Cisco Systems Dial NMS User Manual

Basic Dial NMS Implementation Guide

Internetworking Solutions Guide August 2000

Corporate Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel:

408 526-4000 800 553-NETS (6387)

Fax: 408 526-4100

Text Part Number: OL-0556-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONS IBILITY FOR TH EIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SE T FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNA BLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX op erating system. All righ ts reser ved. Copy right © 1981, Regent s of th e Universit y of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCL AIM ALL WARRANTI ES, EXPRESSE D OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR P URPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROF ITS OR LOSS OR DAMAG E TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Access Registrar, AccessPath, Any to Any, Are You Ready, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-P AC, the Cisco logo, Cisco Certified Internetwork Expert logo, CiscoLink, the Cisco Management Connection logo, the Cisco NetWorks logo, the Cisc o Powe re d Network logo, Cisco Systems Capital , the Cisco Sy stems Ca pital lo go, Cisc o Systems Net workin g Academ y, the Cisco S ystems Networ kin g Academy logo, the Cisco Technologies logo, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, IQ Breakthrough, IQ Expertise, IQ FastTrack, IQ Readiness Scorecard, The IQ Logo, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, Precept, RateMux, ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, The Cell, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn, Empowering th e Internet Generation, The Internet Economy, and T he New Internet E conomy ar e service mark s; and Airone t, ASI ST, BPX, Cataly st, Ci sco, Cisco IOS, the Cisco IOS logo, Cisco Systems, the C isco S ystems l ogo, the Cisco Syste ms C isco Pr ess logo, C ollisio nF ree, Enter prise/S olv er, Ether Channel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, GeoTel, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, Strata View Plus, Stratm, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this docum ent are the pr operty of thei r respectiv e owners. The us e of the word partner does not impl y a partnership relationship between Cisco and any other comp any. (0 005R)

Basic Dial NMS Implementation Guide

CONTENTS

Preface

vii

Purpose

Audience

Scope

Conventions

vii

viii

Purpose

Audience

Preface

This Internetworking Solutions Guide (ISG) describes how to implement and operate a dial network management system (N MS) tha t p rovides ma nage me nt f unct ions fo r a di al Internet access service (DIAS).

This guide is inte nd ed fo r ne twork en gine er s an d op er at ors wh o im pl eme nt a nd op er ate d ial N MS systems.

This guide assumes that you have the following level of knowledge and experience:



An understanding of NMS protocols, such as Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), and sy slog.



Hands-on experience working with Cisco routers , IOS tech nologie s, and UNIX.



Success configuring a Cis co ne twork acc ess se rver (NAS) for ba sic IP mo dem ser vices.



A Cisco Certified Network Associate (CCNA) certificate or equivalent level of experience.

Scope

This guide provides guide lines an d a case stud y for:



Designing a dial NMS.



Collecting and using data-management streams to operate a dial access network.



Managing important co nnec tion events and alarms fo r statist ical anal ysis.



Reporting on the perf ormance of a DIAS.



Addressing the perception problems that are commonly associated with dial access networks.

Basic Dial NMS Implementation Guide

LEE

Conventions

This guide describes the foll owing network protoc ols, functi ons, an d NMS appl ications:



Protocols



Functions

—SNMP and NTP.

—Syslog, modem call records, Cisco IOS command-line interface (CLI),

Log File Rotator, Device Navigator, web-based management, and War Dialer.



NMS applications

—UCD-SNMP, Multi Rout er T raff ic Grapher ( MR TG), HP OpenV ie w (HPO V),

and CiscoWorks 2000 Resource Manager Essentials (CW20 00 RME).

Preface

Conventions

This guid e



does not

Descriptions about t he b asic s of ne twork mana geme nt.

provide the following information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/index.htm



Windows NT-based management of Cisco routers. http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/index.htm



Detailed authentication, authorization, and accounting (AAA). http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm



Basic access server configurations. http://www.cisco.com/pcgi-bin/Support/PSP/index.pl?i=Products#Access_Products



Information about integrati ng high-en d NMS systems in to a dial access environment. http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/index.htm

Convention Description

bold

italic

Command or keyword tha t yo u m ust en ter. File names, directory paths to files, user names, and arguments for which you supply

values. [x] {x | y | z} [x {y | z}] string

Optional keyword or argument that you enter.

Required keyword or argument that you must enter.

Optional keyword or argument that yo u ent er w ith a requi red keyword or argument .

