6.

Troubleshooting tools:-

Monitoring Tools

Introduction
Imagine you are a network administrator at GlobalNet Solutions. As your company expands and
integrates diverse technologies, maintaining visibility into network operations becomes increasingly
critical. You are tasked with ensuring that the network remains robust, reliable, and scalable while
proactively addressing issues before they impact performance.

Without effective monitoring, the organization risks delays in identifying critical failures, which could
disrupt client services and tarnish your company reputation. The lack of proactive monitoring can
also lead to scenarios such as delayed identification of misconfigured network policies, which might
cause degraded performance for critical cloud services or even impact service-level agreements
(SLAs) with enterprise clients.

The comprehensive suite of monitoring tools developed by Cisco becomes invaluable for such tasks.
Cisco monitoring solutions, including Simple Network Management Protocol (SNMP), syslog, and
model-driven telemetry (MDT), provide real-time insights into network health, enabling you to track
performance, troubleshoot issues, and optimize operations. These tools work across Cisco platforms
like NX-OS, Cisco IOS XE Software, and IOS XR Software, offering flexibility and compatibility to meet
the unique needs of your network.

In this course, you will do the following:

Explore the capabilities of Cisco monitoring tools.

Learn how Syslog centralizes system messages and organizes them by severity levels, ensuring quick
identification of critical events.

Explore SNMP’s ability to manage and monitor device performance through efficient communication
protocols.

Learn how MDT transforms monitoring by delivering high-frequency, structured data for actionable
insights.

Discover how Cisco centralized platforms, such as Cisco Catalyst Center and Cisco Nexus Dashboard,
simplify monitoring and provide a unified view of network health.

By using these powerful tools and technologies, you gain comprehensive control over your network,
ensuring that it adapts to the demands of your organization while maintaining top-tier performance.
This course equips you with the knowledge to configure and utilize Cisco monitoring tools effectively,
enabling you to build a proactive, efficient, and secure network environment.

Monitoring Options Overview

In today’s digital landscape, system monitoring is crucial for sustaining network reliability and
achieving seamless, high-performance connectivity. Monitoring collects real-time data from various
network components and keeps an accurate record of configuration changes and events on each
device. This allows engineers to quickly identify and address issues, ensuring the network runs
smoothly and efficiently.

A critical part of this process is establishing a performance baseline. It is used as a benchmark that
helps teams understand normal network behavior. It serves as a guide for troubleshooting and
assessing network health.
For enterprises, proactive network management is essential to detect anomalies early and maintain
service quality. A centralized network management system (NMS) plays a vital role in this strategy by
using protocols like syslog, SNMP, and MDT, which together provide continuous, real-time insights
into network operations. These tools enable network elements to send event data to a central server,
creating a holistic view of network activity and security.

All devices in the network should be polled for metrics using SNMP and they can send information to
an SNMP server for further analysis. All these devices should also send their logs to a syslog server.
Another option is to use more modern model-driven telemetry approach where data is sent to an
external collector, as seen in this figure.

Network Monitoring Use Cases

The main use cases for network monitoring and troubleshooting have not changed much, but
hardware capabilities and performance have changed significantly. Many third-party applications
have been developed to collect data from network devices for data storage, analysis, indexing,
searching, and visualization, and all these tools are open source.

Types of monitoring include the following:

Monitoring Benefits and Solutions

Cisco monitoring solutions incorporate SNMP, syslog, and MDT, which are integrated directly into the
operating system of Cisco networking devices. SNMP has long been a standard for collecting basic
data from network devices, enabling administrators to query device metrics, monitor changes in real
time, and receive alerts on critical events. For example, SNMP can notify engineers if a router’s CPU
usage spikes or if a key interface goes offline. Syslog adds another layer by recording and centralizing
system messages from devices, helping administrators categorize events by severity and maintain a
chronological record for easier troubleshooting.

In recent years, telemetry has become an advanced tool in Cisco networking, enabling continuous
streaming of detailed performance data to central systems. Unlike traditional polling, telemetry
provides real-time insights that allow network teams to identify trends and potential issues instantly,
often before they impact users. Cisco MDT supports high customization, allowing engineers to
specify the exact data points they want to track, such as latency, packet loss, or application flows.
This enhances visibility and simplifies the diagnosis of network issues.

Network monitoring offers significant benefits that strengthen operational efficiency and security.
With clear visibility into the network, administrators gain a comprehensive view of all connected
devices and data flows, enabling quick identification and resolution of performance issues. By
automating monitoring tasks, these systems free up IT resources, allowing staff to focus on strategic
projects.

Network monitoring also supports capacity planning by generating reports that help administrators
anticipate future infrastructure needs. Furthermore, it enables quicker detection of security threats
by establishing a baseline of normal network behavior, making unusual activity easier to identify and
investigate promptly.

To simplify and enhance monitoring, Cisco offers centralized management platforms such as the
following:

Cisco Catalyst Center: Designed for Cisco Catalyst switches, providing deep insights into network
health and security posture.
Cisco Nexus Dashboard: Unifies telemetry across data center fabrics, enabling advanced analytics
and proactive troubleshooting.

Cisco EPNM: Offers comprehensive monitoring capabilities tailored for service provider networks,
providing real-time visibility into both packet and optical infrastructure. Cisco EPNM allows operators
to track network health through correlated alarms, detailed fault management, and contextual
dashboards that offer 360-degree views of devices, ports, and services.

These platforms provide a unified view of network health, integrating monitoring tools into a single
console that streamlines operations. In this way, Cisco empowers administrators to optimize large-
scale networks efficiently, ensuring reliable, secure, and high-performing operations.

Answer

The correct answer is It allows for continuous real-time data streaming. This answer is correct
because telemetry provides the advantage of continuous real-time data streaming, which offers
instant insights into network performance and helps identify trends or potential issues before they
impact users. The It uses less bandwidth option is incorrect because telemetry's advantage is not
specifically about bandwidth use. The It operates on lower power devices option is incorrect because
telemetry's main advantage is not related to power consumption. Finally, the It is easier to
implement on legacy systems option is incorrect because telemetry is not necessarily easier to
implement on older systems compared to traditional polling.

Simple Network Management Protocol

Overview
SNMP is a foundational protocol used for monitoring and managing devices on a network. Designed
to provide administrators with an efficient way to gather information, SNMP enables the monitoring
of network devices like routers, switches, and servers. It collects performance metrics, detects issues,
and helps ensure overall network stability.

SNMP operates on a straightforward call-and-response mechanism between a manager (such as a

NMS) and agents (network devices being monitored), as seen in the previous figure. The protocol
uses a management information base (MIB), which is a structured collection of data objects specific
to each device type. This standardized format allows SNMP to work across a wide variety of devices.
When an NMS queries a device, it retrieves values from the MIB to report metrics such as CPU usage,
memory load, and interface statuses. These metrics help administrators identify performance trends,
pinpoint bottlenecks, and troubleshoot network issues before they lead to downtime.
To obtain information from the MIB on the SNMP agent, you can use several different operations, as
seen in the previous figure:

Get: This operation is a request sent by the manager to the SNMP agent to retrieve one or more
values from the MIB of the managed device.

Get-next: This operation is used to get the next object in the MIB from an SNMP agent.

Get-bulk: This operation allows a management application to retrieve a large section of a table at
once.

Set: This operation is used to put information in the MIB from an SNMP manager.

Trap: This operation is used by the SNMP agent to send a triggered piece of information to the SNMP
manager.

Inform: This operation is the same as a trap, but it adds an acknowledgment that a trap does not
provide.

SNMP operates across three versions—SNMPv1, v2c, and v3—with each version introducing new
features and improvements. SNMPv1, the original version, provided basic functionality but lacked
robust security. SNMPv2c improved on the protocol by introducing support for larger data types and
enhanced error handling, though it still had limited security capabilities. SNMPv3, however, brought
substantial security enhancements to the protocol, making it the preferred choice for modern
networks. Review the following table for more information on each version.

The benefits of SNMPv3 include the following:

Authentication configuration using usernames and passwords, which helps administrators to verify
the identity of communicating devices, preventing unauthorized access to network data.

Data encryptions support, ensuring that the information exchanged is private and secure from
potential eavesdroppers.

Mechanisms for message integrity, which make sure that data has not been tampered with during
transit, adding another layer of protection.

In a well-monitored network, SNMP serves as a vital tool for continuous and efficient device
management. It is especially important in multivendor environments where devices from different
manufacturers need to be monitored and managed cohesively. SNMP’s ability to retrieve and set
configurations, along with its alerting capabilities via traps, provides administrators with the insights
they need to proactively maintain and optimize the network.

When used with SNMPv3, these capabilities are secured, reducing the risk of unauthorized access
and ensuring data integrity. For beginners, understanding the basics of SNMP—its query-response
mechanism, alert system, and security features—is essential. This knowledge provides a solid
foundation for managing and monitoring network health across various devices and environments.

Using SNMP to Gather Information

To gather performance information, SNMP can be enabled on network devices like routers to collect
key metrics such as CPU usage, memory load, and interface traffic. This data is then sent to an SNMP
manager, where it can be visualized for easier interpretation. One example of an NMS that uses
SNMP data is Cacti, an open-source network monitoring tool. It provides graphical representations of
network performance, helping administrators monitor trends and spot issues early.

A network management application can display data that is gathered via SNMP in the form of graphs
and reports.

From the performance graphs in the example above, it is evident that the router is experiencing high
CPU usage. Based on network documentation, the router in question is a Cisco 1941 Series
Integrated Services Router (ISR), which has a throughput limit of 150 Mbps. However, with VPN
traffic and encryption enabled, this limit effectively drops to around 60 Mbps, according to Cisco
documentation.

The high CPU usage is likely due to the interface connected to the internet consistently handling
traffic close to this limit (averaging slightly under 58 Mbps). As a result, the router struggles to
process all the traffic, causing slow internet connectivity for users. To confirm this, it is essential to
observe CPU usage during periods of low traffic to verify that user experience improves when the
load is reduced.

When redesigning the network, consider the gathered performance data to identify any areas
needing upgrades. For example, it might be time to install a more powerful router to handle
increased traffic or processing demands. Ensure that only essential processes are running on the
router so that CPU load is not inflated by unnecessary services, such as console logging left enabled
after a troubleshooting session. By refining active services, you can optimize router performance and
make better use of network resources.
Answer

The correct answer is To send triggered information to the SNMP manager. This answer is correct
because the Trap operation allows an SNMP agent to alert the manager of specific events. The To
retrieve data from the SNMP manager option is incorrect because the Trap operation does not
involve data retrieval from the manager. The To set information in the MIB option is incorrect
because setting information is the purpose of the Set operation. The To acknowledge a request from
the SNMP manager option is incorrect because acknowledging requests is related to the Inform
operation, not Trap.

Configuring SNMP on Cisco Devices

Setting up SNMP on Cisco devices is a key step in establishing effective network monitoring. SNMP
provides the foundation for tracking device health, performance metrics, and receiving alerts for
critical events. It is essential for proactive network management. Cisco platforms—IOS XE, IOS XR,
and NX-OS—each support SNMP configuration, though with slight variations in command syntax and
process. Understanding these differences enables network administrators to set up SNMP correctly
across different devices, ensuring secure, consistent, and comprehensive network visibility.

Each platform’s unique requirements are highlighted to help you streamline SNMP setup in various
networks.

Cisco IOS XE Software Configuration

The following list walks you through configuring SNMP on Cisco IOS XE Software devices, covering
steps for defining SNMP communities, creating SNMPv3 groups and users for secure access, and
setting up SNMP traps to send alerts:
Define the SNMP Community: In global configuration mode, set up the SNMP community string,
which acts as a password for SNMP access.

Router(config)# snmp-server community public RO

Create an SNMP Group (Optional): Use the snmp-server group command to define an SNMP group,
particularly useful for setting up SNMPv3 security.

Router(config)# snmp-server group MyGroup v3 auth

Configure SNMPv3 User (Optional): For secure SNMP access, configure SNMPv3. Associate a user
with the group, specifying authentication and encryption.

Router(config)# snmp-server user MyUser MyGroup v3 auth md5 myPassword priv aes 128
myPrivPassword

In this setup, MyGroup is the group name, MyUser is the username, with md5 for authentication and
aes 128 for encryption. The parameters myPassword and myPrivPassword represent the
authentication and encryption passwords, respectively.

Set SNMP Traps (Optional): Configure the SNMP server host (192.168.1.1) to receive SNMPv3 traps.
Specify the security level and user to be used (MyUser).

Router(config)# snmp-server host 192.168.1.1 traps version 3 auth MyUser

IOS XR Software Configuration

The following list walks you through configuring SNMP on Cisco IOS XR devices, covering steps for
defining SNMP communities, creating SNMPv3 groups and users for secure access, and setting up
SNMP traps to send alerts.

Note

In IOS XR Software, no specific command is required to enable SNMPv3; the first snmp-server
command enables it by default. Also, IOS XR Software requires the commit command to apply
changes.

Define the SNMP Community: In global configuration mode, set up the SNMP community string,
which acts as a password for SNMP access.

RP/0/RSP0/CPU0:router(config)# snmp-server community public ro

Create an SNMP Group (Optional): Define an SNMP group (MyGroup) to establish security settings
and access levels for SNMPv3.

RP/0/RSP0/CPU0:router(config)# snmp-server group MyGroup v3 auth

Configure SNMPv3 User (Optional): For secure SNMP access, configure SNMPv3. Associate a user
with the group, specifying authentication and encryption.

