next instance of an MIB variable or the

MIB variable next in line to the OID specified in the previous request.

set-request: The set-request message is used by the SNMP manager to initialize or reset

the value of an MIB variable.

get-response: The get-response message is generated by an agent on receipt of a get-

request, a get-next-request, or set-request message sent by an SNMP manager.

Trap: The Trap message is an unsolicited message sent by an agent. Traps occur when an

agent observes an occurrence of a preset parameter in the agent.

SNMP managers and agents generate SNMP messages and encapsulate them in User Datagram

Protocol (UDP) for transmission over IP. All SNMP managers use UDP port 161 for receiving

SNMP messages except for traps. SNMP managers listen for traps on port 162. Each SNMP


24/48

message, except the trap message, contains a plaintext string, known as the community string,

used to restrict access to managed devices.


25/48


SNMP Get Request and Response

SNMPManager

SNMPAgent

Read=public

read/write=private

get-response

(sysDescr.0=Cis

coIOS)

Verify accesspermission and retrieve

MIB value using OID totraverse the MIB tree.

InstanceOID

1.3.6.1.2.1.1.1

MIB value

get-request(sysDescr.0)ReadCommunity(public)

In the figure, the NMS has requested the system description of a device on the network. The

NMS, which also understands the MIB structure, creates an SNMP get-request message

containing the OID for the system description MIB object (1.3.6.1.2.1.1.1.0), and the read

community string for access to the MIB on the device (public in the example). The SNMP

agent on the device receives the request and checks for proper read access by comparing its

SNMP read community string with the string sent by the NMS. If the community strings are the

same, the request is authorized and the SNMP agent uses the OID in the get-request message to

traverse the MIB tree to retrieve the requested MIB object. The SNMP agent places the result

of the request into a get-response message and sends it back to the NMS for viewing.


26/48


Evolution of SNMP

SNMPv1

Defined in 1988 to address management needs of theevolving Internet

SNMPv2c

Released in 1993 and revised in 1995

Added new message type, the get-bulk request, for a more efficientretrieval of multiple rows of a table

Has 64-bit counters

Still lacks strong security

SNMPv3

Issued in 1998

Contains security enhancement

Provides remote administration capabilities

Is an architectural framework

There are three versions of SNMP available today:

SNMPv1: SNMPv1 was defined in 1988 to address the management needs of the evolving

Internet and quickly became a standard in 1990.

SNMPv2c: SNMPv2c was released in 1993 and revised in 1995 to address observed

limitations in SNMPv1. The most noticeable enhancements were the introduction of the

get-bulk-request message type and the addition of 64-bit counters. Retrieving information

with get and get-next-request messages was an inefficient method of collecting information

from device tabular data structures. Only one variable at a time can be solicited with

SNMPv1. The get-bulk-request of SNMPv2c addresses this weakness by receiving a bulkof information using a single request. Also, the 64-bit counters address the issue of the 32-

bit counters rolling over too quickly, especially with high-speed links such as Gigabit

Ethernet. However, SNMPv2c still lacks strong security, which was one of the original

goals.

SNMPv3: SNMPv3 was issued in 1998 and offered many new enhancements over

SNMPv1 and SNMPv2c. SNMPv3 provides strong security, remote administration

capabilities, and an architectural framework. Perhaps the most important enhancement is

that SNMPv3 defines a method for providing SNMP message-level security. SNMPv3

provides a user-based security model, much like the client-server security that is prevalent

today to protect users against four types of threats: the modification of information, a user

masquerading as a valid user, the modification of an SNMP message stream, or disclosure.SNMPv3 provides authorization and access to an MIB subtree on a per-user basis.


27/48


CiscoWorks LMS SNMP Support

SNMPv1 and SNMPv2c

Community strings are sent in plaintext.

It is recommended that you use ACLs to filter SNMP requeststo a device.

SNMPv3 authNoPriv

Provides authentication based on theHMAC-MD5 or HMAC-SHA algorithms.

Does not encrypt the packets.

CiscoWorks LAN Management Solution (LMS) currently supports the following SNMP

options:

SNMPv1 and SNMPv2c: SNMPv1 and SNMPv2c use a community string as a form of

security. Because the community string is sent in plaintext, it is recommended that you use

an access control list (ACL) on Cisco IOS devices and an IP permit statement on Cisco

Catalyst operating system devices to restrict SNMP requests.