Set of characters that you enter. Do not use quotation marks around the character

string, or the string will include the quotation marks.

screen

^ or Ctrl

Information tha t appears on th e screen .

Control key—for example, ^D means press the Control and the D keys

simultaneously. < >

Nonprinting characters, such as passwords.

Comment line a t t he beginn ing o f a lin e of code .

LEEE

Caution

Means reader be careful. In this situation, you might do something that could result in equipment damage or lo ss.

Basic Dial NMS Implementation Guide

Preface

Cisco Connection Online



Managing Modems

(Cisco IOS 12.1)— Descri bes c onfiguratio n and tro uble shoo ting ta sks for di al

access environments. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dialts_c/dtsprt2/dcdm

odmg.htm



Modem Management Commands

modem command s u sed fo r configuri ng and t roubl es hoo tin g mode m s. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial_r/drdshom.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_r/drprt1/drmodmgt

.htm



CiscoW orks 2000 Documentation Set

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm

Cisco Connection Online

Cisco Connection Online (CC O) is Cisco System s' primary, real-time support channel. Maint enance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standa rd and value- adde d ser vic es to Cisco's customers and business partne rs. CCO serv ices includ e produc t infor mation, pr oduct documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descript ion s o f ser vi ce o fferings, an d download a cce ss to p ubli c a nd aut horiz ed files.

(Cisco IOS 12.1 and 12.0)—Provides two lists of Cisco IO S

—A collection of configuration guides and reference manuals.

Note

CCO serves a wide variety of u ser s t hroug h two i nte rfac es t hat are u pdat ed and e nhanc ed simultaneously: a character -based ver sion and a multimedia ver sion that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP , and Internet e-mail, and it is excellent for quick acce ss to infor mation over lower bandwidth s. The WWW version of CCO provides richly formatt ed docu ments wit h photogr aphs, figures, graphi cs, and video, as wel l as hyperlinks to related infor mation.

You can access CCO in the following ways:



WWW: http://www.cisco.com



WWW: http://www-europe.cisco.com



WWW: http://www-china.cisco.com



Telnet: cco.cisco.com



Modem: From No rth A meri ca, 4 08 526-80 70; from Eur op e, 33 1 64 46 4 0 8 2. Use t he f ol lowing terminal settings: VT100 emulation; databits: 8 ; parity: n one; stop bits: 1; and connec tion rates up to 28.8 kbps.

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

If you are a network administrator and need personal technical assistance with a Cisco product that is und er warr an ty o r covered by a m aint ena nce c ontra c t, co ntac t t he Ci sco T echnical Assistance Center (T A C) at 800 553-2447, 408 526-7209, or tac@cisco.com. T o obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526 -72 08, o r cs- rep@c isc o.com .

Basic Dial NMS Implementation Guide

Documentation CD-ROM

Cisco documentation and additional literatur e are a v ai lable in a CD-ROM package that ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact you r local sales re presenta tive or call customer servic e. The CD-ROM package is available as a sin gl e pa ck ag e or a s a n an nual su bscri pti on.

You can also a cces s Cisc o docum en tat ion on the World Wide Web at htt p://w ww.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

Documentation Feedback

If you are re ad ing Cisco pr od uct doc umen t ation on t he World Wide Web, y ou ca n subm it comm e nts electronically. Click click

Submit

You can also submit feedback on Cisco documentation by sending an e-mail to bug-doc@cisco.com or sending a fax to (408) 527-8089 . We appreciate your comments.

to send it to Cisco.

Feedback

Preface

in the toolbar and select Documentation. After you complete the form,

Acknowledgements

This guide was created as a collaborative effort. The following Cisco team members participated: David Anderson, Os ca r Bau er, Robert Brown, Drew Cupp, Katie Cr eegan, B arry Raveendran Greene , Jessica Janis, Andrew Kennedy, Jim Leonard, Robert Lewis, Lori Livingston, Greg McMillan, Roger Moise s, Rizwan Mushta q, Anjali Puri, Annie Shi, David Simms, Jim Thomp son, Kris Thompson, Craig Tobias, Patrick Van Deynse, and Mario Villarreal.

NEE

Basic Dial NMS Implementation Guide

Overview of Basic SNMP Building Blocks

About SNMP

The Simple Network Manag ement Protoco l (SNM P) is an ap plicatio n-layer protoco l that f acilit ates the exchange of management info rmation be tween a network mana gement system (NMS) , agen ts, and managed devices. SNMP uses the Transmission Control Protocol/Intern et Protocol (TCP/ IP) protocol suite.