RP/0/RSP0/CPU0:router(config)# snmp-server user MyUser MyGroup v3 auth md5 myPassword priv

aes 128 myPrivPassword

In this setup, MyGroup is the group name, MyUser is the username, with md5 for authentication and
aes 128 for encryption. The parameters myPassword and myPrivPassword represent the
authentication and encryption passwords, respectively.

Set SNMP Traps (Optional): Configure the SNMP server host (192.168.1.1) to receive SNMPv3 traps
and specify the security level and user (MyUser).

RP/0/RSP0/CPU0:router(config)# snmp-server host 192.168.1.1 traps version 3 auth MyUser

RP/0/RSP0/CPU0:router(config)# commit

NX-OS Configuration

The following list walks you through configuring SNMP on Cisco NX-OS devices, covering steps for
defining SNMP communities, creating SNMPv3 groups and users for secure access, and setting up
SNMP traps to send alerts:

Define the SNMP Community: In NX-OS, the snmp-server community command is similar, though ro
or rw are optional.

switch(config)# snmp-server community public ro

Create an SNMP Group (Optional): Set up an SNMP group (MyGroup) with security settings,
specifically for SNMPv3.

switch(config)# snmp-server group MyGroup v3 auth

Configure SNMPv3 User (Optional): Associate a user with the SNMP group, specifying authentication
and privacy.
switch(config)# snmp-server user MyUser MyGroup v3 auth md5 myPassword priv aes-128
myPrivPassword

In this setup, MyGroup is the group name, MyUser is the username, with md5 for authentication and
aes 128 for encryption. The parameters myPassword and myPrivPassword represent the
authentication and encryption passwords, respectively.

NX-OS uses aes-128 instead of aes 128 for encryption.

Set SNMP Traps (Optional): Configure the SNMP server host (192.168.1.1) to receive SNMPv3 traps
and specify the security level and user (MyUser).

switch(config)# snmp-server host 192.168.1.1 traps version 3 auth MyUser

Note

Both Cisco IOS XE Software and NX-OS automatically apply configuration changes when commands
are entered, so there is no need to use the commit command. Furthermore, in Cisco IOS XE Software
and NX-OS, SNMPv3 is explicitly enabled when you configure an SNMPv3 user or group using
commands such as snmp-server group and snmp-server user with SNMPv3 security options (for
example, auth and priv). There is no automatic enabling of SNMPv3 upon issuing the first snmp-
server command, as is the case in IOS XR Software.

Answer

The correct answer is To associate a user with security settings for SNMPv3 access. This answer is
correct because configuring an SNMPv3 user involves associating a user with specific security
settings, such as authentication and encryption, for secure SNMPv3 access. The To define the
community string for SNMP access option is incorrect because it describes the purpose of defining
the SNMP community string. The To create a host for receiving SNMP traps option is incorrect
because it is related to SNMP trap configuration. The To enable SNMPv3 by default option is
incorrect because SNMPv3 is enabled through specific configuration commands, not automatically by
user configuration.

Model-Driven Telemetry Overview

Monitoring Cisco devices using telemetry provides a transformative approach to network

management, replacing traditional, pull-based monitoring like SNMP with a continuous push of real-
time data. Telemetry enables network devices to stream operational and performance data directly
to an external collector, as seen in the following figure. It offers a faster and more scalable way to
gather insights.

This real-time monitoring allows network administrators to make proactive decisions and detect
potential issues before they impact network performance. As Cisco devices adopt MDT and utilize
standard-based Yet Another Next Generation (YANG) data models, network telemetry data is
structured and highly customizable, which simplifies integration with modern analytics and
monitoring tools.

Telemetry on Cisco devices enhances monitoring by providing a clear distinction between

operational and configuration data, as seen in the figure. Operational data reflects the real-time state
of the device, such as interface statistics and CPU usage, while configuration data defines the device's
setup, including VLANs and routing protocols. This separation allows for more focused monitoring
and troubleshooting, delivering actionable insights based on live network conditions or changes.

Cisco telemetry uses YANG models, a standard for defining configuration and operational data, to
ensure flexibility and compatibility. Cisco supports both open YANG models, which offer
interoperability across vendors, and native YANG models, optimized for features specific to Cisco, like
Quality of Service (QoS) and application visibility. This structure ensures that telemetry data aligns
with the device's capabilities, allowing organizations to extract precise, relevant insights for
improving network performance and reliability.

Data encoding options further enhance telemetry's adaptability, allowing telemetry data to be
formatted to suit various monitoring systems. Cisco supports multiple encoding methods, including
JavaScript Object Notation (JSON) and Google Protocol Buffers (GPB). JSON encoding is widely
compatible, human-readable, and integrates well with web-based monitoring and analytics tools.
GPB, particularly the key-value variant (kvGPB), is highly efficient and compact, making it ideal for
high-frequency data streams and bandwidth-limited environments. By selecting the appropriate
encoding, telemetry data can be seamlessly integrated with existing monitoring infrastructures, from
open-source solutions like the ELK stack, which comprises Elasticsearch, Logstash, and Kibana, to
advanced analytics platforms like Prometheus and Grafana.

Cisco telemetry offers two modes for data streaming:

Dial-out: Allows a Cisco device to actively push data to a collector without waiting for a data request.
This mode enables continuous monitoring, ideal for high-frequency data collection where minimal
latency is required. For instance, when using gRPC as a transport protocol, telemetry data can be
streamed over a stable, bidirectional connection, which enables a real-time feedback loop for
network monitoring.

Dial-in: Allows the collector to initiate a subscription, requesting data as needed. This mode provides
more flexibility by enabling data collection on demand and is commonly used with NETCONF as the
transport protocol.

With these modes, Cisco telemetry can be customized based on the specific monitoring needs of the
organization. Whether they need consistent data updates or occasional, event-driven checks, as
shown in the following figure.

Periodic telemetry pushes data at regular intervals, providing a continuous stream of device metrics
that is ideal for monitoring ongoing trends. On-change telemetry, on the other hand, transmits data
only when specific metrics change, such as interface status or CPU load. This reduces data volume
and is effective for alerting administrators to critical events in real-time. The combination of these
subscription options ensures that telemetry aligns with both high-level network monitoring and
precise, event-based tracking.
A key benefit of telemetry lies in its efficiency and accuracy. Unlike traditional methods where a
central manager must continuously request data from devices, telemetry operates on a push-based
model. It streams data from Cisco devices to a collector at specified intervals or when changes occur.

This significantly reduces the burden on network devices, as they are no longer tasked with
responding to multiple data requests. Instead, telemetry streams data directly according to
preconfigured policies, providing consistent, up-to-date insights into device health, traffic levels, and
other critical metrics. By delivering data at a higher frequency and in near real-time, telemetry
ensures that network operators have access to timely, actionable information.

In summary, telemetry on Cisco devices brings a new level of visibility and efficiency to network
monitoring. By providing structured, high-frequency data, telemetry empowers administrators to act
on real-time insights and maintain optimal network performance. The versatility of dial-out and dial-
in modes, coupled with flexible encoding and subscription options, makes telemetry a robust
solution for organizations aiming to modernize their monitoring capabilities and achieve a proactive,
data-driven approach to network management.

Answer

The correct answer is To define configuration and operational data. This answer is correct because
YANG models ensure flexibility and compatibility by structuring telemetry data, facilitating precise
and relevant insights. The To provide data encryption option is incorrect because YANG models do
not handle encryption. The To manage network device security option is incorrect because YANG
models are not specifically for security management. The To convert data into human-readable
formats option is incorrect since data formatting is typically managed by encoding methods.

Configuring Telemetry Streaming on Cisco

Devices
Configuring telemetry streaming on Cisco devices provides an efficient way to monitor and manage
network performance by enabling real-time data streaming to external collectors. Unlike traditional
methods, such as SNMP, telemetry uses a push-based model that delivers structured, high-frequency
data for actionable insights. The following content outlines the steps for configuring telemetry on
Cisco NX-OS, Cisco IOS XE, and IOS XR devices, highlighting the commands needed and important
differences across these platforms.

Three high-level steps are required to configure telemetry on different Cisco platforms:

Define the data format and the destination to which the data will be sent.

Configure the data to be collected as part of the sensor group.

Set the subscription between the sensor group and the destination, and the rate at which to send
the data (in milliseconds).

The command syntax and specific configuration paths vary slightly between Cisco IOS XE Software,
NX-OS, and IOS XR Software.

Configuring Telemetry Streaming on Cisco IOS XE Software

On IOS XE Software, telemetry configuration begins by enabling the feature and defining a telemetry
subscription. Use the following commands:

Router(config)# telemetry ietf subscription 1

Router(config-telemetry-subscription)# encoding encode-kvgpb

Router(config-telemetry-subscription)# filter xpath /interfaces/interface/statistics

Router(config-telemetry-subscription)# stream yang-push

Router(config-telemetry-subscription)# update-policy periodic 1000

Router(config-telemetry-subscription)# receiver ip address 192.168.1.10 50051 protocol grpc-tcp

Here, subscription 1 uniquely identifies the telemetry session.

The encoding parameter supports:

encode-kvgpb: Efficient for compact data transmission, commonly used in gRPC setups.

encode-json: Useful for JSON-compatible collectors like ELK stack or Grafana.

The xpath filter specifies the YANG model path to the operational data being streamed, such as
interface statistics. The receiver ip address and protocol grpc-tcp define the destination for telemetry
data, aligning with widely used collectors like Prometheus and Grafana. This setup streams data
every second (update-policy periodic 1000), ensuring a continuous flow of monitoring data.

Configuring Telemetry Streaming on Cisco NX-OS

To configure telemetry on Cisco NX-OS, start by defining a telemetry subscription, which specifies the
data to be streamed, the receiver’s details, and the transport protocol. In NX-OS, use the following
commands to create a subscription:

switch(config)# feature telemetry

switch(config)# telemetry destination-profile

switch(config-telemetry)# destination-profile-name MyProfile

switch(config-telemetry-dest-profile)# destination-ip 192.168.1.10

switch(config-telemetry-dest-profile)# destination-port 50051

switch(config-telemetry-dest-profile)# encoding encode-kvgpb

Here, destination-profile-name (for example, MyProfile) identifies the telemetry destination profile,
which stores the details of where the telemetry data will be sent. The destination-ip and destination-
port specify the collector’s address and port.

The encoding parameter supports multiple options:

encode-kvgpb: Uses GPB for compact and efficient encoding, ideal for high-frequency data streams.

encode-json: Provides human-readable JSON encoding, suitable for web-based analytics tools.

Next, define the subscription itself:

switch(config)# telemetry subscription MySubscription

switch(config-telemetry-subscription)# sensor-group-id MySensorGroup

switch(config-telemetry-subscription)# destination-profile MyProfile

switch(config-telemetry-subscription)# sample-interval 5000

The telemetry subscription name (for example, MySubscription) uniquely identifies the telemetry
session, while sensor-group-id (for example, MySensorGroup) groups specific metrics or operational
data to monitor, such as interface traffic or CPU usage. The sample-interval sets the periodicity in
milliseconds, determining how frequently data is streamed. Cisco NX-OS supports telemetry over
gRPC, making it ideal for real-time monitoring in high-frequency environments.

Configuring Telemetry Streaming on Cisco IOS XR Software

In IOS XR Software, telemetry setup includes defining a subscription, a receiver, and associated
metrics. Start by entering configuration mode and using the following commands:

RP/0/RSP0/CPU0:router(config)# telemetry model-driven

RP/0/RSP0/CPU0:router(config-md-telemetry)# subscription MySubscription

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription)# sensor-group-id MySensorGroup

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription)# encoding gpb

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription)# stream yang-push

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription)# source-interface MgmtEth0/0/CPU0/0

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription)# receiver 192.168.1.10

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription-receiver)# port 50051

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription-receiver)# protocol grpc

RP/0/RSP0/CPU0:router(config-md-telemetry-subscription-receiver)# commit

The subscription MySubscription uniquely names the telemetry session, while sensor-group-id
MySensorGroup specifies a logical grouping of data points (for example, memory usage or interface
traffic) defined in the YANG model.
The encoding parameter supports multiple options:

gpb: Compact and optimized for high-speed streaming.

json: Readable format, easier to debug and integrate with various tools.

The source-interface identifies the interface used for telemetry traffic, ensuring proper routing, while
the receiver details specify where the telemetry data is sent.

Key Differences Across Platforms

The configuration syntax and feature availability vary across NX-OS, IOS XE Software, and IOS XR
Software. NX-OS uses destination profiles (MyProfile) to define receiver details separately, while IOS
XE Software and IOS XR Software include receiver configurations directly in the subscription. Also,
IOS XR Software requires specifying a source-interface, a step not mandatory in NX-OS or IOS XE.
Another IOS XR required command is commit, which is needed for your configuration to become part
of the running-config of the device.

By configuring telemetry across these platforms, organizations can gain real-time insights into device
and network behavior, supporting proactive management and optimized performance. Cisco
telemetry solutions align with modern network demands, providing structured, high-frequency data
streams that enhance visibility and enable robust, data-driven decision-making.

Answer

The correct answer is It enables real-time data streaming to external collectors for actionable
insights. This answer is correct because telemetry streaming provides real-time data streaming to
external collectors, allowing for timely and actionable network insights. The It allows for manual data
collection at specified intervals option is incorrect because manual data collection does not leverage
the real-time capabilities of telemetry streaming. The It supports only SNMP-based monitoring
option is also incorrect because telemetry uses a push-based model, unlike SNMP, which is pull-
based. Finally, the It restricts network performance monitoring to internal Cisco tools option is
incorrect because telemetry is designed to work with external collectors, not just internal tools.