SNMPv3 authNoPriv: SNMPv3 provides packet-level security, integrity protection, and

replay protection, but does not encrypt the packets.

The table lists all of the security models and levels defined in SNMP:

SNMP Security Models and Levels

Model Level Authentication Encryption What Happens

v1 noAuthNoPriv Community string No SNMPv1 uses a community string matchfor authentication.

v2c noAuthNoPriv Community string No SNMPv2c uses a community string matchfor authentication.

v3 noAuthNoPriv Username No SNMPv3 noAuthNoPriv uses a usernamematch for authentication.

v3 authNoPriv Message Digest 5(MD5) or SecureHash Algorithm(SHA)

No SNMPv3 authNoPriv providesauthentication based on the HashedMessage Authentication Code (HMAC)-MD5 or HMAC-SHA algorithms.


28/48

Model Level Authentication Encryption What Happens

v3 authPriv HMAC-MD5 orHMAC-SHA

DataEncryptionStandard(DES)

SNMPv3 authPriv provides authenticationbased on the HMAC-MD5 or HMAC-SHAalgorithms. Provides DES 56-bitencryption in addition to authenticationbased on the Cipher Block Chaining(CBC) DES (DES-56) standard.


29/48


Disk

Polling vs. Traps

WAN(equals $$)

Rule: If disk utilization is greater than98%, perform maintenance.

If disks reach 100%, then massivefailures occur (equals lost revenue).

NMS ServerFarm

Exactmoment

When diskutilization = 98%,

send trap andperform

maintenance

N/ANiltrap

GoodNone

Performmaintenance

t=0 97%

t=15 99%High15min

Not goodNone

Update resume

t=0 97%

t=15 DeadLow15min

ProblemAvoidance

ActionValue

RetrievedWAN

UtilizationPollingRate

Disk

Disk

As beneficial as network management can be, the process of collecting the information is still

categorized as overhead. You should use care when configuring management tools in order to

limit the amount of traffic generated by management tasks, but not at the expense of the

granularity needed to properly manage the network.

Example

The figure shows the trade-off between setting polling intervals and using traps. In this

scenario, the company has many mission-critical resources overseas that can cause a majorsystem meltdown if a disk becomes full. The company wants to monitor the disk utilization

using SNMP. They automate the polling of disk utilization and create a script to check disk

utilization. If the utilization reaches 98%, the script performs maintenance procedures on the

disks to avoid a system meltdown. The trick is to set the polling period frequently enough to

recognize and correct the condition early enough, but not so frequently that the polling

overloads the high-cost WAN link.

The engineer first sets the polling period to every 15 minutes. At this rate, the WAN is not

burdened by the management traffic. However, the polling period is great enough that by the

time the next poll occurs, the system may have already crashed. Next, they try 15 seconds. At

this rate, the next polling period is soon enough to catch the condition close to its actual

occurrence. However, polling all of the resources at this rate causes a substantial hit to theWAN utilization. Obviously, the setting of the polling interval can be challenging.

Compare this scenario to using SNMP traps. Employees modify the BIOS on all of the

resources to check the disk utilization after each disk write operation. If the 98% threshold is

breached, a trap message is sent to the NMS, which in turn runs the script to perform the

necessary maintenance. Now the condition is discovered at the exact moment it occurs and

WAN bandwidth for polling is almost zero. The overhead is now the burden of the resource;

again, a trade-off.


30/48



Summary

To reach the goals of network management, you must collectinformation about the status and health of the network andnetwork devices.

MIBs allow for a standardized way to define and store the data.

SNMP provides a standardized way to retrieve data storedin MIBs.


31/48

Lesson 3

Examining the CiscoWorksLMS Applications

OverviewThis lesson describes the features and benefits of the applications in CiscoWorks LAN

Management Solution (LMS) software, and the client/server architecture used in these

applications. Understanding the functions of each CiscoWorks application enables you to

choose which tools to use to solve a particular problem.

Objectives

Upon completing this lesson, you will be able to describe an overview and the features of the

CiscoWorks applications in the CiscoWorks LMS bundle. This ability includes being able to

meet these objectives:

Explain how CiscoWorks is a bundle of network management applications and describe the

client/server architecture

Describe each of the applications that are included in the CiscoWorks LMS bundle


32/48

What Is CiscoWorks?This topic describes the CiscoWorks LMS bundle and its functional architecture for managing

network devices.