There are t hr ee versi on s o f SNM P:



The case study in this guide desc ribes how to create a d ial NMS environment. To successfully manage the envi ronment, you must be familia r with the SNMP feature set. The follo wi ng NMS applications use SNMP to help manage the network devices in the case study :



SNMP Version 1 (SNMPv1)

described in RFC 1157 (http://www.ietf.org/rfc/rfc1157).

SNMP Version 2 (SNMPv2)

operations. For the SNM Pv2 Stru ctur e of Man agem ent In forma ti on (SM I) , see R FC 1 902 (http://www.ietf.org/rfc/rfc1902).

SNMP Version 3 (SNMPv3)

UCD-SNMP Multi-Router Traffic Grapher (MRTG) HP OpenView (HPOV) Cisco Works 2000 Reso urce Ma nage r E ssenti als (CW 2000 R ME )

—The initial implementation of the SNMP protocol, which is

—An improv e d v er si on of SNMP v1 th at inc lu de s addi tio na l pro toc ol

—SNMPv3 has yet t o be sta ndar dized.

Basic Dial NMS Implementation Guide

!

What are the Basic Components of SNMP?

Table 1 Related SNMP Documentation and Sites

Site Description URL

SNMP Technology TAC Page

—Network

design tips, implementation and operation

http://www.cisco.com/pcgi-bin/Support/PSP/psp_vie

w.pl?p=Internetworking :SNM P guidelines, which are continually updated by Cisco TAC en gine er s.

The SimpleWeb

—Public domain software

http://penta.ufrgs.br/gereint/impl.htm packages, which ar e available on the Interne t . Most of the software is a spin-off from SNMP related research.

SNMP FAQ

about SNMP.

—Frequently asked qu est ion s

http://www.pantherdig.com/snmpfaq/

http://www.faqs.org/rfcs/rfc1382.html

What are the Basic Components of SNMP?

Overview of Basic SNMP Building Blocks

An SNMP-managed network consists of three key components: managed devices, agents, and network management systems (NMS ).



Managed devices

Contain an SNMP agent and reside on a managed ne twork.

Collect and store management information and make it available to NMS by using SNMP.

Include routers, ac cess servers, switche s, bridges, hubs, hosts, or pri nters .



—A network-manageme nt software module, such as the Cisco IOS software, that resides in

Agent

a managed device. An agent has loc al knowledge of mana gement in format ion and makes tha t information available by using SNMP.



Network Management Systems (NMS)

—Run applications that monitor and control managed devices. NMS provide resources required for network management. In the case study, the NMS applications are:

UCD-SNMP

MRTG

HPOV

CW2000 RME

"

Basic Dial NMS Implementation Guide

Overview of Basic SNMP Building Blocks

Figure 1 illustrates the relationship between the managed devices, the agent, and the NMS.

Figure 1 An SNMP-Managed Network

About Basic SNMP Message Types and Commands

Management

Entity

NMS

Agent

Management

Database

Agent

Management

Database

Managed Devices

Agent

Management

Database

About Basic SNMP Message Types and Commands

There are t hr ee b asi c SN M P m essage types :



—NMS-initiated requests used by an NMS to monitor managed devices. The NMS examines

Get

different variables that are ma inta ined by managed device s.



—NMS-initiated commands used by an NMS to control managed devices. The NMS changes

Set

the values of variables stored w ithi n m ana ged d evices.



—Agent-initiated messages sent from a managed device, which reports events to the NMS.

Trap

The Cisco IOS generates SNMP traps for many distinct netw ork con ditions. Th rough SNMP trap s, the Network Operations Center (NOC) is notified of network events, such as:

35640

Link up/down changes

Configuration changes

Temperature thresholds

CPU overloads

Note

For a list of Cisco-supported SNMP trap s, go to http://www.cisco.com/public/mibs/traps/

Basic Dial NMS Implementation Guide

#

What are SNMP MIBs?

Overview of Basic SNMP Building Blocks

Figure 2 SNMP Event Interactions Between the NMS and the Agent

Get request

Response

Get next

Response

Get next

Response

Trap (agent initiated)

NMS initiated

NMS

Agent

(Cisco IOS device)

What are SNMP MIBs?

A Management In fo rma tion Ba se (MIB ):



Presents a collection of information that is organized hierarchically.



