Section 7 – Infrastructure Management (CCNA 200-125 Theory)

1. Configure and verify device-monitoring protocols


SNMP is a network management protocol that enables monitoring of network device. The following are three components that enable SNMP communication.

  • MIB
  • SNMP Manager
  • SNMP Agent

The Cisco network device will send all enabled notifications to the SNMP server. Enabling a lot of SNMP MIBs can cause high CPU utilization on Cisco devices. The number of queries (polling) increase with the MIBs enabled. The problem worsens particularly with polling of routing and ARP tables. The authentication type used by SNMPv2 is community strings. The following IOS command configures an SNMP community string named cisco with read/write access.

R1(config)# snmp-server community cisco rw

The following IOS command will configure an SNMP server named with version 2c and enable trap messages.

R1(config)#snmp-server host traps version 2c


The following three features are enhancements available with SNMPv3.

  • message integrity
  • authentication
  • encryption

The following are authentication protocols used by SNMPv3.

  • HMAC-MD5

Alert messages generated by SNMPv3 agents include both Trap and Inform. The purpose of Trap messages is to send alerts to the network management station. The network device sends a Trap to the NMS alerting that a network interface status is down. The Inform message is an acknowledgement of a Trap to confirm it arrived. The following are correct statements concerning the features of SNMPv2 and SNMPv3.

  • SNMPv3 provides security enhancements
  • SNMPv2 added the Inform protocol message to SNMP
  • SNMPv2 added the GetBulk protocol message to SNMP

The following command configures an SNMP server with IP address of and enables SNMPv3. In addition there is MD5/SHA authentication for optimized security.

router-2(config)# snmp-server host version 3 auth

Syslog Server

The following are correct statements concerning Syslog server utilization.

  • Syslog provides granular messaging to support enterprise SNMP architecture.
  • Syslog provide a scalable solution for storing messages on an external server.
  • Syslog is an effective solution for managing logs and is disabled by default.

The traps are logged to the Syslog server. The default logging trap level for Syslog messages is to receive informational (6) and lower messages except debugging messages (level 7). Configure logging trap [level] command to change the default on Cisco network devices.

The following IOS command enables forwarding of system messages on a Cisco network device to a Syslog server.

device(config)# logging

2. Troubleshoot network connectivity with ICMP echo-based IP SLA

The following two statements are correct concerning ICMP echo-based IP SLA.

  • IP SLA responder is not required on the destination device
  • monitors hop-by-hop response time (network latency)

3. Configure and verify device management

The default number of simultaneous Telnet sessions supported by a Cisco router is five. They are comprised of the default VTY lines 0 4 (0,1,2,3,4)

The following command restore the startup configuration file from TFTP server.

device# copy tftp: nvram:startup-config

The following command is used to backup the startup configuration file from network device to TFTP server.

device# copy nvram:startup-config tftp:

Startup Configuration

The following describes what the Cisco network device does when no startup configuration file is found during bootup:

1. The Cisco network device first attempts to load the startup configuration from NVRAM (default location). There is a copy made of the startup configuration loaded to DRAM for active use. That is referred to as the running configuration.

2. The network device attempts to load the startup configuration file from TFTP server if there is no startup configuration in NVRAM.

3. The network device starts the initial configuration dialog mode if there is no configuration to a TFTP server or it is unavailable. That enables a start from scratch configuration. The preferred method is to restore the most recent startup configuration where available.

— System Configuration Dialog —

Would you like to enter initial configuration dialog? [yes/no]: yes

Deleting the startup configuration and restarting the network devices will put the network interfaces in shutdown state. Entering no shutdown command on Router-1 Gi0/0 and Router-2 Gi0/0 interfaces will enable CDP between the devices.


Cisco feature set licensing is based on feature packages. Each package bundle include additional protocols and enhancements from the default (ipbasek9) package. For instance encryption protocols such as IPsec and SSH would require the securityk9 feature license upgrade.


The logging facility default setting is local7 for switches and routers.

  • Emergencies (level 0)
  • Alerts (level 1)
  • Critical (level 2)
  • Errors (level 3)
  • Warnings (level 4)
  • Notifications (level 5)
  • Information (level 6)
  • Debugging (level 7)

Time zone

The following global IOS commands assign hostname switch-1 and configures PST timezone for the switch. Hostnames cannot start with a number or have any spaces.

switch(config)# hostname switch-1
switch-1(config)# clock timezone PST -8


The loopback interface is virtual and always available when there is at least one physical interface up. Routers have at least two physical interfaces. The loopback interface is unaffected by issues with any single interface. The router cannot be managed when a physical interface assigned for management purposes is unavailable. The following example is typical of a loopback interface configuration. The standard subnet mask for a loopback is a /32 host mask.