System Message Logging on Cisco

Devices
System message logging, or syslog, is a critical feature for monitoring and maintaining Cisco
networking devices, providing real-time visibility into device operations. By generating and
centralizing log messages, syslog enables administrators to track events, detect issues, and ensure
optimal network performance. Each message includes a timestamp, ensuring precise tracking of
when events occur, which is vital for troubleshooting and correlating logs across devices.

Understanding the benefits of syslog and how severity levels organize event data is essential for
using this powerful tool effectively in network management. One of the main benefits of syslog is its
ability to provide a centralized repository of device messages. Cisco devices generate messages that
record everything from routine operations to critical errors. These messages can be stored locally on
the device or forwarded to an external syslog server.

By using a central server, as shown in the following image, administrators can aggregate logs from
multiple devices, providing a comprehensive view of network health and behavior. This centralized
logging simplifies troubleshooting by allowing administrators to correlate events across devices,
identify root causes faster, and maintain historical records for audits or compliance purposes.
Syslog also plays a key role in proactive monitoring and alerting. Cisco devices use syslog to report on
various activities, such as configuration changes, interface status updates, and security events. By
monitoring these logs, administrators can detect anomalies or patterns that indicate potential issues,
such as an interface repeatedly going down or unexpected login attempts. With automated alerts,
syslog can notify administrators of critical issues in real-time, enabling faster response and
minimizing downtime.

The granularity of syslog messages is managed through severity levels, which range from 0
(Emergency) to 7 (Debug). These levels prioritize the importance of messages, helping administrators
focus on the most critical events while filtering out less important data. Below are the syslog severity
levels and their meanings:

0—Emergency: The highest severity level, indicating a catastrophic event that makes the system
unusable (for example, hardware failure or complete power loss).

1—Alert: Requires immediate action to prevent critical issues, such as running out of disk space or
memory.

2—Critical: Indicates serious conditions that could affect system functionality, such as hardware
errors or failed processes.
3—Error: Represents non-critical errors that need attention but do not immediately disrupt system
operation.

4—Warning: Highlights potential issues that may require investigation, such as high CPU usage or
approaching resource limits.

5—Notice: Provides normal but significant messages about device operation, such as successful
configuration changes.

6—Informational: Supplies general information about system operations, like interface state changes
or routine updates.

7—Debug: The lowest severity level, offering detailed information used for troubleshooting and
debugging purposes.

Cisco devices provide flexible syslog configurations, allowing users to control where and how
messages are sent. Messages can be stored in the device’s local buffer for immediate access,
displayed on the console for real-time monitoring, or forwarded to a remote syslog server.
Forwarding to a syslog server is especially beneficial for large networks, as it offloads storage from
the devices and creates a unified logging infrastructure. Also, syslog can integrate with Security
Information and Event Management (SIEM) systems, enhancing security monitoring by correlating
log data with other threat intelligence.

Beyond troubleshooting and monitoring, syslog supports network automation and predictive
maintenance. By analyzing syslog data, organizations can identify recurring patterns, such as devices
nearing capacity or components that require replacement. This insight enables administrators to plan
upgrades and maintenance proactively, reducing unexpected downtime, and improving overall
network reliability.

In summary, system message logging with syslog is a foundational tool for managing Cisco devices. Its
ability to centralize, categorize, and monitor logs ensures visibility into network operations and
supports faster troubleshooting. With severity levels, administrators can prioritize events, focusing
on what matters most.

Whether used for real-time monitoring, historical analysis, or security integration, syslog enhances
operational efficiency and provides a robust framework for maintaining a healthy, secure, and high-
performing network. For beginners, a thorough understaning syslog is a key step toward effective
network management and operational excellence.
Answer

The correct answer is Allows aggregation of logs for comprehensive network analysis. This answer is
correct because centralizing syslog messages enables the aggregation of logs from multiple devices,
providing a comprehensive view for troubleshooting and historical analysis. The Reduces the need
for network security protocols option is incorrect because centralizing logs does not eliminate the
need for security protocols. The Ensures local devices have more storage space option is incorrect,
because the primary benefit is comprehensive analysis, not storage management. Lastly, the
Provides real-time interface status updates option is incorrect because syslog focuses on event
logging, not real-time status updates.

Configuring Logging on Cisco Devices

Configuring logging on Cisco devices is a foundational task for ensuring effective network monitoring
and troubleshooting. Logging provides real-time insights into device operations, offering a
centralized view of critical events such as configuration changes, security alerts, and system errors.
Whether you're using NX-OS, Cisco IOS XE Software, or IOS XR Software, the process for configuring
logging follows a similar structure but includes platform-specific commands and considerations. This
guide outlines the steps for configuring and verifying logging on Cisco devices, along with examples
tailored to each platform.

Logging on Cisco IOS XE Software

Logging configuration on IOS XE Software follows a similar process, with support for multiple
destinations and flexible severity level settings. To configure logging on IOS XE Software, use the
following commands:

Router(config)# logging host 192.168.1.10

Router(config)# logging on
Router(config)# logging trap informational

Router(config)# service timestamps log datetime msec

The logging host command defines the remote syslog server. logging on enables logging globally,
while logging trap sets the severity level for messages sent to the syslog server. The service
timestamps log datetime msec command ensures that logs include precise timestamps with
milliseconds.

To verify logging, use:

Router# show logging

This command displays the current logging configuration and recent messages, allowing you to
confirm that logs are being generated and sent to the correct destinations.

Logging on Cisco NX-OS

In NX-OS, logging configuration begins by enabling the logging feature and defining where logs
should be sent. NX-OS supports multiple destinations, including the local buffer, the console, and
external syslog servers. Use the following commands to set up logging:

switch(config)# logging server 192.168.1.10 6

switch(config)# logging timestamp

switch(config)# logging level all warnings

switch(config)# logging logfile mylogfile 4

Here, logging server specifies a remote syslog server (192.168.1.10) and the severity level (6,
Informational). The logging timestamp command ensures all logs include timestamps for accurate
tracking. The logging level command sets the minimum severity level for messages across all
facilities, while logging logfile creates a local log file with severity level 4 (Warning).

Once configured, you can verify logging with:

switch# show logging logfile

This command displays the contents of the log file, ensuring that messages are correctly captured.

Logging on Cisco IOS XR Software

Logging on IOS XR Software requires enabling logging and configuring destinations, similar to NX-OS
and IOS XE Software, but with slight syntax differences. Use the following commands to set up
logging:

RP/0/RSP0/CPU0:router(config)# logging host 192.168.1.10 vrf default

RP/0/RSP0/CPU0:router(config)# logging on

RP/0/RSP0/CPU0:router(config)# logging trap warnings

RP/0/RSP0/CPU0:router(config)# logging timestamp

The logging host command defines the syslog server and optionally specifies a VRF for routing the
logs. logging on enables logging globally, while logging trap sets the severity level (for example,
warnings). The logging timestamp command ensures messages include time data for precise
tracking.

To verify logging on IOS XR, use:

RP/0/RSP0/CPU0:router# show logging

This displays the logging configuration and recent messages, ensuring everything is functioning as
expected.

Key Differences Across Platforms

While the basic concepts of logging are consistent, some differences exist among NX-OS, IOS XE
Software, and IOS XR Software:

Destination configuration: NX-OS and IOS XE Software use logging server and logging host,
respectively, while IOS XR Software includes VRF support in the logging host command.

Timestamp format: All platforms support timestamps, but the command syntax differs slightly (for
example, logging timestamp in NX-OS vs. service timestamps in IOS XE Software).

Severity levels: Logging severity levels (0 for Emergency to 7 for Debug) are universal across
platforms, but default levels may vary.

Configuring logging on Cisco devices is essential for maintaining visibility into network operations. By
understanding the nuances of NX-OS, IOS XE Software, and IOS XR Software, administrators can set
up logging tailored to their network’s needs. With centralized log management, timestamped
messages, and flexible severity level controls, Cisco’s logging capabilities provide a robust framework
for proactive monitoring and troubleshooting. Following these steps ensures that your network is
equipped for efficient and effective operation.

Answer

The correct answer is Router# show logging. This answer is correct because the show logging
command is used to verify the logging configuration and recent messages. The Router(config)#
logging on option is incorrect because it enables logging globally, not for verification. The
Router(config)# logging host 192.168.1.10 option is incorrect because it specifies a syslog server
rather than verifying logs. The Router(config)# logging trap warnings option is incorrect since it sets
the severity level for logging, not for verification purposes.

Configure SNMP, Logging, and Telemetry

on Cisco Catalyst Router
Configure SNMP on a Cisco Router

In this task, you will configure SNMPv3 on a Cisco Cat8000v router to

enable secure polling and event notifications. SNMPv3 provides
authentication, encryption, and access control mechanisms, making it the
preferred choice for network monitoring traffic.

You will try to retrieve specific information from the device over SNMP, and
also capture and explore SNMP messages.
Step 1
Show Me
Access the Cisco Modeling Labs WebUI. To access Cisco Modeling Labs
running in your lab environment, open a web browser on your student PC
and navigate to https://10.1.1.20 or click the Cisco Modeling
Labs bookmark.
Step 2
Show Me
Log in to access the main dashboard.

Use the following credentials:

 Username: student
 Password: 1234QWer
Step 3
Show Me
Click the lab named SNMP, Logging and Telemetry to get to the
workbench.
Step 4
Show Me
Check all devices in the topology and ensure they have fully booted before
proceeding with the lab steps or accessing the console. Attempting to
interact with a device that has not fully booted may interrupt the boot
process. Wait for a green checkmark to appear next to each node,
indicating that it is ready.
Step 5
Show Me
Access the console of the cat8000v router by right-clicking the node and
choosing Console.
Step 6
Show Me
In the pane at the bottom, click the OPEN CONSOLE button.
Step 7
Show Me
Log in to the router and enter global configuration mode.
Step 8
Show Me
First, create an SNMP group to define access control and permissions. Use
the snmp-server group GROUPNAME v3 auth command and
replace GROUPNAME with network_team.
Step 9
Show Me
Create an SNMP user and add it to the created group using the
snmp-
server user USERNAME GROUPNAME v3 auth sha AUTH-PASSWORD priv aes
128 PRIV-PASSWORD command.

Replace USERNAME, AUTH-PASSWORD, and PRIV-PASSWORD with

the following values:
 USERNAME: admin
 AUTH-PASSWORD: admin123
 PRIV-PASSWORD: cisco123
 GROUPNAME: network_team
Step 10
Show Me
Now that SNMPv3 is configured on the router, you can try polling the
device to retrieve some information. First, open a new terminal window on
your Student Virtual Machine (VM).
Step 11
Show Me
You will use the snmpwalk tool to communicate with the router over SNMP.
In this case, snmpwalk should already be installed on your Student VM.

Verify if the tool is already installed using the snmpwalk --version command.
Step 12
Show Me
Use snmpwalk to poll the router for interface statuses.

Use the snmpwalk -v3 -u <USERNAME> -l authPriv -a SHA -A <AUTH-

PASSWORD> -x AES -X <PRIV-PASSWORD> <ROUTER-IP> <OID> command
and set the required parameters:
 USERNAME: Use the SNMP user that you configured earlier
(admin).
 AUTH-PASSWORD: The authentication password for the user
(admin123).
 PRIV-PASSWORD: The privacy (encryption) password (cisco123).
 ROUTER-IP: The IP address of the router’s management interface
(10.1.1.50).
 OID: The Object Identifier (OID) for interface statuses
(1.3.6.1.2.1.2.2.1.8).
Step 13
Show Me
Besides allowing you to poll devices for information, SNMP also supports
traps, which are unsolicited messages sent by a device to an SNMP server
(trap receiver). Traps notify the server about important events in real-time,
such as interface status changes or authentication failures.

In this case, enable traps for link state changes and set your Student VM
as the SNMP trap destination using the snmp server host and snmp server
enable traps commands.
Step 14
Show Me
When an event that triggers a trap message occurs, the router sends a trap
notification to the configured SNMP trap receiver. In the following steps,
you will try to simulate such an event and capture the SNMP message.

To observe the traffic between the router and the configured SNMP server
you have to capture the traffic on the link connected to the external
connector. Right-click on that link and choose Packet Capture.
Step 15
Show Me
A Packet Capture tab should open in the bottom pane. Click
the Start button to start capturing the traffic.
Step 16
Show Me
Simulate a link-down event by shutting down the GigabitEthernet
4 interface.
Step 17
Show Me
Go back to the Packet Capture tab and observe the captured traffic.
Among other traffic, you should see an SNMP trap message. You can also
open the packet and explore its details.

Configure Logging on a Cisco Router

Besides being able to send real-time notifications about specific events

using SNMP, Cisco devices also log network events for detailed analysis
and troubleshooting. By default, a network device sends system messages
and debug command outputs to a logging process. The logging process
manages the distribution of these messages to various destinations, such
as the logging buffer, console, and terminal lines, or forwards them to a
central server over the Syslog protocol.
In this task, you will explore the syslog protocol and learn how to configure
Cisco devices to forward log messages to a central syslog server.
Step 18
Show Me
Access the console of the Cat8000v router again and exit the previous
configuration session if needed.
Step 19
Show Me
First, use the show logging command to explore the syslog messages that
are stored on the router. Make sure that you execute the command from
the privileged execution mode.
Step 20
Show Me
Now, you will configure the router to send the log messages to a central
syslog server in your network by specifying a syslog server host as a
destination for syslog messages and limiting the syslog messages that are
sent to the syslog server based on severity.