Is accessed by using a network-managemen t protocol, suc h as SNMP.



References managed obje cts and obje ct ident ifiers.

Managed object

instances (variables). Two types of managed objects exist:



Scalar objects—Define a single object instance.



Tabular objects—Define multiple-related object instances that are grouped together in MIB tables.

Object identi f ier

is depicted as a tree with a nameless root. The levels of the tree are assigned by different organizations and vendors.

—A characteris tic of a mana ged de vice. Mana ged object s referen ce one or more o bject

(or object I D)—Identif ies a managed object in the MIB h ierarch y . T he MIB hierarchy

26095

$

Basic Dial NMS Implementation Guide

Overview of Basic SNMP Building Blocks

ccitt (0)

…

………

iso (1) iso-ccitt (2)

registrationauthority (1)

standard (0)

dod (6)

…

member-

body (2)

identified-

organization (3)

mgmt (2)directory (1) experimental (3) private (4) security (5) snmpV2 (6)

internet (1)

…

mib-2 (1) enterprise (1)

cisco (9)……

………

…

……

temporary

variables (3)

…… …

Apple Talk (3)

atForward (4)

Novell (3) VINES (4) Chassis (5)DECnet (1) XNS (2)

… …

…

atBcastin (3)

atLocal (2)

atInput (1)

… …

24187

Figure 3 The MIB Tree and Its Various Hierarchies

What are SNMP MIBs?

As shown in Figure 3, top-level MIB object IDs b elo ng to different sta ndard s o rganizations w hile low-level object IDs are allocated by associated organizations . Vendor s define private branches tha t include managed obje cts for pro ducts. N on standa rd MIBs are t ypicall y in the experim ental bra nch.

A managed object has these unique identities:



The object name

—For example, iso.iden tified-organi zat ion. dod .int erne t. private.enterpr i se.ci sco .

temporary variables.Ap pleTalk.atInput or



The equivalent object descriptor

—For example, 1.3.6.1.4. 1.9 .3 .3.1.

Basic Dial NMS Implementation Guide

%

What is SNMPv1?

SNMP must account for an d adjust to inco mpatibi lities betwe en man aged devices. Different computers use different data-representation techniques, which can compromise the ability of SNMP to exchange information betwee n manage d devices.

What is SNMPv1?

SNMPv1 is the initial implementation of the SNMP protocol and is described in RFC 1157 (http://www.ietf.org/rfc/rfc1157).

SNMPv1:



Functions within the specifications of t he Structur e of Manag ement Infor mation (SM I).



Operates over protocols s uch a s U ser D atagr am Pro toc ol ( UDP) , Interne t Pr otoc ol ( IP) , OSI Connectionless Network Serv ice (CLNS) , AppleTalk Datagram-Delivery Protocol (DDP), and Novell In ter net Packet E xchan ge (I PX).



Is the de facto network-manageme nt prot ocol in the Int ernet comm unity.

The SMI defines the rules for describing mana gement informat ion by using Abstrac t Syntax Notati on One (ASN.1). The SNM Pv1 SMI is de fined in R FC 1 155 ( http ://ww w.ietf.org/rfc/rfc1155). Th e SMI makes three specifications:



ASN.1 data types



SMI-specific data types



SNMP MIB table s

Overview of Basic SNMP Building Blocks

SNMPv1 and ASN1 Data Types

The SNMPv1 SMI specifies that all managed objects must have a subset of associated ASN.1 data types. Three ASN.1 data types are required:



—Serves as the object identifier (object ID).

Name Syntax

of the ASN.1 sy ntax definitio ns.

Encoding

of data items for transmission over the network.

—Defines the data type of the object (for example, integer or string). The SMI uses a subset

—Describes how information associated with a managed object is formatted as a series

SNMPv1 and SMI-Specific Data Types

The SNMPv1 SMI spec ifies the u se of ma ny SM I-sp ecific dat a t ypes, whi ch ar e divided in to t wo categories:



Simple data types

Integers—A signed int eger i n the rang e of -2,1 47, 483 ,64 8 to 2 ,14 7,483, 64 7 .

Octet strings—Ordered se quences of zer o to 65,535 oc tets.

Object IDs— Come from the set of all object identifiers allocated according to the rules

specified in ASN.1.

—Including these three ty pe s:

&

Basic Dial NMS Implementation Guide

Overview of Basic SNMP Building Blocks

What is SNMPv2?