R1(config)# interface loopback0
R1(config-if)# ip address
R1(config-if)# end (return to privileged exec mode)

4. Configure and verify initial device configuration

Console Settings

The Cisco network devices provide a console port for direct connection from a laptop. It is typically used for initial configuration and troubleshooting purposes. The following are default settings for the Cisco console port interface.

  • 9600 bps, 8 data bits, 1 stop bit, no parity, no flow control

Cisco Device Modes

The following table correctly match the Cisco device modes and prompts:

Table 1: Cisco Device Modes and Prompts

user EXEC mode device >
enable mode device#
privileged EXEC mode device(config)#
rommon mode rommon >
routing configuration mode router(config-router)#

The show running-config command is used to verify any changes that were made before saving the running configuration.

device# show running-config

Network Management SVI

The following IOS commands configure a management IP address (SVI) for a layer 2 switch. The Cisco recommended best practice is to assign an unused VLAN for remote switch management. The default VLAN 1 is used to forward control traffic (CDP, VTP, PAgP) between switches.

switch(config)# interface vlan 100
switch(config-if)# ip address
switch(config-if)# no shutdown

The following IOS command will save the running configuration changes to the startup configuration file:

device# copy running-config startup-config

The alternate IOS command used is the following:

device# copy system:running-config nvram:startup-config

The following IOS command allows the network administrator to run IOS show commands from global configuration mode.

device(config)# do [show command]

The following command provides a list of all active users connected to the VTY lines.

device > show users all

The following IOS command displays CPU utilization for a Cisco device.

device# show process cpu

Show Version

The output of show version command lists the current IOS code version along with feature set license. The show version command is also available from user mode prompt. The show version command the following operational status.

  • configuration register settings
  • amount of Flash and DRAM memory available
  • most recent router power cycle (reboot) method used

5. Perform device maintenance

IOS upgrades, recovery and verify

The following table describes file transfer methods for copying IOS image and configuration files:

Table 2: Cisco File Transfer Methods

FTP server-based, username and password logon, TCP
SCP adds encryption (SSH), supports larger files
TFTP server-based, not secure, UDP, single connection
USB fast, network device slot, local copy

IOS Upgrade

The IOS image file is stored in Flash memory on Cisco devices. The Flash memory is permanent non-volatile file storage. On bootup the IOS image is loaded from Flash to DRAM volatile memory. The startup configuration is stored in permanent non-volatile NVRAM. The running configuration is the startup configuration file loaded to DRAM.

Before doing any IOS upgrade to a Cisco device it is important to verify available device memory. The IOS image file will requires a minimum amount of Flash memory based on file size. In addition there is a minimum amount of DRAM required to boot the IOS image as well. The minimum required Flash/DRAM memory is listed with each IOS filename. The show version command will list the amount of available Flash and DRAM memory on the Cisco network device. The following is an example of output from show version for router Flash memory usage (bytes).

[73400320 bytes used, 195035136 available, 268435456 total]

The total Flash memory installed is 256 MB. The Flash memory used by files including the current IOS is approximately 70 MB including any additional files. That leaves approximately 186 MB available for any new IOS with the original IOS image left on Flash. Compare the IOS image file size from with the available Flash memory. The IOS upgrade from TFTP server has a copy dialog prompt to delete IOS image on flash.

TFTP Server

TFTP server support is available for managing IOS images and startup configuration files. It is an alternative to using memory on the network devices for storing files. Cisco supports loading IOS and startup configuration file from TFTP server at bootup as well. Access to the TFTP server is only required at bootup to download files. The following are recommended actions before doing an IOS image backup to TFTP server.

  • create directory on TFTP server with security access.
  • verify disk space available on TFTP server.
  • configure access to TFTP server from ROMmon mode.

The following IOS command will copy the IOS image file to Flash memory.

device# copy tftp: flash:

The following command verifies the integrity of IOS image file on Flash memory.

device# verify /md5 [filesystem: filename]

Selecting an IOS image during bootup with Cisco default configuration

1. The device starts and does Power on Self Test (POST) to verify all hardware is operational. The bootstrap loader then determines where to load the IOS image based on the configuration register settings. The default setting loads the first IOS listed with any boot system command in the router startup configuration file. The boot system command points to a location of an IOS image stored in Flash memory. The file location configured with the first boot system command is used when multiple commands exist.

2. The first IOS image listed in Flash memory (where multiple IOS images exist) is loaded when there are no boot system commands.

3. IOS is loaded from TFTP server when there is no IOS image on Flash.

4. ROMmon mode starts when there is no IOS image on TFTP server.

Standard locations where a router can load an IOS image

  • TFTP
  • Flash
  • ROM

Configuration Register

The network device starts Power On Self Test (POST) to run diagnostic software from ROM and verify all hardware is operational. The router examines the configuration register value that specifies where to load the IOS. The default value of the configuration register is 0x2102.

Configuration Register Settings:

0x2100: Boot from ROM only.

0x2101: Use the first IOS listed in Flash and ignore any boot system command.