What Is CiscoWorks?

Centralized systemfor sharing networkdevice information.

Portal provideslaunch points

for applications.

Tools provide innovative ways tomanage network devices.

The CiscoWorks LMS bundle contains some of the most common applications used to manage

Cisco network devices. Using these applications, network managers can provide

comprehensive configuration, fault, and performance management for Cisco-based networks.

The CiscoWorks LMS Portal provides launch points for applications and the major functions

installed on the local or remote CiscoWorks servers. These tools provide innovative ways to

centrally manage critical network characteristics such as availability, responsiveness, resilience,

and security in a consistent way.

CiscoWorks LMS has a centralized system for sharing device information across all

applications, improving manageability and allowing the management system to more

dynamically adjust to changes. CiscoWorks LMS also offers a new lightweight desktop

interface that facilitates rapid navigation between tools and that can be modified to individual

workflow needs. CiscoWorks LMS optionally uses security information maintained in Cisco

Secure Access Control Server (ACS) to simplify the management of user privileges. Cisco

Secure ACS integration provides flexibility in defining user roles, and supports secured user

views of specific devices or groups of devices by geographic or logical network segments.


33/48


Network Devices

CiscoWorks Functional Architecture

(SNMP Agents)

CiscoWorksServers

MIBsSNMP, Telnet, SSH,

TFTP, RCP, SCP,

and HTTPS

HTTP

HTTPS

AAA Server(Access Control Server)

RADIUS

TACACS+User Authentication andAuthorization

Multi-Server Trust

Cisco.comCisco.com

The CiscoWorks Functional Architecture provides:

A client/server/agent architecture

Central storage of information

Access to information using a web browser

Automatic collection of updates and changes

Changes/Updates

CiscoWorksClient

(Web Browser)

The CiscoWorks architecture is based on clients, servers, and agents. Information about the

Cisco device configurations, faults, and performance is stored in the MIBs of the devices. The

server uses Simple Network Management Protocol (SNMP), Telnet, Remote Copy Protocol

(RCP), or TFTP to retrieve information from managed devices or agents located in the network.

Because protecting company information and network access is a top priority, you can secure

the access between the CiscoWorks server and remote devices by using Secure Shell (SSH),

Secure Copy Protocol (SCP), HTTPS, and SNMP v3. The information is gathered from the

network on a scheduled or manual basis, or when a change in the network is detected, and is

stored in a central database located on the CiscoWorks server.

Clients access network information in the CiscoWorks database by using a supported web

browser to access the CiscoWorks server. Secure Sockets Layer (SSL) is used to secure user

authentication when the CiscoWorks server is accessed. By default, authentication and

authorization of users is handled locally on the CiscoWorks server. Authentication can also be

handled remotely by one of several methods, including TACACS+ and RADIUS. For a more

custom control of authentication and authorization on a per-device basis, you can integrate

CiscoWorks with an ACS, on which you can create user defined roles.

Communication between multiple CiscoWorks servers is enabled by a trust model addressed by

certificates and shared secrets. This trust model allows you to install applications within the

CiscoWorks LMS bundle on separate servers and still share information collected from thenetwork.

In addition, CiscoWorks is tightly integrated with Cisco.com. By using the extensive

knowledge base in Cisco, you can easily locate CiscoWorks product information, software

images, software updates, and more.


34/48

CiscoWorks LMS ApplicationsThis topic describes the individual applications in the CiscoWorks LMS bundle.


CiscoWorks LMS Applications

Common Services

R

esource

Manager

E

ssentials

Campus

Manager

C

iscoView

Device

Fault

Manager

Internetwork

Pe

rformance

Monitor

CiscoWorks Assistant

CiscoWorks Portal

Device

Center

CiscoWorks LMS provides the integrated management tools needed to simplify the

configuration, administration, monitoring, and troubleshooting of Cisco networks.