First, go to the global configuration mode.

Step 21
Show Me
Specify the destination for the syslog messages using the logging
host command. In this case, configure the router to send messages to the
syslog server at the IP address 192.168.1.10.
Step 22
Show Me
Configure the severity level of logs to be forwarded to the syslog server. In
this case, ensure that only warnings or more severe messages are sent.
Use the logging trap command to set this level.
Step 23
Show Me
With the logging source-interface command, you can control the source IP
address for the syslog messages. In this case, set the source interface
to GigabitEthernet 1.
Step 24
Show Me
Run the show logging command again, this time focusing on the configured
logging destinations.
Step 25
Show Me
You can also try to simulate an event that will generate a log message and
capture it. Click the link between the router and the syslog server and start
the packet capture.
Step 26
Show Me
Trigger a log message by starting the GigabitEthernet4 interface again.
Step 27
Show Me
Look for the syslog message in the captured traffic. You can also use the
search feature to filter out the syslog messages only.

Obtain Router Data Using Telemetry

So far, you have explored how to use SNMP for polling device data,
receiving real-time event notifications, and logging to capture detailed
records of network events. While these methods are essential, they come
with limitations in scalability and efficiency. As the network grows, it is
harder and harder to monitor it with traditional tools. That is why many
Cisco devices also support MDT.

MDT enables devices to continuously stream structured data to a telemetry

collector in real-time. Using modern protocols like Google Remote
Procedure Call (gRPC) and data models like Yet Another Next Generation
(YANG), you can set up efficient and scalable telemetry solutions acting
like a network of advanced sensors, monitoring crucial data about its
health, utilization, and availability.

In this task, you will configure an MDT on a Cisco router to stream real-time
interface statistics to a telemetry collector. By the end, you will see how
telemetry complements SNMP and logging, providing a more modern and
scalable approach to network monitoring.
Step 28
Show Me
Open the CLI of the Cat8000v router again and make sure that you are in
the global configuration mode.
Step 29
Show Me
Enable the NETCONF-YANG feature on your router using the netconf-
yang command.
Step 30
Show Me
Create a new telemetry subscription on your router using the telemetry ietf
subscription command. Assign a unique ID to the subscription; in this case,
use the number 1.
Step 31
Show Me
Configure the encoding format for the telemetry subscription using
the encoding command. Use the encode-kvgpb option to encode the data in
Google Protocol Buffers (GPB) format for efficient transmission.
Step 32
Show Me
Configure the telemetry data filter. In this case, create an xpath filter for the
CPU utilization data.
Step 33
Show Me
Specify the source IP address as 192.168.1.1 using the source-
address command.
Step 34
Show Me
Configure the telemetry stream type using the stream yang-push command.
Step 35
Show Me
Set the update policy to periodic using the update-policy command.
Step 36
Show Me
Configure the telemetry receiver using the receiver ip address command. In
this step, specify the telemetry server as the receiver, set the port to 50051,
and use the grpc-tcp protocol for data transmission.
Step 37
Show Me
Verify the telemetry subscription status to confirm the router's configuration.
Use the show telemetry ietf subscription 1 brief command.
Step 38
Show Me
Now check the details of the configured subscription and note the current
state. Use the show telemetry ietf subscription 1 detail command.

Answer

The correct answer is To define the specific data to be collected and sent. This answer is correct
because an xpath filter specifies which data elements should be included in the telemetry stream.
The To encrypt telemetry data before transmission option is incorrect because encryption is not the
role of an xpath filter. The To specify the IP address of the telemetry receiver option is incorrect
because specifying the IP address is done with a different command. The To set the update interval
for telemetry data option is incorrect because setting the update interval is not related to the xpath
filter but rather to the update-policy configuration.

Summary

Cisco monitoring tools provide an integrated approach to managing and optimizing network
performance across various platforms. These tools, including SNMP, Syslog, and Model-Driven
Telemetry, allow for real-time data collection, centralized logging, and advanced analytics.

By using these technologies, administrators gain enhanced visibility into network operations,
enabling proactive management and efficient troubleshooting. The adoption of YANG models and
flexible data encoding ensures compatibility with modern analytics platforms and provides granular
insights into device behavior.

After completing this course, you will be able to address the following questions:

How does SNMP support real-time network monitoring, and what are its main operational features?
How does Model-Driven Telemetry differ from traditional monitoring methods, and what are its
advantages?

What are the key severity levels in Syslog, and how do they support effective network monitoring?

Troubleshooting and Best Practices

Introduction
As a network engineer, you know that diagnosing and resolving network issues is critical to
maintaining seamless operations and minimizing downtime. Picture this: a critical application is
inaccessible, and users are escalating concerns. How do you quickly pinpoint and resolve the
problem?

This course equips you with the skills to confidently address such challenges. You will explore the key
commands needed to verify functionality and configurations and get to know packet-capturing tools
to analyze traffic. You will also learn to leverage Cisco’s extensive support resources, including the
Technical Assistance Center (TAC) and the Bug Search Tool, to optimize your troubleshooting
workflows and enhance your efficiency.
By the end of this course, you will be able to streamline diagnostics, resolve common network issues,
and maintain optimal network performance, ensuring reliability and success in your role. Get ready
to sharpen your troubleshooting skills and tackle network challenges head-on!

Common Troubleshooting Commands

Here you will find an overview of basic Cisco troubleshooting commands or tools, such as ping,
traceroute, and telnet, which are essential for diagnosing and resolving network connectivity issues.
You will learn how to effectively use these commands to test reachability, identify network paths and
gain insights into potential communication failures.

Note

The following examples display commands and outputs from the Cisco IOS XE operating system.
While all these commands are supported on other operating systems, such as Cisco IOS XR and NX-
OS, some syntax and output formats may slightly differ.

Some of the basic Cisco commands are the following:

Ping: Verifies network connectivity to a specific IP address or hostname. With this command, you can
also measure latency and packet loss.

Traceroute: Identifies the path packets take to a destination, and highlights each hop and latency.

Telnet: Tests application-layer connectivity to remote services. This command is useful for verifying
ports and manual protocol interactions.

The following is a Linux/UNIX utility command:

Netcat: Tests TCP/UDP connectivity, scans ports, or interactions with servers. It can act as a client or
server to simulate requests such as HTTP or Simple Mail Transfer Protocol (SMTP).

Ping

Ping is the most basic and widely used network troubleshooting command for verifying connectivity
between hosts. It is usually the first command that you will use when you are tasked with
troubleshooting an issue.
Ping works by sending Internet Control Message Protocol (ICMP) Echo Request packets to a specified
destination and waiting for Echo Reply packets in return. This process helps determine whether a
host is reachable, how long it takes for packets to travel (latency), and whether packet loss is
occurring.

In the following example, the ping 10.154.17.1 command successfully sends five ICMP Echo Request
packets to the destination and receives five ICMP Echo Replies. These replies are indicated by
the !!!!! output, showing a 100% success rate. The result also displays the minimum (1), average (3),
and maximum (8) round-trip time in milliseconds.

C8000V-PEER#ping 10.154.17.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.154.17.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms

C8000V-PEER#

In the next example, the command ping 10.154.27.1 fails to receive any replies, indicated by the .....
output, meaning all packets timed out.

C8000V-PEER#ping 10.154.27.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.154.27.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Besides the most common ! and . outputs, there are other codes that help you identify various states
of the network, as seen in the following table:
here are various options that you can use with the ping command, allowing customization such as
specifying the Virtual Routing and Forwarding (VRF) or changing the packet size and count.

C8000V-PEER#ping vrf CUST001 www.companytestsite.local source Gi4.2001 timeout 5 size 1024 df-
bit repeat 100

Type escape sequence to abort.

Sending 100, 1024-byte ICMP Echos to 10.58.212.132, timeout is 5 seconds:

Packet sent with a source address of 192.168.20.1

Packet sent with the DF bit set

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 21/21/22 ms

Here is a breakdown of some of the most common parameters that are used in the previous ping
command:

vrf CUST001: Specifies the VRF instance CUST001 to be used as the source of the ping.

www.companytestsite.local: Determines the target hostname or IP address to ping. Domain Name

System (DNS) must be configured to resolve hostnames.

source Gi4.2001: Sets the source interface for the ping. Instead of the interface, a valid IP address
can also be specified.
timeout 5: Sets the timeout for each ping reply to 5 seconds. The default value is 2.

size 1024: Specifies the ICMP Echo Request packet size as 1024 bytes. The default size is 100.

df-bit: Ensures that the "Don't Fragment" bit is set, preventing fragmentation of the packet along the
path.

repeat 100: Specifies the number of packets to be sent. The default value is 5.

Traceroute

The traceroute command is another common network troubleshooting tool that is used alongside
ping to diagnose connectivity issues. It identifies the path that packets take from the source device to
a destination, displays the routers (hops) along the way and measures the time that the packets need
to travel between each hop. This information helps you pinpoint where delays, packet loss, or
connectivity failures occur in the path.

Traceroute sends packets with progressively increasing the Time to Live (TTL) values, starting with
TTL = 1 toward the destination. Each router along the path decrements the TTL by 1. When it reaches
0, it sends back an ICMP "Time Exceeded" message, allowing the traceroute to identify each hop
sequentially until the destination is reached.

For example, to identify the third hop, the source router sends a packet with TTL = 3 to the
destination. When this packet reaches the third router, it has the TTL = 1 because each of the two
previous routers decreased the TTL by 1. The third router also decreases it by 1, so it becomes 0, and
then sends back the "Time Exceeded" message. The "Time Exceeded" message is sent from the third
hop router to the source router helping it with the identification.
In the following example, the traceroute command is used to the destination 10.250.11.1. The
numeric option is used to prevent resolving IP addresses to hostnames in the output, which can
speed up the process. The output displays the hops that the packets traverse toward the destination.
In this example, the hops 172.31.0.9 and 172.31.0.10 alternate repeatedly, indicating a routing loop.

C8000V-PEER##traceroute 10.250.11.1 numeric

Type escape sequence to abort.

Tracing the route to 10.250.11.1

VRF info: (vrf in name/id, vrf out name/id)

1 192.168.0.1 1 msec 2 msec 1 msec

2 10.178.99.7 2 msec

10.0.20.170 1 msec

10.1.180.50 1 msec

3 172.31.0.10 3 msec 2 msec 2 msec

4 172.31.0.9 1 msec 1 msec 1 msec

5 172.31.0.10 4 msec 2 msec 2 msec

6 172.31.0.9 1 msec 3 msec 2 msec

<... output omitted ...>

30 172.31.0.9 6 msec 6 msec 5 msec

At hop number 2, notice that there are three IP addresses. This happens when there are different
paths in the network that the probes can take to the destination. In Cisco routers, the traceroute
command by default sends three probes to each hop and each of the probes can take a different
path. At each hop, the round-trip time is also reported. At hop number 1, three values "1 msec 2
msec 1 msec" are displayed since three probes were sent by default.

C8000V-PEER#traceroute vrf CUST001 10.250.11.1 numeric probe 10 ttl 1 3 source Gi4.2001

Type escape sequence to abort.

Tracing the route to 10.250.11.1

VRF info: (vrf in name/id, vrf out name/id)

1 192.168.0.1 3 msec 1 msec 2 msec 1 msec 1 msec 2 msec 1 msec 2 msec 1 msec 1 msec

2 10.178.99.7 2 msec

10.0.20.170 1 msec 2 msec

10.1.180.50 1 msec
 10.178.99.7 2 msec 1 msec 2 msec

10.0.20.170 1 msec

10.1.180.50 1 msec

3 172.31.0.10 3 msec 2 msec 2 msec 1 msec 1 msec 2 msec 1 msec 2 msec 1 msec 1 msec

C8000V-PEER#

Traceroute also supports various options that you can use. Here is a breakdown of some of the more
common parameters that are used in the previous traceroute command:

vrf CUST001: Specifies the VRF instance CUST001 to be used as the source of the traceroute.

10.250.11.1: Determines the traceroute destination hostname or IP address. DNS must be configured
to resolve hostnames.

numeric: Prevents resolving IP addresses to hostnames, displaying raw IPs.

probe 10: Sends 10 probe packets for each hop instead of the default 3.

ttl 1 3: Sets the TTL range for the probes, starting from 1 and stopping at 3.

source Gi4.2001: Specifies the source interface (Gi4.2001) from which the packets are sent. Instead
of the interface, a valid IP address can also be specified.

Telnet

Telnet allows you to test application-layer reachability by attempting to establish a connection to a

specific port. This process allows you to verify if a service is accessible. For example, if a web page is
not responding, you can use telnet to connect to the server on port 80. This way you can identify
whether the issue lies with the web server or the network.

In the following example, telnet www.companytestsite.local 80 is used to test connectivity to the

web server at www.companytestsite.local on port 80 (standard HTTP port). The Open output displays
that the telnet command successfully connected to the server, meaning that port 80 is open and
accepting connections. Ctrl+C is used to close the opened connection.

C8000V-PEER#telnet www.companytestsite.local 80
Trying www.companytestsite.local (10.255.36.28, 80)... Open

^C

After successfully establishing a connection to the server, you can also manually send HTTP requests
to a web server to test its response. The server responds with an HTTP 200 OK status, indicating the
request was successfully processed, along with the content of the requested page. HTTP is not the
only supported protocol. You can use telnet to interact with other application-layer protocols, such as
FTP or SMTP.