0x2102: Load the IOS image based on the location specified with the boot system command configured in startup configuration file. Load IOS from Flash if no boot system command is configured. Load the startup configuration file from NVRAM. Ignore the break key and boot to ROM mode if boot fails. (default setting).

0x2142: Ignore break key, boot to ROM mode if boot fails and ignore the startup configuration file.

The default configuration register setting is 0x2102. That causes the Cisco device to load the IOS image file specified with the boot system command. The following IOS command assigns the IOS image filename to use for bootup. It is a global configuration  mode command.

router(config)# boot system flash: [IOS filename]

File System Management

There are two options available for erasing the startup configuration and restarting a switch or router.

Option 1:

device# erase startup-config
device# reload

Option 2:

device# write erase
device# reload

Cisco devices store the startup configuration file in NVRAM. The IOS command erase nvram: will delete all files from NVRAM including startup configuration. That will cause the initial configuration dialog mode to start when the device is reloaded. The IOS command erase startup-config will only delete the startup configuration file instead of all files on NVRAM.

Password recovery and configuration register

The following describes password recovery from the local console port.

Step 1: Reboot router and press Ctrl-Break key to start ROMmon mode
Step 2: Modify the configuration register to prevent the startup configuration file from loading: rommon > confreg 0x2142
Step 3: Reboot router and issue the following IOS command: router# copy startup-config running-config
Step 4: Change the password and save changes with the following command: router# copy running-config startup-config
Step 5: Modify the configuration register with the following command: router(config)# config-register 0x2102 and reboot.

The following IOS command will list the Flash directory on a Cisco device.

device# dir /all

The following IOS command will delete a file from Flash memory and any subdirectories where specified.

device# delete flash:[filename]

6. Use Cisco IOS tools to troubleshoot and resolve problems


The ping command will verify layer 3 connectivity from the source interface where it was issued to a destination interface. That is accomplished with a ping of the remote host IP address. Ping sends ICMP echo requests and receives echo reply messages. The default source interface for the ping command is the egress interface IP address.

The following statements are true of the ping command.

  • Extended ping is used to determine the type of connectivity problem.
  • Extended ping tests network latency performance.

The following command is used to verify that an IPv4 or IPv6 interface is responding
router# ping [ip address]

Extended ping allows for specifying a variety of parameters for troubleshooting purposes. Examples includes number of packets, source interface and packet size.


The Cisco version of traceroute is based on sending 3 UDP datagrams to each hop between source and destination hosts. ICMP packets contain messages that are encapsulated within the IP layer 3 header. The TTL field of the UDP datagram is incremented by one with each hop that isn’t the destination.

The following statements describe the use of traceroute for troubleshooting purposes.

  • Traceroute verifies the path packets take in order to get to a destination.
  • Traceroute can troubleshoot routing issues including routing loops and packet filtering (ACL or firewall).

The traceroute command on a Cisco device allows you to view hop by hop packet routing of traffic. The output of traceroute lists each Layer 3 hop IP address hop taken from source to destination.

router# traceroute [destination ip address]

The tracert command is only available from the Windows command line. The trace is from the desktop source IP address instead of switch or router interface.

Terminal Monitor

Cisco devices do not send log messages to a terminal (VTY) session as a default. The VTY lines are used for Telnet and SSH sessions. The following IOS command enables terminal logging to send log messages to the terminal. That includes debug output and system error messages.

device# terminal monitor

Log Events

The following statements correctly describe Cisco terminal logging.

  • Telnet/SSH logging messages to the VTY terminal is disabled by default.
  • Console logging messages is enabled by default.

Local SPAN

Local SPAN is comprised of source and destination interfaces on the same switch. The SPAN copies traffic from source interface/s to a destination interface where a network analyzer is attached. There is support for multiple source interfaces or a single VLAN and at least two source interfaces defined.

S1(config)# monitor session 1 source interface Gi1/1
S1config)# monitor session 1 destination interface Gi1/2

Table 3: Local SPAN Components

source port interface or VLAN
destination port interface
forwarding traffic transmit, receive or both
Local SPAN source and destination port on same switch

7. Describe network programmability in enterprise network architecture

The following statements describe SDN programmability:

  • SDN architecture decouples the control and data plane
  • control plane is a software module instead of a physical processor
  • SDN controller is a centralized control plane with a policy engine
  • infrastructure is abstracted from applications

The following statements describe the SDN Controller:

  • centralized management and network intelligence
  • network services are dynamically configurable
  • network appears as a single switch
  • moves control plane from physical devices to software abstracted layer

The following statements describe the purpose of SDN APIs:

  • SDN applications requests are sent via northbound APIs
  • SDN Controller relays information via southbound APIs to network devices
  • APIC-EM is the Cisco SDN Controller


Inline Feedbacks
View all comments
Would love your thoughts, please comment.x