CiscoWorks LMS includes the following applications:

CiscoWorks Common Services

CiscoWorks Portal

CiscoWorks Assistant

CiscoWorks Campus Manager

CiscoWorks Resource Manager Essentials (RME)

CiscoWorks Internet Performance Monitor (IPM)

CiscoWorks Device Fault Manager (DFM)

CiscoView

CiscoWorks Device Center

CiscoWorks Common Services provides a set of shared application services that all of the

CiscoWorks LMS applications use. CiscoWorks Common Services Release 3.1 includes

CiscoView, Integration Utility, CiscoWorks Portal, and CiscoWorks Assistant. Except for

CiscoView, these applications are used for managing the CiscoWorks server. The rest of the

CiscoWorks applications focus on the functional areas of the ISO Fault, Configuration,

Accounting, Performance, and Security (FCAPS) model.


35/48


Network Devices

CiscoWorks Common Services

(CiscoWorks Common Services)

Web page, process management,user security, and the help engine

Database engine and utilities,event distribution services,

and job management

RuntimeServices

SystemServices

Web BrowserUser Interface

DCR

Applications

Common set of managementservices shared by the

CiscoWorks applications

CiscoWorks Common Services represents a common set of management services that the

CiscoWorks applications share. CiscoWorks Common Services provides a model for device

credentials, data storage, login, user role definitions, access privileges, security protocols, and

navigation. CiscoWorks Common Services enables you to manage user roles and privileges,

which allow you to control access to applications and specific features within the applications.

User roles and privileges are controlled by built-in authentication and authorization services, or

through an external ACS.

CiscoWorks Common Services creates a standard user experience for all management

functions. It also provides a common framework for all basic system-level operations such as

installation, data management including backup-restore and import-export, event and message

handling, and job and process management.

The CiscoWorks Common Services server consists of the following services:

Runtime services: The web page, process management, security, and the help engine,

which is enabled at installation

System services: The database engine and utilities, as well as event distribution services

and job management

Note CiscoWorks Common Services and CiscoWorks applications use popup dialog boxes for

many features. If you have a popup blocker enabled in your browser, none of these popups

will appear. Therefore, if a popup blocker is installed, you must disable it.


36/48

CiscoWorks LMS Portal is the first page that appears when you launch the CiscoWorks LMS

application. It serves as a top-level navigation interface and launch point for the frequently used

functions in the application. You can view important statistics and details on the CiscoWorks

LMS applications installed on your CiscoWorks server in a single page instead of navigating

through several pages.

Portlets are the basic units in the CiscoWorks LMS Portal, and are organized into views that are

displayed as tabs across the top of the portal. You can add, delete, or customize portlets and

views in your private portal. The public portal is shared by all users and can only be modified

by an administrator.

The primary benefits of the CiscoWorks LMS Portal are as follows:

Customization: You can personalize the CiscoWorks LMS portal using the drag and drop,

add, edit, and remove features.

Information available in a single click: The CiscoWorks LMS Portal provides easy and

quick access to the most vital, often-viewed information for applications in the CiscoWorks

LMS suite.

Multiserver support: The CiscoWorks LMS Portal lists all of the portlets based on the

applications installed on remote servers.

Lightweight GUI: The CiscoWorks LMS Portal eliminates the need to install plug-ins to

launch an application.


37/48

CiscoWorks Assistant, included in the CiscoWorks LMS solution, is a web-based tool that

provides workflows to help you overcome network management and software deployment

challenges. CiscoWorks Assistant is installed with CiscoWorks Common Services.

CiscoWorks Assistant workflows contain functionalities that are available across CiscoWorks

LMS applications. These functionalities are grouped logically to set up and configure the

CiscoWorks LMS server and to troubleshoot your end hosts, IP phones, and network devices.

Using CiscoWorks Assistant, you can easily deploy multiple CiscoWorks LMS servers and

maintain device credentials.

CiscoWorks Assistant supports the following deployment and troubleshooting workflows:

Server Setup: You can deploy a single CiscoWorks LMS server or multiple CiscoWorks

LMS servers in your network. You can add devices to the Device and Credential

Repository (DCR) and import these devices across CiscoWorks LMS applications. You can

also change the CiscoWorks user authentication and authorization.

End Host/IP Phone Down: This workflow allows you to locate and track the end hosts

and IP phones in your network, thus providing you with the information required to

troubleshoot and analyze connectivity issues.

Device Troubleshooting: This workflow helps you identify the root cause for deviceunreachabililty problems.