Application-wide data types

Network addresses—Repre sent addr es ses from a prot ocol famil y. SNMPv1 supports only

32-bit IP addres ses. Counters—Nonnegative integers that increase until they reach a maximum value; then, the

integers return to zero. In SNMPv1, a 32-bit counter size is specified. Gauges—Nonnegative integers that can increase or decrease but retain the maximum value

reached. Time ticks—A hundredth of a second since some event.

Opaques—An arbitr ar y e ncodi ng tha t is u sed to pa ss arbi tra ry infor mat ion s tr ings t hat d o n ot

conform to the strict data typing used by the SMI. Integers—Signed integer-valued information . This da ta type re defines the integer data type,

which has arbitrary precision in ASN.1 but bounded precision in the SMI. Unsigned integers—Unsigned integer-valued information that is useful when values are always

nonnegative. This data type redefines the integer data type, whic h has arbitr ary prec ision in ASN.1 but bounded precision in the SMI.

The SNMPv1 SMI defines structured ta ble s that are used to gro up the inst an ces of a t abular objec t (an object that contains multiple variables). Tables contain zero or more rows that are indexed to allow SNMP to retrieve or alter an entire row with a single

SNMPv1 Protocol Operations

—Including these seven types:

Get, GetNext

, or

command.

Set

SNMP is a simple requ est-r espon se pro toc ol. Th e NMS issue s a req ue st, an d m an aged devices return responses. This be havior is impl eme nte d by usin g o ne of f our p rotoc ol ope rati ons:



—Used by the NMS to retrieve the value of one or more object instances from an agent. If the

Get

agent responding to the Get operation cannot provide values for all the object instances in a list, the agent does not provide any values.



GetNext

an agent.



—Used by the NMS to set the values of object instances within an agent.

Set



—Used by agents to asynchronously inform the NMS of a significant event.

Trap

What is SNMPv2?

SNMPv2 is an improved version of SNMPv1. Originally, SNMPv2 was published as a set of proposed Internet standards in 1993; currently, it is a Draft Standard. As with SNMPv1, SNMPv2 functions within the specifications of the SMI. SNMPv2 offers many improvements to SNMPv1, including additional protocol opera tion s.

—Used by the NMS to retrie v e the v al ue of the ne xt objec t instance in a table or list within

Basic Dial NMS Implementation Guide

'

About SNMP Management

SNMPv2 and SMI

The SMI defines the rules for describing ma nagement informa tion by using ASN.1. RFC 1902 (http://www.ietf.org/rfc/rfc1902) describes the SNMPv2 SMI and enhances the SNMPv1

SMI-specific data types by including:



Bit strings



Network addresses

addresses, but SNMPv2 can support other t ypes of addre sses too.



Counters

integers return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.

SMI Information Modules

The SNMPv2 SMI spec ifies info rm at ion mo dule s, w hic h in cl ude a g rou p o f r ela ted definitions. T hree types of SMI information modules exist:



MIB modules



Compliance s tatem ent s

must conform to a standard.



Capability statements

respect to a MIB group. An NMS can ad just its beha vior to w ards age nts according to the capabili ty statements associated with each agent.

Overview of Basic SNMP Building Blocks

—Comprise zero or more named bits that specify a value.

—Represent an address from a protocol family. SNMPv1 supports 32-bit IP

—Non-negative integers that increase until they reach a maximum value; then, the

—Contain definitions of interrel ated mana ged object s.

—Provide a systematic way to describe a gro up of manag ed object s that

—Used to indicate the precise level of support that an agent claims with

SNMPv2 Protocol Operations

The Get, GetNex t, an d Set o p er ation s u s ed in SNMPv 1 ar e e x ac tly th e same as those used in SN MPv 2. SNMPv2, however, adds and enhances protocol operations. The SN MPv2 trap operation, for example, serves the same fun ctio n as the o ne u sed i n SNM Pv1 . H owever, a different message f orm at i s us ed.

SNMPv2 also defines two new protocol operations:



GetBulk

table. GetBulk fills a response message with as much of the requested data as fits.



Inform

agent responding to GetBulk operations cannot provide values for all the variables in a list, the agent provides partial results.

—Used by the NMS to ef ficiently retrieve large blocks of data, such a s multip le r ows in a

—Allows one NMS t o s e nd tr ap info r ma tio n to another NMS and rec eive a response. If the

About SNMP Management

SNMP is a distributed-management protocol. A system can operate exclusively as an NMS or an agent, or a system can pe rf or m th e funct ion s o f b ot h.