C8000V-PEER#telnet www.companytestsite.local 80 /vrf CUST001 /source-interface Gi4.2001

Trying www.companytestsite.local (10.255.36.28, 80)... Open

GET /index.html HTTP/1.1

Host: www.companytestsite.local

HTTP/1.1 200 OK

Date: Mon, 11 Nov 2024 09:21:55 GMT

Content-Type: text/html

<... output omitted ...>

<html>

<head>

<title>test site URL</title>

</head>

<body>

<code>

<A
HREF="http://www.companytestsite.local/index.html">http://www.companytestsite.local/
index.html</A><br>

<br>

<... output omitted ...>

Note that just as the ping and traceroute commands used earlier, telnet also supports the /vrf
CUST001 option to set the VRF and the /source-interface Gi4.2001 option to set the source interface.
Netcat

Netcat is a powerful CLI tool for troubleshooting and testing network connectivity. It allows you to
create raw TCP or UDP connections, so you can test if a service is reachable or listening on a given
port. Also, netcat can be used for data transfer, port scanning, and even setting up simple server-
client communications, offering a high level of flexibility for network diagnostics.

Note

Netcat is usually used on Linux or other operating systems and is not natively supported on Cisco
platforms. Nevertheless, it can be used on Cisco devices using Guest Shell, Virtual Network Function
(VNF), or other solutions.

In the following example, the nc (netcat) command is used to test connectivity to the IP address
10.154.17.107 on port 22 (SSH). The output SSH-2.0-OpenSSH_7.4 indicates that the connection was
successful and the SSH service is running and responding. Ctrl+C is used to close the opened
connection.

[guestshell@C8000VCORE-guestshell ~]$ nc 10.154.17.107 22

SSH-2.0-OpenSSH_7.4

^C

[guestshell@C8000VCORE-guestshell ~]$

In the next example, netcat is used for port scanning by specifying a range of ports 21-23. By default,
netcat keeps the connection open, allowing for data to be sent and received over the specified port.
The -z (Zero Input/Output mode) switch, prevents the connection from staying open, making it
suitable for port scanning.

[guestshell@C8000VCORE-guestshell ~]$ nc -zv 10.154.17.107 21-23

nc: connect to 10.154.17.107 port 21 (tcp) failed: Connection timed out

Connection to 10.154.17.107 22 port [tcp/ssh] succeeded!

nc: connect to 10.154.17.107 port 23 (tcp) failed: Connection refused

[guestshell@C8000VCORE-guestshell ~]$

The -v (Verbose) switch enables detailed output, providing information about the connection
success, failure, or other states. In this case, the output displays a failure on port 21 with timeout
being the reason, a successful connection on port 22, and another failure on port 23 where the
destination device refused the connection.
Just as with telnet, you can use netcat to interact with other application-layer protocols. In the next
example, an HTTP request is manually sent after successfully establishing a connection to the server.
The server again responds with a status and the content of the requested page.

[guestshell@C8000VCORE-guestshell ~]$ nc www.companytestsite.local 80

GET /index.html HTTP/1.1

Host: www.companytestsite.local

HTTP/1.1 200 OK

Date: Mon, 11 Nov 2024 10:26:11 GMT

Content-Type: text/html

Content-Length: 28634

<... output omitted ...>

<html>

<head>

<title>test site URL</title>

</head>

<body>

<code>

<A
HREF="http://www.companytestsite.local/index.html">http://www.companytestsite.local/
index.html</A><br>

<br>

<... output omitted ...>

Answer

The correct answer is Netcat. This answer is correct because Netcat is a versatile tool that tests
TCP/UDP connectivity, scans ports, and can function as both a client and server. Ping is incorrect
because Ping is used for network connectivity verification, not for TCP/UDP testing or port scanning.
Traceroute is incorrect because Traceroute identifies the path packets take to a destination, not for
testing TCP/UDP connectivity. Telnet is incorrect because Telnet tests application-layer reachability
but is not typically used for port scanning.

Configuration Verification Commands

Here you will discover the basic commands for verifying and troubleshooting device configurations
and statuses. You will focus on the commands that provide visibility into the device configuration,
VLANs, MAC and Address Resolution Protocol (ARP) tables, routing tables, and devices discovered
using Cisco Discovery Protocol.

Configuration verification commands can be categorized as follows:

Running configuration and general commands: Commands to display the current configuration,
software version, and logs on the device.

Common Layer 2 verification commands: Commands to check the configuration and status of VLANs,
MAC address tables, and other Layer 2 attributes.

Common Layer 3 verification commands: Commands to verify IP interfaces, ARP bindings, and
routing tables.
Running Configuration and General Commands

The show running-config command provides a view of the current active configuration that is loaded
in the device's memory. It displays detailed settings for interfaces, routing protocols, access control
lists (ACLs), and other features, allowing you to quickly verify or debug configurations.

Inspecting the whole configuration every time you need to see a specific part can be cumbersome
and counterproductive. Some of the common options or output modifiers that allow for a more
granular usage of the show running-config command are the following:

show running-config: Displays the entire active configuration currently running on the device,
including all interfaces, protocols, and services.

show running-config ?: Shows the available options or keywords that can be used with the show
running-config command, such as filtering for specific parts.

show running-config interface GigabitEthernet4.2001: Displays the complete configuration specific to

the GigabitEthernet4.2001 interface, including its IP address, encapsulation type, and any applied
features, such as ACLs or quality of service (QoS).

show running-config | include GigabitEthernet4.2001: Filters the running configuration to display

only the lines that contain the exact keyword GigabitEthernet4.2001, which is useful for identifying
references to the interface in the configuration.

show running-config | begin GigabitEthernet4.2001: Displays the running configuration starting from
the first occurrence of GigabitEthernet4.2001, showing all subsequent lines from that point onward.

show running-config | section route-map: Displays the specific sections of the running configuration
that are related to the route-map configurations, including all lines grouped under each of the
sections.

The show version command provides a general overview of the device information and status. It
displays the software version, system uptime, hardware model, serial number, processor type, and
memory allocation. It also displays the status of licensing, including the standard or smart license
type, the currently active license, and the throughput.

C8000V-PEER#show version

Cisco IOS XE Software, Version 17.09.04a

Cisco IOS Software [Cupertino], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version
17.9.4a, RELEASE SOFTWARE (fc3)

<... output omitted ...>

C8000V-PEER uptime is 3 weeks, 6 days, 1 hour, 12 minutes

<... output omitted ...>

License Level: network-advantage

License Type: Perpetual

<... output omitted ...>

Addon License Level: dna-advantage

Addon License Type: Subscription

<... output omitted ...>

The current throughput level is T1 (200000 kbps)

Smart Licensing Status: Smart Licensing Using Policy

cisco C8000V (VXE) processor (revision VXE) with 1983386K/3075K bytes of memory.

Processor board ID 82PSA22G6H7

<... output omitted ...>

3965108K bytes of physical memory.

<... output omitted ...>

The show log command is used to display system log messages (syslog). These messages include
system events, errors, warnings, and notifications that the device generates. It can be used for
identifying trends or recurring issues over time, as the logs include timestamps and severity levels for
each entry. Output modifiers such as | include and | begin can be useful to limit the output to just
the relevant messages.

C8000V-PEER#show log | include networkadmin

Nov 11 14:30:01.226: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: networkadmin] [Source:

10.30.0.9] [localport: 22] at 15:30:01 CET Mon Nov 11 2024

Nov 11 18:36:10.429: %SYS-6-LOGOUT: User networkadmin has exited tty session 435(10.30.0.9)

Common Layer 2 Verification Commands

The show vlan command is used to display the configured or learned VLANs and their state.
CAT9000V-DC1#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi1/0/5, Gi1/0/6

100 VoIP active

201 CUST001 active Gi1/0/1

202 CUST002 suspended Gi1/0/2

The output of the show vlan command contains the following:

VLAN ID: The VLANs dot1q tag.

VLAN Name: A descriptive name for the VLAN.

Status: The operational state of the VLAN such as active, suspended, shutdown.

Ports: The interfaces to which the VLAN is assigned.

The show mac address-table command displays the table of MAC addresses on the device. You can
use show mac address-table vlan 100 to display only the MAC address table for VLAN 100 or use
show mac address-table interface Gi1/0/4 to only display MAC addresses received on a particular
interface.

CAT9000V-DC1#show mac address-table vlan 100

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

100 0845.d1a7.7c41 DYNAMIC Gi1/0/1

100 10f9.2049.bfec DYNAMIC Gi1/0/3

100 10f9.2094.013c DYNAMIC Gi1/0/4

100 10f9.2094.090c DYNAMIC Gi1/0/7

<... output omitted ...>

Total Mac Addresses for this criterion: 27

CAT9000V-DC1#

The output of the show mac address-table command contains the following:

Vlan: The VLAN ID associated with the MAC address.

Mac Address: Displays the MAC address in the hexadecimal-dot notation.

Type: Indicates whether the MAC address was dynamically learned or statically configured.

Ports: Specifies the port where the MAC address was learned.

The show spanning-tree command provides information about the Spanning Tree Protocol (STP)
configuration and its status on the device. Without specifying a VLAN, the output for all VLANs on
the device is displayed. For each VLAN, the command displays whether STP is enabled and the exact
protocol being used, for example Rapid Spanning Tree Protocol (RSTP). It identifies the Root Bridge
by showing its priority, MAC address, and associated timers. It also states if the current device is the
root bridge.

The output lists all interfaces that are associated with the VLAN, detailing their roles (Designated,
Root), states (Forwarding, Blocking), costs, and additional attributes such as priority and type. You
can specify a VLAN using show spanning-tree vlan 201 to only retrieve details for this VLAN, which
can be seen it the following example:

CAT9000V-DC1#show spanning-tree vlan 201

VLAN0201

Spanning tree enabled protocol rstp

Root ID Priority 32969

Address 5254.001a.da47

This bridge is the root

 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32969 (priority 32768 sys-id-ext 201)

Address 5254.001a.da47

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/0/1 Desg FWD 4 128.1 P2p

Another useful command is show cdp neighbors, which provides information about directly
connected devices using the Cisco Discovery Protocol. With this command, you can verify network
topology, and identify and troubleshoot connectivity issues by showing how the devices are
interconnected.

C8000V-LAB-GW#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

C1000-LAB-SW1 Eth1/1 164 RSI C1000-48P-4X- Ten1/0/1

C1000-LAB-SW2 Eth1/2 167 RSI C1000-48T-4X- Ten1/0/1

N9K-DCCORE1 Eth1/43 167 RSIS N9K-C93180YC- Eth1/23

N9K-DCCORE2 Eth1/44 174 RSIS N9K-C93180YC- Eth1/24

Total cdp entries displayed : 3

The output of the show cdp neighbors command contains the following:

Device-ID: Displays the hostname or unique identifier of the adjacent device.

Local Intrfce: Shows the local interface on this device, which connects to the neighbor.
Hldtme: Indicates the remaining time (in seconds) before the neighbor entry is removed if no Cisco
Discovery Protocol packets are received.

Capability: Lists the capabilities of the neighbor, such as Router (R) or Switch (S).

Port ID: Displays the interface on the neighboring device that connects to this device.

You can use the show cdp neighbors GigabitEthernet1 detail command to specify a single interface
for which you want the output. The detail option provides additional information in the output such
as the neighbors software version, and the IP and MAC address.

Common Layer 3 Verification Commands

The show ip interface brief command is used to quickly verify the status and configuration of
interfaces on a Cisco device. It provides a summary of each interface, including its IP address if
configured, operational status, and line protocol state. It is especially useful for troubleshooting
connectivity issues, identifying inactive or misconfigured interfaces, and confirming the basic setup
of Layer 3 interfaces.

C8000V-PEER#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet1 10.255.215.101 YES NVRAM up up

GigabitEthernet2 10.154.2.1 YES NVRAM down down

GigabitEthernet3 unassigned YES NVRAM up up

GigabitEthernet3.901 10.254.1.1 YES NVRAM up up

GigabitEthernet3.901 10.254.2.1 YES manual administratively down down

<... output omitted ...>

The show arp command is used to display the ARP table on a device, which maps IP addresses to
their MAC addresses. You can use it for troubleshooting Layer 2 and Layer 3 connectivity issues. This
command verifies whether the device has successfully resolved and cached the hardware addresses
of connected devices.

C8000V-CORE#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.255.215.99 0 0050.5684.e82c ARPA GigabitEthernet1

Internet 10.255.215.100 3 0050.5684.a491 ARPA GigabitEthernet1

Internet 10.255.215.101 - 0050.56a3.8a07 ARPA GigabitEthernet1

Internet 10.154.3.1 - 0050.56a3.62d3 ARPA GigabitEthernet3.2100

Internet 10.154.3.17 119 0050.56a3.cf84 ARPA GigabitEthernet3.2100

Internet 10.154.3.201 81 0050.56a3.9241 ARPA GigabitEthernet3.2100

<... output omitted ...>

The output of the show arp command contains the following:

Protocol: Indicates the network protocol; in this example, Internet for IPv4.

Address: Shows the resolved IP address of the device.

Age (min): Displays how long the ARP entry has been in the table (in minutes). The - character means
static; in this case, the local interface.

Hardware Addr: Shows the MAC address that is associated with the IP address.

