» Network Administrators Survival Guide CCNP Recertification: Study notes for the Cisco CCNP exam

Network Administrators Survival Guide
Anand Deveriya
Cisco Press, 2006

Synopsis

A book covering the use of Open Source software to manage and document your Cisco network. Topics range from the traditional availablity and performance graphs, to more advanced security tools.

The Book

I was pretty happy when I received this book because a year ago I thought of the exact same thing but couldn’t get it off the ground. When I flipped through the index of Network Administrators Survival Guide (NASG) I thought “This is pretty much the book I wanted to write!” From that perspective, I’m glad that a book on Open Source network management and Cisco has finally hit the market.

The author’s philosophy is that while there are many good commercial packages out there, there’s also a lot of good free stuff. In an environment where you’re pressed to do more with less, Open Source starts to make great sense. The products he chose to discuss are those that he used himself in similar situations. Though Open Source is traditionally associated with Linux, the author recognizes not everyone is willing to adopt Linux, so Windows solutions for all the problems are also included with an equal level of detail. On the Cisco side, he covers IOS, CatOS, PIX, and VPN 3000 concentrators. Cisco’s line of commercial NMS products are also given a nod at the end of each chapter where appropriate, but unless you’ve used them before the descriptions don’t say much.

The basic flow of the book is pretty simple: Define the problem being solved; Survey the software available; Describe installation of the software under Linux; Describe installation of the software under Windows; Describe configuration of the Cisco equipment; Provide a summary. This pattern is repeated every chapter, which makes this a great how-to type book. The end of chapter summary is a simple table listing the tools, platforms they run on, and a URL which is a handy feature.

Within each topic the author picks one or two tools for each of Windows and Linux and goes over their basic configuration (this isn’t a hard and fast rule, since sometimes the same tool has both a Linux and Windows version). Having used most of the tools covered I can attest to their usefulness, though I feel the level of detail is less than I would have wanted. That said, at 500 plus pages getting to all the features I’d like to see would make this book several times its size. Instead, this book can be looked upon as an introduction to many tools with the instructions giving you enough to make the tool immediately useful. In most instances the tools are compared to help you choose. For example, in the Performance Monitoring section the author give some helpful limitations of the tools in terms of number of interfaces monitored, which will aid in the decision.

This book should not just be looked upon as a series of instructions on how to configure tools, there are also some good pointers on what to look for and how to interpret the results. Of particular note is the second chapter where many basic utilities, from ping to nslookup and even nbtstat are used to troubleshoot problems and perform common tasks like finding a host on the network.

Chapter Highlights

Chapter 3 - Access control. AAA is one of those features that isn’t well explained but allows for a great deal of flexibility when controlling access to network elements. This chapter covers both RADIUS and TACACS+, including the differences, along with the software to run it and how to implement it on your routers and switches. Not only do you learn how to set up the daemons, but you learn various ways to make use of it.

Chapter 4 - Syslog. Cisco devices generate a lot of helpful debugging output that most people ignore. This book covers two different Linux syslog servers (one is simple, the other more feature-rich but also complex) and one Windows server. On the Cisco side, the logging system is explained along with the parameters to tweak what gets logged.

Chapter 5- Monitoring Network Availability. Nagios and Big Brother are used, again each has different functionality which is well explained. Nagios is a very complex product, and this is one example of a situation where the book focuses on getting the basics going rather than trying to cover every feature.

Chapter 6- Network Performance Monitoring. MRTG and Cacti are the tools for this chapter, though some others get mentioned. MRTG is well explained, and even some recipes for advanced monitoring (such as CPU and firewall connections) are included. Cacti, like Nagios, is a complex product, so the author chooses to cover the basics of getting a device monitored rather than all the bells and whistles. That said, he makes a brief mention of where to get plugins, but never explains how to use them, which would have been helpful.

Buried deep in the end of this chapter is a mention of Service Assurance Agents as being a feature of IOS to measure performance. Unfortunately the author downplays their functionality, saying they only produce output in text format unless you buy Cisco IPM. Nothing could be further from the truth! In fact, Cacti has some helpful plugins to plot SAA data that I use with many of my routers to obtain useful data.

Chapter 7- Network Security Testing. The predictible tools (nmap and Nessus) are covered, but so are some Open Source packet analyzers, and the features in IOS to help them be useful (SPAN). This goes well with Chapter 8 - Router and Switch Security, where the security tools in IOS are used to lock down the network elements and enforce a baseline.

Chapter 9- Intrusion Detection System (IDS) has some good parts, like the use of Rancid to check for changes to configuration, but the topic of network IDS is so large it’s hard to do it justice in the 28 odd pages this chapter covers.

Chapter 10 - Virtual Private Networks goes over getting various Cisco products to speak with Linux and Windows VPN software. It seems somewhat out of place in this book, but would be a helpful reference if you ever have the need.

Chapter 11 - Network Documentation is something I’ve always taken for granted since I’ve always had Visio. But, for those companies that don’t want to shell out the cash for licences for the team, Anand has dug up both a Windows and a Linux replacement. In addition to showing off the software, he discusses the practice of diagraming your network (logical or physical? what do I include?) and how to best store your documentation for others to read.

Conclusion

I’m really impressed with this book. It’s perfect for anyone responsible for a Cisco network of any size who wants to know what’s going on. Even if you don’t need all the functionality described in this book, the time saved in implementing one or two of these will more than make the purchase worthwhile.