When a system operates as both an NMS and an agent, another NMS can require the system to:



Query managed devices and provide a summar y of the info rmat ion lear ned.



Report locally stored manage ment info rmation.



Basic Dial NMS Implementation Guide

Overview of Basic SNMP Building Blocks

About SNMP Security

SNMP lacks authentication capabilities, which results in a variety of security threats:



Masquerading

assuming the identity of an authorized management entity.



Modification of information

an authorized entity, so the message results in unauthorized accounting management or configuration management ope rations.



Message sequence and timing modifications

delays, or copies and lat er replay s a messag e genera ted by an autho rized ent ity.



Disclosure

The ent ity can a lso le a rn of no tifiab le events by monit oring exch an ges be t wee n ma na gers an d agents.

—Results when an unauthorized entity extracts values stored in managed objects.

About SNMP Security

—An unauthorized enti ty attempt ing to perfor m manageme nt opera tions by

—An unauthorized entity attempting to alter a message generated by

—Occurs when an unauthorized entity reorders,

Note

Because SNMP doe s n ot i mpl em ent aut hen tica tion, m any vendors d o not i m ple ment operations, which reduce SNMP to a monitoring facility.

Set

Basic Dial NMS Implementation Guide



About SNMP Security

Overview of Basic SNMP Building Blocks

Basic Dial NMS Implementation Guide

Network Design for a Dial NMS Case Study

38198

POP #1

POP #2

PSTN

Internet

Redundancy

Remote modem

users

Firewall

NOC

Firewall

Backbone

router

Backbone

router

Intranet

WAN

Introduction to the Case Study

This case study describes:



How one Internet service provid er (ISP) desi gns, impl ement s, and ope rates a di al network management system (NMS) for a dial Internet access service (DIAS).



How to implement dial NMS protocols, applications, and other utilities.

THEnet is an ISP in Austin, Texas that wants to develop a dial NMS and integrate it with its existing Network Operations Cente r (NOC). THEnet h as two dial point- of-pres ences (POP s) that provide dial-up services for the fo llowing types of cu stomers :



Residential subscribers



Corporations who outsource their dial-up services and want to avoid the overhead of operating their own dia l PO P.

Figure 4 THEnet Operates Two POPs from One NOC

Basic Dial NMS Implementation Guide

Benefits of a Dial NMS



All remote modem users share a common pool of modem resources. Users can dial in to either POP .



The dial POPs are redundant. If one POP loses service, traffic is re-routed to the other POP. Describing how traffic is re-routed is outside the scope of this case study, and the diagrams in the case study show simplified IP paths only.

THEnet uses this model to identif y the differen t function al area s of the dia l NMS:

= Fault management

= Configuration manage ment

= Accounting ma na geme nt

= Performance management

= Security manage ment

A dial NMS provides the FCA PS man agem ent func tions f or a D IAS.

Benefits of a Dial NMS

A dial NMS:



Increases network availability



Improves end-user satisfaction by improving service perf ormance



Provides fault-isolation capabilities, which improves fault-analysis information



Reduces network support cost s



Enables capacity plannni ng



Enables security improvements



Provides accounting (for example, billing and chargeback)



Processes important connection events and alarms for statistical analysis



Provides performance-reporting capabilities for a dial Internet access service



Enables standar diz ed sof t ware re lea se s ( for exam ple , software version s a nd c onfigurati on files)



Addresses the perception problems that are commonly associated with dial access networks

Network Design for a Dial NMS Case Study

Basic Dial NMS Implementation Guide

Network Design for a Dial NMS Case Study

Dial NMS Planning Questionnaire

This planning questionnaire describes information that is essential for creating a dial NMS service definition. A questionnaire helps network engineers make accurate design decisions and consider alternative solutions. The network engineers at THEnet answered the design questions as shown in Table 2.

Table 2 Network Design Questions and Answers

Network Design Questions

What types of services does you r network provide? Dial Internet access services

How many dial POP sites are you managing? Two sites in Austin, Texas What types of ne twork servic es wil l the D IAS supp ort?

(Network manageme nt is ba sed on cust om er r equ ireme nts .)

What is the user-growth projection for the next 5 years? 3 months = Current depl oyment req uire ment .

1 year = Current design plan requirement. 5 years = Future scalability plan requirement.