Type: Indicates the encapsulation type that is used; in this example, Address Resolution Protocol
Adapter (ARPA) for Ethernet.

Interface: Specifies the local interface through which the IP address is reachable.

When troubleshooting network connectivity issues, the show ip route command is one of the most
important and frequently used commands. It displays the device routing table, showing the learned
routes and their sources. For example, these sources can include connected, static, or dynamic
protocols such as Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol
(EIGRP). The output also provides next-hop information.

The show ip route command helps network engineers verify how the device forwards traffic, check
missing or incorrect routes, and understand the path that a packet will take through the network. By
analyzing the routing table, engineers can quickly diagnose and resolve reachability problems in
Layer 3 networks.
C8000V-CORE#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

<... output omitted ...>

Gateway of last resort is 10.255.215.126 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.255.215.126, GigabitEthernet1

10.0.0.0/8 is variably subnetted, 63 subnets, 8 masks

C 10.0.3.252/30 is directly connected, GigabitEthernet4.2107

L 10.0.3.254/32 is directly connected, GigabitEthernet4.2107

O 10.1.2.0/16 [110/2] via 172.16.100.2, 00:12:39, GigabitEthernet5

O 10.2.2.2/32 [110/2] via 172.16.20.2, 05:03:48, GigabitEthernet6

B 10.9.0.0/24 [20/0] via 172.16.2.1, 00:00:15

B 10.9.1.0/24 [20/0] via 172.16.2.1, 00:00:15

<... output omitted ...>

The following list provides the breakdown of the show ip route output:

Protocol: The code at the beginning of each route indicates how the route was learned. Some of the
common codes are as follows:

S = static routes

C = directly connected networks

L = local interfaces

O = OSPF-learned routes

B = Border Gateway Protocol (BGP)-learned routes

Route: The IP address and subnet mask of the destination.

Next-Hop: The IP address following via is the next-hop router that is used to reach the destination.

[AD/Metric]: The values in brackets, for example [110/2], represent the Administrative Distance (AD)
and Metric.

Interface: Depending on the protocol, the interface, for example GigabitEthernet5, specifies the local
interface through which the destination is reachable.

Timers: Depending on the protocol, the time, for example 00:12:39, shows how long ago the route
was last updated.

Answer

The correct answer is show mac address-table vlan 100. This answer is correct because this
command specifically displays the MAC address table for VLAN 100. The show vlan option is incorrect
because it displays the configured or learned VLANs and their state, not the MAC address table. The
show arp option is incorrect because it displays the ARP table, mapping IP addresses to MAC
addresses. The show spanning-tree vlan 100 option is also incorrect, because it provides information
about the STP configuration for VLAN 100.

Troubleshoot Common Network Issues

Identify the Issue

The users are reporting that they cannot reach the web application. The
first step is to verify the issue yourself. One way to do this is by attempting
to connect to the HTTPS server using Netcat. This will help confirm
whether the server is reachable and if the issue lies with the network or the
application.
Step 1
Show Me
Access the Cisco Modeling Labs (CML) WebUI. To access the Cisco
Modeling Labs running in your lab environment, open a web browser on
your student PC and navigate to https://10.1.1.20 or click the Cisco
Modeling Labs bookmark.
Step 2
Show Me
Log in to access the main dashboard.

Use the following credentials:

 Username: student
 Password: 1234QWer
Step 3
Show Me
Click the Troubleshooting Common Issues topology to open it.
Step 4
Show Me
Check all devices in the topology and ensure they have fully booted before
proceeding with the lab steps or accessing the console. Attempting to
interact with a device that has not fully booted may interrupt the boot
process. Wait for a green checkmark to appear next to each node,
indicating that it is ready.
Step 5
Show Me
To verify the network issue, you will try to connect to the HTTPS server
from PC1. First, open the console of PC1 by right-clicking the node and
choosing Console.
Step 6
Show Me
In the pane at the bottom, click the OPEN CONSOLE button.
Step 7
Log in using the following credentials.
 Username: cisco
 Password: cisco
Step 8
Show Me
Use Netcat to attempt a connection to the server's (192.168.2.10) HTTPS
port (443).
Step 9
Show Me
Before assuming the issue is with the network, verify the configuration of
the end devices involved. First, check the IP configuration on the PC1.
Step 10
Show Me
Open the console on the HTTPS server and verify its IP configuration with
the ip address command.

Verify Layer 2 Connectivity

There is no universal troubleshooting guide that applies to every situation.

Sometimes, you might immediately identify a specific issue, while other
times, you will need to systematically eliminate potential causes. A
common and effective approach is to verify the functionality of each layer of
the network stack until you pinpoint the problem.

In this task, you will verify the Layer 2 functionality.

Step 11
Show Me
Open the console of the Switch node and enter the privileged EXEC mode.
Step 12
Show Me
Check the status of the switch interfaces with the show interfaces
status command.
Step 13
Show Me
Verify the VLAN settings using the show vlan brief command to ensure they
are configured as expected.
Step 14
Show Me
Check the speed and duplex settings on the link between the router and
the switch. Start by checking it on the GigabitEthernet 0/2 interface on the
switch.
Step 15
Show Me
Now access the console of Router1 and check the same settings on its
GigabitEthernet 1 interface.
Step 16
Show Me
Up to this point, no issues have been identified. To eliminate any doubt
about the connections in this network, confirm that the switch is actually
connected to the GigabitEthernet1 interface on the router using Cisco
Discovery Protocol. Use the show cdp neighbors command on the switch to
confirm that its GigabitEthernet0/2 interface is connected to the
GigabitEthernet1 interface on the router.
Step 17
Show Me
At this point, Layer 2 appears to be working fine. To confirm, test the
connectivity within the 192.168.1.0/24 network by pinging the default
gateway (Router 1) from PC1.
Step 18
Show Me
Sometimes, you might feel confident there are no issues within the local
network, so you test the ping directly. If it works, you can move on to
checking Layer 3 connectivity between different networks and investigate
potential routing problems.

In this case, let’s test the connectivity in the other network (192.168.2.0)
without first checking for potential issues. From the HTTPS server, try
pinging its default gateway (Router1's GigabitEthernet2 interface) to see if
it can reach it.

Verify Layer 3 Connectivity

In the previous task, you checked for potential issues at Layer 2 and
confirmed the connectivity in both local networks. Now, it is time to move to
Layer 3 to identify any potential issues and verify the connectivity between
the 192.168.1.0 and 192.168.2.0 networks.
Step 19
Show Me
In this task, you will try to eliminate some common issues on Layer 3 by
checking the configuration on the router. First, open the console on the
router again and make sure that you are in the privileged EXEC mode.
Step 20
Show Me
One of the most useful commands for verifying the interface status on
Cisco routers is show ip interface brief. This command provides a quick
overview of all interfaces, showing their IP addresses and operational
status. Use the command to verify the state of the interfaces on your
Router.
Step 21
Show Me
Check the routing table with the show ip route command.
Step 22
Show Me
The router's configuration appears to be correct, and there are no obvious
issues preventing Layer 3 connectivity. Test the connectivity between the
networks by pinging the router's GigabitEthernet 2 interface from PC1.
Step 23
Show Me
You have confirmed that the routing is working and there is connectivity
between the two local networks. Now, let’s try pinging the HTTPS server
(192.168.2.10) from PC1.

Verify Layer 4 Connectivity

You have now verified Layer 3 connectivity to the HTTPS server by

successfully pinging it. In this task, you will check if the issue is at Layer 4,
related to specific ports and protocols, or confirm that the network is
functioning properly, and you can escalate the issue to the developers.
Step 24
Show Me
In the first task, you confirmed that you cannot access port 443 on the
server using Netcat. Now that you have confirmed Layer 3 connectivity, you
can test that again to confirm that it was not a temporary network issue.
Step 25
Show Me
Verify if the server is actively listening on port 443 by running the ss -
tuln command on the server.
Step 26
Show Me
Since the server is actively listening on both HTTP (port 80) and HTTPS
(port 443), you can now test connectivity to port 80 to see if that will work.

Go back to PC1 and try to connect to port 80 using Netcat.

Step 27
Show Me
At this point, you have verified that you have connectivity between the two
networks and that you can even successfully access the server on port 80.
This strongly suggests that something is preventing the traffic, specifically
for port 443. One likely cause of this behavior could be an ACL on the
router. It is possible that when a new access list was applied to the router
interface, someone forgot to permit HTTPS traffic.

Check the access lists on the router using the show ip access-
lists command.
Step 28
Show Me
Add a rule to permit HTTPS traffic to the server_access access list.
Step 29
Show Me
Check the ACL again and make sure that HTTPS traffic is now permitted.
Step 30
Show Me
Test HTTPS connectivity from PC1 to the server to verify that the issue is
resolved. Again, use Netcat to test connectivity to port 443 on the server.
Answer

The correct answer is A misconfigured ACL. This answer is correct because an ACL could block
specific traffic, such as HTTPS, even if ICMP (ping) traffic is permitted. The A VLAN mismatch option is
incorrect because it would affect Layer 2 connectivity, not specific port access. The A routing problem
option is incorrect since routing issues would prevent pings. Lastly, the A failed network cable option
is incorrect because it would result in no connectivity at all.

Packet Capturing Tools Overview

Cisco platforms provide several tools for capturing and analyzing network traffic, including Embedded
Packet Capture (EPC) and Switched Port Analyzer (SPAN). EPC captures packets directly on devices,
enabling filtered, localized troubleshooting, while SPAN mirrors traffic for external analysis, with
advanced options such as Remote Switched Port Analyzer (RSPAN) and Encapsulated Remote
Switched Port Analyzer (ERSPAN) for remote monitoring. These tools, along with applications such as
Wireshark and tcpdump, and integrated solutions in Cisco Modeling Labs, support detailed traffic
analysis, protocol inspection, and network troubleshooting across various environments.

The following tools and solutions help you capture and analyze network traffic:

EPC and SPAN: Traffic analysis tools that are supported by Cisco platforms. EPC captures packets
directly on the device, and SPAN mirrors traffic to a dedicated interface.

Wireshark: GUI application for capturing and analyzing traffic.

tcpdump: CLI application for UNIX-based systems that captures traffic on interfaces.
Cisco Modeling Labs: Provides virtual packet capture, enabling real-time analysis and .pcap exports.

Embedded Packet Capture and Switched Port Analyzer

Cisco platforms offer two primary methods for capturing and analyzing network traffic: EPC and
SPAN. Both methods are supported across Cisco IOS XE, IOS XR, and NX-OS, but some limitations may
apply depending on the specific hardware and software configurations.

EPC is a built-in feature that is designed to capture packets directly on the device. It allows control
over what traffic is captured through filtering options such as IP addresses, protocols, or ports. It can
operate on ingress, egress, or bidirectional traffic and stores captured packets in the device's buffers.
You can then export these packets in the .pcap format for offline analysis using tools such as
Wireshark.

The key advantage of EPC is that it does not require additional hardware or external tools for real-
time capture. However, it comes with limitations, particularly on platforms with limited processing or
memory resources. Capturing high volumes of traffic can impact device performance, and certain
hardware acceleration features, such as offloaded forwarding, may bypass EPC, leading to
incomplete captures. It is also not optimized for deep packet inspection and not suitable for long-
term captures on high-throughput networks.

C8000V-PEER#monitor capture CAPTURE1 interface Gi3 both

C8000V-PEER#monitor capture CAPTURE1 match ipv4 any any

C8000V-PEER#monitor capture CAPTURE1 start

Started capture point : CAPTURE1

C8000V-PEER#
C8000V-PEER#monitor capture CAPTURE1 stop

Stopped capture point : CAPTURE1

The monitor capture CAPTURE1 match ipv4 any any command specifies a filter for the capture,
allowing to capture all IPv4 packets regardless of their source or destination IP addresses. The start
and stop commands initiate and halt the packet capture process using the specified capture
parameters.

C8000V-PEER#monitor capture CAPTURE1 export flash://capture1.pcap

The capture is stored in a buffer and can be saved to a .pcap file to the devices file system using the
monitor capture CAPTURE1 export flash://capture1.pcap command.

SPAN is used to mirror traffic from one or more source interfaces, VLANs, or EtherChannels to a
dedicated destination interface. This mirrored traffic is sent to an external analyzer, such as a host
with Wireshark or tcpdump or a hardware-based packet capture solution. Unlike EPC, SPAN is
particularly well suited for high-throughput environments where real-time traffic analysis is required.

There are three types of SPAN:

SPAN: Mirrors traffic from one or more local source interfaces or VLANs to a local destination
interface for analysis. Both source and destination are on the same device.

RSPAN: Extends SPAN by mirroring traffic across multiple devices within the same Layer 2 domain
using a dedicated VLAN to carry the mirrored traffic to a remote destination.

ERSPAN: Sends mirrored traffic over a Layer 3 network by encapsulating it in Generic Routing
Encapsulation (GRE) packets.

Wireshark

Wireshark is an open-source network protocol analyzer that is widely used for packet inspection and
troubleshooting in networking environments. It features a GUI and is available on multiple platforms
including Windows, macOS, and Linux.

You can use Wireshark to collect packets on a network interface that is mirrored to your device using
SPAN in real time, or analyze .pcap files captured with EPC on your network devices. Besides .pcap, it
also supports a range or other widely adopted capture file formats. Wireshark provides a detailed
view of the captured packets, displaying fields such as source and destination addresses, protocol
information, packet contents, and timestamps.