38/48


CiscoWorks LMS Setup Center

Shortcuts to:

System settings

Security settings

Data collectionsettings

Data collectionschedule

Data purge settings

Shortcuts to system-widesetup configuration tasks

and the CiscoWorks

Assistant Server setup

CiscoWorks LMS Setup Center is a centralized area that displays the CiscoWorks system

configurations. It allows you to configure the server settings immediately after installing the

CiscoWorks LMS software. It also has a shortcut to the CiscoWorks Assistant Server Setup.

One of the most common observations from new CiscoWorks users is that it is difficult to

remember which application menu to navigate when changing a system setting. CiscoWorks

LMS Setup Center was designed to provide shortcuts to those options that can be difficult to

find. The Edit icon displayed for each setting takes you to the respective application page to

configure the settings.

The configurations in CiscoWorks LMS Setup Center are grouped into the following

categories:

System settings: The configurations that the system needs to function

Security settings: The security-related settings for the product

Data collection settings: The settings necessary for collecting data from the devices

Data collection schedule: The schedule settings for collecting the data from the server

Data purge schedule: The configurations that are necessary for the device to purge data

The settings specific to all applications, including CiscoWorks Common Services, CiscoWorks

RME, CiscoWorks Campus Manager, and Device Fault Manager, are grouped within these five

categories, and enables you to configure them in a common space. If an application is not

installed, the corresponding entries are not available.


39/48


CiscoWorks Campus Manager

Visualization(Topology Services)

Diagnostics(Path Analysis)

User Tracking

Configuration Management, Fault Management

View physical and logicalconnectivity of network.

Configure and view VLANs,VTP, and ATM domains.

Report on devices, bestpractices, and discrepancies.

Locate the connectivityof hosts, end users,and IP phones.

Obtain a map or table trace ofthe Layer 2 and Layer 3communication between twodevices.

Configuration

Reports

CiscoWorks Campus Manager focuses primarily on configuration management, both physical

and logical connectivity, of devices and end stations. It consists of the following separate tools

that can be used to manage and monitor Layer 2 and Layer 3 Cisco devices on the network:

Visualization: With Topology Services, you no longer have to trace cables through a

wiring closet to determine which devices are connected to which ports. The Topology

Services tool auto-discovers Cisco routers and switches on the network and displays the

network layout in browser-accessible topology maps allowing you to view and monitor the

physical and logical services in your network.

Configuration: CiscoWorks Campus Manager provides configuration menu workflows

that allow you to create and modify VLANs, assign VLANs to ports, display VLAN ports,

configure trunk ports, disallow VLANs on trunks, manage PVLANs, and configure

promiscuous ports.

Reports: The CiscoWorks Campus Manager Reports menu allows you to view device

attributes, port attributes, and VLANs associated with selected devices. In addition, you can

run discrepancy reports discovered during data collection and display best practices

deviations found in the network.

User Tracking: The User Tracking tool greatly simplifies the task of tracking user and

end-station connections to the network. User tracking automatically identifies all end

stations connected to Cisco switches that have been discovered on the network, includingprinters, IP phones, servers, and PCs. User Tracking also collects detailed information

about each end station, including MAC address, IP address, Domain Name System (DNS)

host name, port assignment, and VLAN memberships.

Diagnostics: Path Analysis is a diagnostic tool for troubleshooting connectivity-related

problems between end stations and Layer 2 and Layer 3 devices. The user can trace the

Layer 2 and Layer 3 path between any two endpoints, or between the endpoints of an IP

phone call, on the discovered network. This trace makes it easier to find the problem when

connectivity is lost.


40/48

CiscoWorks RME primarily focuses on the configuration management aspect of network

management. It includes many automated features that simplify configuration management

tasks, such as performing software upgrades or changing configuration files on multiple

devices. CiscoWorks RME also includes fault management features through the filtering of

syslog messages. CiscoWorks RME consists of these major functions, as well as some

additional features that you can use to manage Cisco devices:

Inventory Management: All CiscoWorks RME functions are based upon devices from the

DCR. The Inventory Management function collects and stores detailed information on

every device managed by the CiscoWorks RME server. Inventory Management displaysthis information through an extensive set of custom and standard inventory reports. In

conjunction with Change Audit Services, Inventory Management automatically tracks any

changes to device components.

Configuration Management: The Configuration Management function stores the current

and previous versions of the configuration files for all of the supported Cisco devices

managed in the CiscoWorks RME inventory. The number of previous versions stored is a

user-configurable number. It automatically tracks changes to configuration files and

updates the archive if a change is made. Two additional functions, NetConfig and Config

Editor, are available to edit configuration files. The NetConfig application allows you to

save sets of commands and execute those commands on multiple devices at the same time.