What is the use r-to-line rati o duri ng busy hours? 10:1 What level of service must you gua rant ee to you r cus to mers? Guaranteed up time Do you have redundant connections to th e Intern et? Yes Do you have redundant conn ec ti ons t o the NOC ? Yes What existing servers do you have available in the NOC?

What SNMP framework mana geme nt sy stem d o y ou want t o use?

What element management system do you use for collecting and managing syslog?

Do you have a prefer red p l atfo rm and ope rat ing syste m fo r monitoring the network?

What type of network access servers will you use? Cisco AS5800s Do you have a staff of UNIX experts? Yes

Dial NMS Planning Questionnaire

THEnet Answers

(V.90 analog modem ser vices)



Residential subscriber services



Corporate-outsour cing services



3 months—50,000 us er s



1 year—100,000 us er s



5 years—1 million users



SNMP management server



Syslog server



AAA server



Database se rver

HP OpenView (HPOV)

CiscoWorks 2000 Resource Manager Essentials (CW2000 RME)

Yes Sun Sparc, Solaris 2.6

Basic Dial NMS Implementation Guide

Dial NMS Planning Questionnaire

Table 2 Network Design Questions and Answers (continued)

Network Design Questions

Do you provide reports for any service level commitments with your customers? If yes, what management systems will you use?

Identify the types of users who require network managemen t reports.

What types of repo rts d o y ou provide?

What format do the ma nagers want to view the reports in? HTML web pages and

Who will monitor the manageme nt system s? The network operations staff How will network operators be notified of network problems? By sending e-mail to their pagers For fault and performance management purposes, do you need to

provide call detail records?

What securit y pro to co ls do yo u use fo r au th ent ica tio n, authorization, and accounting (AAA)?

What dial NMS fre eware do yo u p lan to use ? MRTG, UCD-SNMP, Linux, and

What software tools do you plan to develop internall y?

Do you plan to build and maintain customized scripts? Yes

Network Design for a Dial NMS Case Study

THEnet Answers

Yes



Multi Router Traffic Grapher (MRTG)



Custom-based AAA accounting tools and da tabase query tools



Network managers



Network operators



Network engineers



Help desk operators



Corporations who outsourc e their dial-up serv ice



End users



Periodic performanc e report s



Billing reports



Security reports



Router operations reports



High-priority syslog rep orts

online graphs

Yes Disconnect cause codes and retrain

counters must be inspected.



RADIUS for the remo te modem users



TACACS+ for the router administrators in the N OC

Apache



Log File Ro tator



Device Navigator



Modem Call Record Viewer



Web-based management



Wa r Diale r for per formanc e testing (optional)

Basic Dial NMS Implementation Guide

Network Design for a Dial NMS Case Study

Dial NMS Service Definition

A service definition is a statement that describes required services for a network design. The dial NMS service definition determin ed for TH Enet i s based on:



The answers p rovided i n Table 2



The FCAPS model

Fault management

Configuration manageme nt

Accounting manageme nt

Performance management

Security management

Table 3 Dial NMS Service Definition for THEnet

FCAPS Function Service Requirements and Ways to Collect M anagement Data

Fault management



SNMP—Use UCD-SNMP and HPOV to explore the SNMP Management Information Bases (MIBs) and create the SNMP framework for the dial NMS.



The Cisco IOS com ma nd-l ine inte rfac e (C LI )—Troubleshoot n etwor k connectivity problems by collecting robust network statistics. For example, use the following commands:

Dial NMS Service Definition

show controller t1

show isdn status

debug ppp negotiation

show isdn service

debug ppp error

debug isdn events

debug isdn q921

debug isdn q931



Syslog—Troubleshoot and isolate faults in the network by collecting syslog data and modem c all records. Impo rtant sy slog me ssages will be e-mailed daily to the oper ations staff.



Log file management—Collect and archive syslog data from network access servers.



Web-based manage m ent—N avigate d evices a nd enab l e HT TP acc ess t o the CLI.



AAA—Collect accounting disconnect ca use codes and view authentic ation and authorization failures.

Basic Dial NMS Implementation Guide

Dial NMS Service Definition

Table 3 Dial NMS Service Definition for THEnet (continued)

FCAPS Function Service Requirements and Ways to Collect Management Data

Configuration management

Network Design for a Dial NMS Case Study



SNMP—Use CW2000 RME to ar chive configuration files, manage Cisco IOS images, determine how much memo ry is installed, a nd discov er which boot ROMs are present.