It features two types of filters that simplify the process of narrowing down specific packets, traffic
patterns or events of interest:

Capture Filters: Applied before packet capture begins, these filters limit the traffic that is collected by
specifying criteria such as IP addresses, ports, or protocols. For example, tcp port 80 captures only
HTTP traffic.

Display Filters: Used after packet capture, these filters refine the view of captured data to focus on
specific packets of interest. For instance, ip.src == 10.129.0.1 shows only packets originating from a
specific IP address.

Wireshark can also identify and follow various types of sessions or streams in a packet capture,
including TCP, UDP, and other transport-layer protocols. It enables users to reconstruct and analyze
individual connections, such as HTTP sessions, VoIP calls, or file transfers, by tracking packet
sequences within a specific stream.

The image shows a Wireshark capture session using a display filter to only show packets originating
from IPs 10.247.1.6 or 10.30.0.18.
The pane at the top is the Packet List and displays all the packets matching the display filter. The pane
at the bottom is called the Packet Details and displays the content of the packet that is selected in
the Packet List.

Tcpdump

Tcpdump is a command-line packet capture tool that is widely used in UNIX-based systems for
capturing and analyzing network traffic. It captures packets directly from network interfaces and
displays them in real time or saves them to a file for offline analysis. It provides insights into packet
headers, allowing you to filter and inspect specific traffic based on IP addresses, ports, protocols, or
other criteria.

When capturing data with tcpdump, you can apply complex filters using expressions, such as
capturing only TCP packets to or from a specific IP address, or using a specific port or protocol.
Captured data can be output in a readable format or saved in .pcap files, which you can later analyze
using Wireshark or other tools.

Since tcpdump is a command-line tool it can be integrated with other command-line tools and used
in automation or programmability workflows, such as with Python scripts. For example, Python can
invoke tcpdump using libraries like subprocess to run capture commands and process the output.
This integration allows tcpdump to be automated for tasks such as capturing packets during specific
events, monitoring traffic patterns, or triggering alerts based on real-time analysis.

The captured .pcap files that are generated by tcpdump can be analyzed using Python libraries such
as scapy or pyshark, enabling deeper inspection, custom parsing, or report generation. These use
cases make tcpdump highly versatile in environments where automated network monitoring or
troubleshooting is required. For instance, it can be part of an orchestration script that captures
packets during test runs in CI/CD pipelines or used in security tools to detect anomalies in real-time.

In the following example, tcpdump is used to capture Virtual Network Computing (VNC) traffic on
port 5901 from the ens192 interface, displaying the details in the CLI.

[netadmin@capture-server ~]$ sudo tcpdump -i ens192 -v -c 3 -n port 5901

tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes

10:19:55.418186 IP (tos 0x0, ttl 62, id 27503, offset 0, flags [DF], proto TCP (6), length 60)

10.154.2.11.35418 > 10.154.17.151.5901: Flags [P.], cksum 0xc963 (correct), seq

3320954371:3320954379, ack 3495073690, win 2437, options [nop,nop,TS val 3049223670 ecr
3994931394], length 8
10:19:55.418256 IP (tos 0x0, ttl 64, id 2911, offset 0, flags [DF], proto TCP (6), length 52)

10.154.17.151.5901 > 10.154.2.11.35418: Flags [.], cksum 0x28fc (incorrect -> 0xd4dc), ack 8, win
242, options [nop,nop,TS val 3994931442 ecr 3049223670], length 0

10:19:55.438349 IP (tos 0x0, ttl 64, id 2912, offset 0, flags [DF], proto TCP (6), length 5844)

10.154.17.151.5901 > 10.154.2.11.35418: Flags [.], cksum 0x3f9c (incorrect -> 0xf832), seq 1:5793,
ack 8, win 242, options [nop,nop,TS val 3994931462 ecr 3049223670], length 5792

3 packets captured

3 packets received by filter

0 packets dropped by kernel

[netadmin@capture-server ~]$

A breakdown of the options used in the command above is the following:

-i ens192: Specifies the network interface ens192 for capturing packets.

-v: Increases the verbosity of the output, displaying more packet details.

-c 3: Captures only 3 packets before stopping.

-n: Disables DNS resolution, showing IP addresses instead of hostnames.

port 5901: Filters traffic to capture only packets using port 5901, commonly associated with VNC.

In the next example, -w http_https_traffic.pcap is used to save the tcpdump capture into a .pcap file.
The port 80 or port 443 filter is used to only capture HTTP or HTTPS traffic.

[netadmin@capture-server ~]$ sudo tcpdump -i ens192 -v -c 5 -n port 80 or port 443 -w

http_https_traffic.pcap

tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes

5 packets captured

8 packets received by filter

0 packets dropped by kernel

[netadmin@capture-server ~]$
The .pcap file can be read using tcpdump by using the -r http_https_traffic.pcap option. The -n option
is used again, to prevent IPs from being resolved into hostnames in the output.

[netadmin@capture-server ~]$ sudo tcpdump -r http_https_traffic.pcap -n

reading from file http_https_traffic.pcap, link-type EN10MB (Ethernet)

10:35:14.632105 IP 10.154.17.151.33518 > 10.247.136.90.http: Flags [.], ack 2754865775, win 284,
options [nop,nop,TS val 3995850656 ecr 2297103270], length 0

10:35:14.633270 IP 10.247.136.90.http > 10.154.17.151.33518: Flags [.], ack 1, win 501, options
[nop,nop,TS val 2297113287 ecr 3995820623], length 0

10:35:14.760061 IP 10.154.17.151.41148 > 10.247.136.72.http: Flags [.], ack 4154111255, win 256,
options [nop,nop,TS val 3995850784 ecr 3117650377], length 0

10:35:14.760730 IP 10.247.136.72.http > 10.154.17.151.41148: Flags [.], ack 1, win 503, options
[nop,nop,TS val 3117660393 ecr 3995820736], length 0

10:35:16.872027 IP 10.154.17.151.37726 > 34.107.221.82.http: Flags [.], ack 3825255409, win 245,
options [nop,nop,TS val 3995852896 ecr 4083907840], length 0

[netadmin@capture-server ~]$

Capturing packets in Cisco Modeling Labs

In Cisco Modeling Labs, packet capturing is a feature that allows you to analyze network traffic within
virtual network topologies. It enables you to capture traffic flowing between virtual devices, such as
routers, switches, and end hosts, directly from the virtual environment. This capability is particularly
useful for testing, troubleshooting, or studying protocol behavior in controlled network scenarios.

The captured data can be viewed in Cisco Modeling Labs in real time or saved as a .pcap file for
offline analysis. The integration of packet capture within Cisco Modeling Labs eliminates the need for
external device, mirroring, or complex configurations. As a result, you can easily observe traffic
patterns, debug configurations, or test new network designs in a controlled simulated environment.

To access the packet capture feature in Cisco Modeling Labs, right-click a link between nodes in your
topology and select Packet Capture from the drop-down menu.
In the newly opened Packet Capture pane, you will find the following:

Start/Stop button: Start or stop the packet capture.

Clear button: Clear any previously captured packets.

Download button: Download any previously captured packets in a .pcap format file.

Settings button: Configure additional packet capture options such as the maximum number of
captured packets or use predefined Berkeley Packet Filters (BPF).

Search field: Filter the displayed packets.

Packet List: Observe any captured packets in real time.

Answer

The correct answer is RSPAN. This answer is correct because RSPAN uses a dedicated VLAN to mirror
traffic across multiple devices within the same Layer 2 domain. The SPAN option is incorrect because
SPAN mirrors traffic to a local destination interface, not across multiple devices. The ERSPAN option is
incorrect because ERSPAN encapsulates mirrored traffic for transport over a Layer 3 network, not a
VLAN. The EPC option is incorrect because EPC is a localized packet capture tool, not related to
mirroring traffic.

Cisco Support Page Overview

Here you will explore the Cisco Support Page, how to navigate it, what you can find on it and how it
may help you discover and use different support-related resources.

Highlights of the Cisco Support Page:

Cisco Communities: Forums, blogs and other platforms for discussions, knowledge sharing, and
support.

My Notifications: A customizable alert system for updates on Cisco products, software, and critical
advisories.

Bug Search Tool: A tool to find and track known software bugs for Cisco products.
My Devices: Warranty, service contracts, and lifecycle information on your devices.

Licenses: A section for managing product licensing, including standard and Smart Licensing.

Software Download: A portal to access firmware, software updates, and patches for Cisco devices.

Cisco Support Assistant: A self-service tool for basic troubleshooting and managing support cases.

The Cisco Support Page

The Cisco Support Page is an online hub that is designed to assist you with product support,
troubleshooting, and software downloads. It acts as a central point providing you with access to tools
such as licensing management, software updates, bug search, and security advisories. The Cisco
Support Page also connects you to Cisco communities, documentation, and TAC. The following image
shows an example of the Cisco Support Page.

Cisco Communities is a collection of interactive platforms where you can engage with your peers,
Cisco experts, and industry partners. It offers forums, blogs, and events covering a wide range of
topics from technical support to best practices in network design. Participating in the communities
allows for knowledge sharing, problem solving, and staying updated on the latest industry trends.

My Notifications is a personalized feature on the Cisco Support Page that allows you to create custom
subscriptions for Cisco products, series, or software. You can receive email alerts or consume Routing
Service Set (RSS) feeds when new announcements are released for Cisco security advisories, field
notices, end of sale/support announcements, software updates, and updates to known bugs.

The Bug Search Tool is a great tool for identifying known software issues within Cisco products. It
allows you to search for bugs by product, software release, or keyword, providing detailed
information such as symptom descriptions, workarounds, and fixed software versions. Using it helps
you troubleshoot issues and plan software upgrades.

My Devices is a dashboard that provides an overview of your Cisco devices. You can add devices
manually or by importing a .csv file. Once the devices are added to this dashboard, you can track
device details such as serial numbers, warranty status, service contracts, and lifecycle information.

The Licenses portal facilitates the management of your standard and smart software licenses. It
allows you to activate new licenses, manage existing ones, and access tools for license registration
and transfer.

There are two types of licenses:

Cisco Standard Licenses: Traditional licensing model where licenses are manually managed and tied
to individual devices.

Cisco Smart Licenses: A centralized licensing system that automates license activation and
management across your Cisco products.

The Software Download section offers access to the latest Cisco software, firmware, and utilities
necessary for your network and other devices. Here, you can find operating system updates, patches,
and tools. Downloads are categorized by product families, and you can use the search function to
find the correct files for your device. Access to software requires a valid service contract or
entitlement.

Cisco Support Assistant is an interactive support tool that is designed to simplify your support
experience. The tool offers features such as automated troubleshooting, personalized
recommendations, and easy access to support cases and documentation. It can be interacted with
directly through the web browser or Webex App.
Cisco Support Assistant Extension is the first Cisco Secure Development Lifecycle approved extension,
which is publicly available in the Chrome store. The browser extension allows for direct interaction
with Cisco TAC in supported Cisco products and portals.
Answer

The correct answer is to find and track known software bugs in Cisco products. This answer is correct
because the Bug Search Tool is specifically designed to identify and track known software bugs within
Cisco products. The to update the firmware of Cisco devices option is incorrect because firmware
updates are not the tool's primary function. The to manage Cisco product licensing option is
incorrect because the tool does not handle licensing, and to connect with Cisco experts for live
support is incorrect because the tool is not for live support interactions.

Working with Cisco Technical Assistance

Center
Cisco Support Case Manager is a platform to create, track, and manage TAC cases. To open a TAC
case, you need to do the following:

Verify the entitlement by entering a product serial number or service agreement details.

Select the request type and severity.

Provide a clear title and a detailed description of the issue, including logs, configs, and relevant
attachments.

To manage a TAC case, use the Cisco Support Assistant. This tool allows you to perform actions such
as adding notes, requesting updates, raising severity, or escalating the case.
Cisco Support Case Manager

Cisco Support Case Manager provides an interface for creating, managing, and tracking TAC:

List all TAC cases opened by you or individuals associated with the same contract numbers.

Apply different filters to narrow down the listed cases.

Sort the listed TAC cases by the following criteria:

Creation date

Severity

Status

Other properties

Opening a TAC Case

You can Open a TAC Case through the Support Case Manager or from other resources within the
Cisco array of support pages.
The first step when opening a TAC case is the entitlement check. It ensures that the product for
which you are opening the case is covered under a valid service agreement or warranty. You can
verify the entitlement by entering the product serial number or finding the product by service
agreement using different search criteria.

In this step, you must also select the Request Type to specify the nature of the support request.
Choose between Diagnose and Fix, for technical issues that require troubleshooting and resolution.
You can also request the Return Materials Authorization (RMA) for cases involving hardware
replacement under warranty or support contracts and "Ask a Question" if you have general inquiries
or need clarifications.
After passing the entitlement check, it's time to describe the issue that
you're trying to address with the case. First, to set the case severity,
consider the following:

Next, provide a clear and concise title that accurately summarizes the issue. The title should be brief
yet descriptive, allowing support engineers to quickly understand the nature of the problem. For the
description, include all relevant details necessary for diagnosing the issue, such as the symptoms,
impacted systems, environment setup, and steps to reproduce the problem. The description also
supports attachments, so it is highly recommended to upload relevant log or debug files,
screenshots, configuration snippets, or any other documentation that can provide additional context.

Note

For best practices, Cisco encourages users to include as much technical detail as possible to help
engineers quickly identify and address the root cause of the issue.