Config Editor allows you to edit and download individual configuration files to devicesthrough a GUI instead of the command-line interface.

Software Management: The Software Management function is used to store the most

current copies of software images running on all of the supported Cisco devices in the

network, as well as any additional software images that a network manager wishes to

maintain. You can use Software Management to reliably upgrade images on one or more

devices at the same time. If any errors occur during an upgrade, CiscoWorks RME allows

the user to roll back to the previous version. Optionally, for added security and change


41/48

management control, software images are not downloaded unless approved by specifically

assigned users.

Syslog Analysis: The Syslog Analysis function stores syslog messages from any device

configured to forward syslog messages to the CiscoWorks RME server. You can customize

it to filter out certain messages, or to automatically execute a series of commands if a

specific message is detected. For example, you can send an e-mail to the network

administrator if a critical-level error occurs on an important network device. Syslog reports

allow you to quickly view and sort messages by severity level, alarm type, device, or date.In addition, a report of any messages logged in the past 24 hours is available, to see if any

serious errors occurred overnight.

Change Audit Services: The Change Audit Services function allows you to trace changes

made to various functions within the network. Change Audit Services stores detailed

information about changes that are made to the inventory, software images, and

configuration files. This information allows the user to track changes in case there are

problems. You can track changes by what change was made, how the change was made,

when the change was made, and who made the change. You can also sort and view change

records by type, user, date, or method of change, such as Telnet, CiscoWorks RME

function, and other methods.

Audit Trail: Audit Trail is similar to Change Audit. Instead of logging changes to devices,Audit Trail tracks and reports administrative changes made to the CiscoWorks RME

settings.


42/48


Use synthetic tests to measureprotocol response times andmonitor device availability.

ICMP echo test

TCP connect test

DNS resolution test

DHCP test

HTTP response test

Voice, video jitter test

And more

Isolate delays by viewing latencyhop-by-hop.

Identify performance trends usinghistorical data.

Performance Management

CiscoWorks Internet PerformanceMonitor

The constant growth of networks today creates challenges for the network administrator in

maintaining the performance and availability of the network. Users often report that they have

network performance and availability issues, such as the network being slow or down. Network

administrators need an effective way to discover network problems, usually by collecting data,

before the problems affect end users.

CiscoWorks IPM provides the network administrator with the ability to measure network

response time, determine availability, and analyze response time patterns end-to-end as well as

hop-by-hop (router-to-router). CiscoWorks IPM also warns the network administrator of long

delays by using SNMP traps and events that allow the network administrator to proactively

solve potential performance issues before they affect the end user. To measure response time

information more precisely, CiscoWorks IPM measures the performance of business

application traffic directly. Using only ping to measure response time may not be enough.

Measuring the delay of voice data and other upper layer protocols, such as TCP, User Datagram

Protocol (UDP), DNS, and DHCP, can provide important information for optimizing the

network.


43/48


CiscoWorks Device Fault Manager Proactively monitor

Cisco devices for faults:

Environmental(temperature,voltage, power

supply) Connectivity

Processor, memoryutilization, etc.

Interface utilization,errors, down

Generate notificationsfor alerts and events.

Search 31 days of faulthistory.

Fault Management

Alerts and Activities

Fault History

Fault management of the network is vital to the success of a company. Traditionally, fault

managers simply determined whether a device was up or down. With the complexity of

network infrastructure equipment today, a device can be up but performing poorly, resulting

in network performance degradation. Most fault managers allow you to selectively poll specific

MIB variables to determine the overall health of a device. However, this selective polling

requires a great deal of knowledge to determine what constitutes a healthy device, and which

MIB variables to poll to determine its health.

CiscoWorks DFM directly addresses these issues, listening to SNMP traps, and contains the

intelligence to poll for predefined MIB variables for most Cisco devices. CiscoWorks DFM

then correlates multiple events together and displays them as alerts to determine the health of a

device without user intervention. You can configure notifications to proactively advise you

when a problem exists in the network, and you can search the fault history by alerts or events

that are stored for 31 days.


44/48


CiscoView

Graphically monitorsand configures a Cisconetwork device.

Configure and monitormini-RMON onEthernet ports.