CLI—Inspect and mo dify Cisc o IOS c onfigura tion files an d im ages. For example, use the following commands:

Accounting management

show version

show running

show modem version



AAA authentication—Control access to the routers.



AAA authorization—Limit CLI command access to router administrators on a per group basis. Authorization is also used for limiting network service assignments, such as static IP addresses and access lists.



AAA accounting—Monitor which configuration changes are made to the routers and identif y who is making the changes. Authenticated usernames also appear in syslog.



Effective IP address management— Man age al l assign ed IP subne ts by using a DNS server and the applicatio n Cisco Network Registrar.



Web-based manage ment —N avigate d evices a nd enab l e HT TP acc ess t o the CLI.



Send accounting in forma tion t o a data base tha t is ac cessibl e by Sta ndard Query Language (S QL) . Arch ive user-accounti ng dat a fo r b i lling a nd auditing purposes.



Syslog—Collect basic accounting information by using modem call records.



CLI—Collect accounting statistics. For example, use the following commands:

Basic Dial NMS Implementation Guide

show interface accounting

show isdn history

show controller t1 call-counters

show modem log

show modem summary

show modem call-stats

Network Design for a Dial NMS Case Study

Table 3 Dial NMS Service Definition for THEnet (continued)

FCAPS Function Service Requirements and Ways to Collect M anagement Data

Performance management

Security management

Dial NMS Service Definition



SNMP—For the initial installation, use MRTG to monitor key Object Identifications (OIDs) in the device MIBs. In the future, use commercial software applica tions tha t coll ect ma ss s cale m anag ement d ata s tream s for large numbers of access servers.



CLI—Monitor the pe rform ance of the acce ss ser vers . Fo r e xampl e, use th e following commands:

show modem operational-status

show modem connect-speeds

show modem summary

show modem call-stats



Web-based manage m ent—N avigate d evices a nd enab l e HT TP acc ess t o the CLI.



War Dialer—Test remote client PCs by using a free client simulator.



Authenticate, authorize, and account for dial access clients (modem users) in each POP by using RADIUS.



Authenticate, authorize , and ac co unt f or router ad m in istra tors in th e NO C by using TACACS+.



Review the AAA service security logs.



Review the AAA server database by using SQL queries.



CLI—Inspect security information. For example, use the following commands:

show snmp group

show access-lists

show location

show tacacs

show radius statistics

show logging



Web-based manage m ent—N avigate d evices a nd enab l e HT TP acc ess t o the CLI.

Basic Dial NMS Implementation Guide

Network Topology

Based on the dial NMS service de finition in Table 3, the network engineers a t THEne t defined the network topology for the POPs and NOC.

Figure 5 Network Topology for One POP

Cisco AS5800

access servers

Network Design for a Dial NMS Case Study

NOC

Firewall

Backbone router

Intranet

WAN

Backbone router

Cisco 2511 OOB console server

AAA server

Data

(for remote client users)

Control

38197

An intranet WAN connects the two POPs together and routes traffic to the Internet. The NOC collects management data from both POPs.

Figure 6 Network Topology for the NOC

Cisco PIX firewall

HP OpenView

CW 2000

UCD-SNMP

MRTG

38199

!

AAA

An important design issue to consider is where to send syslog data. If syslog data is sent back to a central site NOC, the syslog data must trav el across WAN links. Estimate and monitor ho w much syslog data is generate d by each PO P and the imp act o n the WAN links. Modem call records can a dd a significant amount of traffic to syslo g d ata.

Basic Dial NMS Implementation Guide

+ 102 hidden pages

Cisco Systems Dial NMS User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Purpose

Audience

Preface

Scope

Conventions

Related Documentation and Sites

Technical References and Support

Internetworking Solutions Guides

Freeware

Cisco Product Documentation

Cisco Connection Online

Documentation CD-ROM

Documentation Feedback

Acknowledgements

Overview of Basic SNMP Building Blocks

About SNMP

What are the Basic Components of SNMP?

About Basic SNMP Message Types and Commands

What are SNMP MIBs?

What is SNMPv1?

SNMPv1 and ASN1 Data Types

SNMPv1 and SMI-Specific Data Types

What is SNMPv2?

SNMPv1 Protocol Operations

About SNMP Management

SNMPv2 and SMI

SMI Information Modules

SNMPv2 Protocol Operations

About SNMP Security

Introduction to the Case Study

Benefits of a Dial NMS

Dial NMS Planning Questionnaire

Dial NMS Service Definition

Network Topology