Configuration Management, Performance Management, Fault Management

Chassis View

Mini-RMONManager

CiscoView Chassis View is an easy-to-use, graphical application that allows the user to

configure and monitor a Cisco device. CiscoView Chassis View aides network managers by

displaying a physical view of a Cisco device and color-coding device ports for at-a-glance port

status, allowing you to quickly grasp essential information. The CiscoView Chassis View

features provide dynamic status, device monitoring, and comprehensive configuration

information for Cisco internetworking products such as routers, switches, and access products.

Being web-based, CiscoView Chassis View allows access from any client that has a standard

browser, network access, and minimum hardware requirements.

CiscoView Mini-RMON Manager provides web-enabled, real-time, Remote Monitoring

(RMON) information to users to facilitate troubleshooting and improve network availability.

Used in conjunction with certain Cisco devices, CiscoView Mini-RMON Manager provides

visibility into network issues or problems before they become critical.

Note CiscoView is installed when CiscoWorks Common Services is installed.


45/48


CiscoWorks Device Center

Tools used todebug device-related problems

Reports that canbe launched for theselected device

Managementtasks that can beperformed on theselected device

Configuration Management, Performance Management, Fault Management

Launch tools, reports, andmanagement tasks on a

network device.

Navigating the CiscoWorks menus to find the correct application can be challenging. The

network administrator may not use the correct application in troubleshooting a problem because

they do not navigate to the correct menu location. When a specific device is experiencing

unusual behavior, it is easier to start from that device to see what tools are available.

CiscoWorks Device Center provides a device-centric view for CiscoWorks applications from a

single location. It displays a summary, available reports, various tools, and tasks that you can

perform on the selected device. CiscoWorks Device Center is a very useful tool in

troubleshooting devices in the network.

You can perform device-centric activities, such as changing device attributes, updating

inventory, Telnet, and more, depending on the applications that are installed on the local

CiscoWorks Common Services server. You can launch other CiscoWorks LMS tools, reports,

and management tasks from CiscoWorks Device Center, but only from applications that reside

on the local server.

Note You cannot launch tools, reports, or perform management tasks that pertain to applications

installed on a remote server.


46/48



Summary

CiscoWorks LMS is a bundle of applications that can securely andefficiently manage network devices from a centralized location byusing a web-based client/server architecture. Routine tasks canbe automated to make the network administrator more effective.

The CiscoWorks applications in the CiscoWorks LMS bundle areCiscoWorks Common Services, CiscoWorks LMS Portal,CiscoWorks Assistant, CiscoWorks LMS Setup Center,CiscoWorks Campus Manager, CiscoWorks RME, CiscoWorksIPM, CiscoWorks Device Fault Manager, CiscoView, andCiscoWorks Device Center.


47/48

Module SummaryThis topic summarizes the key points that were discussed in this module.


Module Summary

The ultimate goal for network management is to make a network astransparent as possible. This becomes more difficult with increasednetwork use and complexity. ISO defines network management using theFCAPS model. A good network management strategy will reducenetwork downtime.

Collecting information about the status and health of the network isaccomplished by standardizing the way to store data (MIBs) and themethod used to retrieve data (SNMP).

CiscoWorks LMS is a bundle of applications that assist in managingnetwork devices from a centralized location, automating many routinetasks. The CiscoWorks applications in the LMS bundle are CiscoWorksCommon Services, CiscoWorks LMS Portal, CiscoWorks Assistant, LMSSetup Center, Campus Manager, CiscoWorks RME, IPM, DFM,CiscoView, and CiscoWorks Device Center.

When you successfully perform your role as a network administrator, nobody really knows who

you are and how well you do your job. The typical user of a network does not care how the

network works, as long as they can do their job. It is when the network goes down that the user

gets to know you. The goal to make the network as transparent as possible becomes more

difficult with increased use and complexity. Sometimes you are expected to do more with fewerresources at your disposal.

Network management tools are designed to automate routine tasks and remotely manage a

network. In order to accomplish these tasks, a standard for the way data is stored and retrieved

was developed. With network management software, a user can easily obtain data stored in the

MIB on a device via Simple Network Management Protocol (SNMP). CiscoWorks LAN

Management Solution (LMS) is a bundle of applications that manage the network from a

centralized location, automating many routine tasks and making your job easier and more

efficient.


48/48

cwlms30 module s01

Documents