Then comes the Technology and Problem Area selection, which allows you to categorize your case.
The technology selection is automated. However, if it fails, you can manually set the technology
branch that the product—for which you are opening the case—is related to. After choosing the
technology, you can also select the problem area from predefined fields such as configuration,
installation, and upgrade. This categorization helps Cisco assign the most suitable engineers to your
case.

Before opening the case, there is some additional information that you can fill in in the Contact
Information and Preferences section to customize how TAC engineers respond to the case. You can
choose your preferred communication method such as phone or email and provide the
corresponding contact details. You can specify business hours to ensure that communication aligns
with working times. Case notifications can also be toggled on or off, and additional stakeholders can
be added through carbon copy (CC) recipients to ensure that everyone involved stays updated on the
case status.

Managing your TAC case

Once your TAC case is open, you can easily manage it by contacting the Cisco Support Assistant. This
chat-bot-like tool that is accessible directly from your TAC case, the Support Case Manager, and other
Cisco support related portals. You can identify the Cisco Support Assistant by its distinct icon.
You can interact with the Cisco Support Assistant by entering messages or by choosing the provided
options regarding your TAC case. You can also easily perform actions, for example add notes to your
case, request updates regarding its status, raise the case severity, and escalate the case. The history
of all actions related to your case will be visible in the case notes.
Answer

The correct answer is Diagnose and Fix. This option is for technical issues requiring troubleshooting
and resolution. Ask a Question is for general inquiries, RMA is for hardware replacement, and
Request Information is not a valid request type mentioned in the process.

Cisco Bug Search Tool Overview

The Cisco Bug Search Tool is intended for identifying, analyzing, and documenting bugs in the Cisco
software and hardware. There are two pages that you can consult:

Bug Search Page: Offers different options to search for documented bugs.

Bug Information Page: Consists of an individual page that describes a bug.

Bug Search Page

The Cisco Bug Search Tool provides three main methods to help you efficiently find bugs:

Keyword Search: Allows you to search using Bug ID or any other keyword that appears in the bugs
headline, description, and other key bug data elements. You can use multiple keywords and syntax,
such as using quotes for exact matches. A good approach would be to copy a suspicious log message
into this search field.
Product-Based Search: Enables you to search for bugs that are associated with a specific product
Series/Model or Product ID. This search can be particularly useful because certain bugs may affect all
models within a series.

Release Version Search: Lets you find bugs that are related to a software version. This method can be
particularly useful if you want to make sure that the software version you plan to upgrade your
device to, does not have a critical bug.

You can also save a search in case you need it later. The saved searches appear in the pane on the
right of the search fields.

After a successful search, the matching bugs will be listed below the search form. The search results
can be filtered using several criteria such as severity or status. You can also sort them, so the most
recent bugs are displayed first. Each bug on the list will be presented with some basic information
such as the bug ID, name, and a part of the bug description. Hover over a search result and a new
pane will appear showing more bug details. Click a bug and you will be redirected to the bug
information page.

Bug Information Page

The Bug Information Page provides a complete view of the bug, which is organized into five main
sections: the Bug Headline, Description, Details, Related Bugs, and Community Discussion.
Each of these sections contains key information and interaction options regarding the bug:

Bug Headline: This headline includes the bug name, ID, and a set of interaction options.

Notifications: This option allows you to subscribe to receive email notifications whenever there is any
new event that is related to the bug.

Save Bug: This option allows you to save the bug, so you can easily access it from the search page.

Open Support Case: This option allows you to directly open a TAC case with a reference to this bug.

The bug Description section is the essential part, which contains in-depth technical information:

Symptom: A description of the observed issue or behavior, detailing what is happening, including log
or debug outputs and other information describing the bug.

Conditions: Specifies the environment or setup in which the bug occurs, including configurations or
scenarios that lead to the issue.

Workaround: Provides steps or methods to mitigate or bypass the issue temporarily.

Further Problem Description: Allows for a more detailed explanation of the problem or additional
information that may or may not be relevant.

The Description section also allows you to leave feedback and rating whether you found the
description of this bug helpful.
The bug Details section provides detailed information about the bug lifecycle and impact. It includes
the creation and last modification date, the status of the bug and its severity.

It also contains the following details that help you understand the bug scope and resolution:

Products: Lists the hardware or software products that are affected by the bug.

Known Affected Releases: Identifies the versions where the bug is confirmed to occur.

Known Fixed Releases: Shows the versions where the issue has been resolved.

Support Cases: Displays the number of TAC cases that are associated with the bug.
The Related Bugs section provides a list of other bugs that are either similar or linked to the current
bug. It includes some key information about the related bug and a link to it.

The Community Discussions section offers links to discussions related to the bug on Cisco Community
forums. These discussions often include user experiences, troubleshooting steps, potential
workarounds, and collaborative insights from other network engineers or Cisco support
professionals.

Answer

The correct answer is Description. This answer is correct because the Description section provides in-
depth technical information about the symptoms and conditions of a bug, including observed issues
and environments where the bug occurs. The Bug Headline option is incorrect because it mainly
includes the bug name and ID. The Details option is incorrect because it focuses on the bug lifecycle
and impact, while the Related Bugs option is incorrect because it lists other similar or linked bugs.

Capture Network Traffic and Identify the

Issue
Identify the Issue

In this task, you will verify the reported issue by attempting to connect to
the server both from outside the network and from inside the enterprise
network. This will help confirm whether the problem lies with the networking
configuration and not the application itself.
Step 1
Show Me
Access the Cisco Modeling Labs (CML) WebUI. To access the CML
running in your lab environment, open a web browser on your student PC
and navigate to https://10.1.1.20 or click the Cisco Modeling
Labs bookmark.
Step 2
Show Me
Log in to access the main dashboard.

Use the following credentials:

 Username: student
 Password: 1234QWer
Step 3
Show Me
Click the Capture Network Traffic and Identify the Issue topology to
open it.
Step 4
Show Me
Check all devices in the topology and ensure they have fully booted before
proceeding with the lab steps or accessing the console. Attempting to
interact with a device that has not fully booted may interrupt the boot
process. Wait for a green checkmark to appear next to each node,
indicating that it is ready.
Step 5
Show Me
To verify the network issue, you will try to connect to the Web-Server from
User-PC1. First, open the console of User-PC1 by right-clicking the node
and choosing Console.
Step 6
Show Me
In the pane at the bottom, click the OPEN CONSOLE button.
Step 7
Log in using the following credentials.
 Username: cisco
 Password: cisco
Step 8
Show Me
The server should be reachable on its public IP address (201.1.1.3). Use
the Netcat nc command to test connectivity on port 443 from the external
network.
Step 9
Show Me
To ensure that the issue is not with the application itself, test connectivity to
the server using its internal IP address (10.0.0.20) from within the
enterprise network.

Open the console of Enterprise-PC1 and try to reach the Web App at its
internal address.

Capture and Observe the Traffic

In this task, you will capture the traffic to quickly identify the root cause of
the issue. Instead of reviewing the entire configuration step by step,
analyzing the captured packets will allow you to determine whether the
problem lies with ACLs, NAT, routing, or something else. This approach
provides a more direct way to pinpoint where the communication is failing.

In this lab, you will use the packet capture feature to analyze traffic directly
on the simulation links. This simplifies the process by allowing you to
capture packets without additional setup. In a real-world Cisco
environment, you would typically capture traffic using tools like SPAN (port
mirroring) on switches or Embedded Packet Capture (EPC) on routers and
analyze the traffic with Wireshark.
Step 10
Show Me
Before capturing incoming traffic in the enterprise network to identify the
issue, start by simulating some traffic. Open the console of User-PC1, ping
the Web-Server using its public IPv4 address, and keep the ping running.
Step 11
Show Me
You will now capture the traffic. First, you need to decide where to capture
it. Start by capturing traffic arriving at your Enterprise-router to confirm that
the traffic is reaching the network and verify that the issue lies within the
enterprise network.

Right-click on the link between the Home Router and the Enterprise-router
in the lab interface and choose Packet Capture.
Step 12
Show Me
A packet capture window should open in the bottom pane. Click
the Start button to start capturing the traffic.
Step 13
Show Me
Observe the captured traffic. What do you notice?
Step 14
Show Me
Capture traffic on the link to the Web-Server to check whether the traffic is
being forwarded correctly from the Enterprise-router to the Web-Server.

Again, right-click on the link connected to the Web-Server and

choose Packet Capture.
Step 15
Show Me
Start the capture and observe the traffic. What do you notice?
Step 16
Show Me
Focus on the IP address that is queried in the ARP requests. Do you see
anything unusual?
Step 17
Show Me
The captured traffic indicates a potential NAT issue. Open the console of
the Enterprise-router and check NAT translations using the show ip nat
translations command.
Step 18
Show Me
Check the current running configuration using the show running-config |
include nat to confirm that the NAT configuration is incorrect.
Fix the Issue and Verify Connectivity

You quickly and successfully identified the issue by capturing and

analyzing the traffic. In this task, you will resolve the problem by correcting
the NAT on the Enterprise-router and then verify that the Web App is
accessible from the outside.
Step 19
Show Me
Correct the NAT on the Enterprise-router, by removing the incorrect static
NAT entry and then adding the correct one.

To do that, enter the global configuration mode on the router, then remove
the incorrect static NAT entry and add the correct one using the ip nat
inside source static <private-ip> <public-ip> command.
Step 20
Show Me
Go back to User-PC1, where the ping to the Web-Server’s public IP
(201.1.1.3) has been running. Check the output to see if replies are now
being received.
Step 21
Show Me
Stop the running ping on User-PC1 by pressing Ctrl + C. Then, try to reach
the Web App running on the server using the Netcat nc command.

Answer

The correct answer is Capturing and analyzing network traffic. This answer is correct because
capturing and analyzing network traffic allowed for a quick identification of the issue. The
Systematically checking each network layer option is incorrect because, although systematic checking
is a valid approach, capturing traffic was used for quick identification. The Reviewing server
performance metrics option is also incorrect because server performance metrics were not discussed
as part of the troubleshooting process. Finally, the Rebooting all network devices option is incorrect
because rebooting devices was not mentioned as part of the troubleshooting steps.

Summary

Now that you have seen the vast set of commands, tools, and best practices provided by Cisco in
action, you can use the knowledge you have acquired to elevate your troubleshooting. With access
to a wide range of support portals offering extensive resources and expert assistance, you are well-
equipped to diagnose and resolve a variety of network- and equipment-related issues.

Having completed the course, consider how you will be able to address the following questions:

How can common troubleshooting commands such as ping, traceroute and telnet help you pinpoint
the cause of a network issue?

How can you use the basic show commands and output modifiers to verify device configuration and
status?

What are the tools for packet capturing in Cisco centric networks, and how can they be applied in
different use cases?

What information is available on the Cisco Support Page, and how can you use it to boost your
troubleshooting efficiency?

What information do you have to provide to open a Cisco TAC case and how to most efficiently
manage the case through its lifecycle?

What is the function of the Cisco Bug Search Tool, and how can you use it to identify, analyze, and
mitigate software bugs in Cisco products?
 Cisco Documentation Navigation

Introduction

Imagine you are in the middle of a critical network outage. Time is ticking, your team is waiting for
answers, and you are trying to find the right guide to troubleshoot the issue. High-pressure situations
like this are a part of the job for network engineers, and the ability to effectively navigate vast Cisco
documentation can make the difference between a quick recovery and prolonged downtime.

Common challenges such as unclear documentation, hard-to-find resources, and simply not knowing
where to start can add unnecessary stress to an already demanding job. This course is designed for
professionals like you who need to locate, interpret, and apply Cisco documentation efficiently.
Becoming familiar with Cisco documents and their specific use cases will give you the confidence to
quickly solve problems and minimize disruption to your network.
Cisco Product Support Web Page
A support page is an essential resource for network engineers, IT professionals, system
administrators, and engineers who rely on network infrastructure. Without proper software support,
organizations risk running outdated versions of software, which may have crucial vulnerabilities, lack
critical features, and so on.

These are only a few reasons why product support is an important part of any system. The Cisco
Product Support web page offers comprehensive support for Cisco products, including software
downloads, release notes, technical documentation, and so on.

To access the Cisco Support web page, navigate to https://www.cisco.com and click Support in the
navigation bar. Then, choose Support Home, and you are redirected to the main support page.

Alternatively, you can directly access the page by typing

https://www.cisco.com/c/en/us/support/index.html in the URL bar of your browser and hitting enter.

When you head over to the website, you are greeted with a friendly interface.

You can see many sections. Here are some that you may find useful:

Products by Category: Helps you find products by their category, for example routers and switches.

Status Tools: Directs you to useful tools, for example field notices.

Cisco Communities: Allows you to directly access community pages, for example the Webex
community page.

Licenses: Redirects you to pages that explain or help with product licensing.

Software and Downloads: Directs you to download pages of different products.

If you do not immediately see what you are looking for, you can use the search functionality. It allows
you to search by product name.
You often deal with devices running IOS or Cisco NX-OS Software. The support for these devices can
be found on the main support page under the section Products by Category. Click the Networking
Software (IOS & NX-OS) link to be redirected to the networking software support page. The following
is a screenshot of the support web page.

This web page contains links to all supported networking software releases, including a link for each
software version. You can also find a reference guide for IOS and Cisco NX-OS Software. To view
additional information about each version, click its corresponding link to be redirected. There, you
can find documentation, downloads, data sheets, and so on.

For quicker access, here are the links for each operating system:

IOS XE Software (you have to choose your software version):

https://www.cisco.com/c/en/us/support/ios-nx-os-software/index.html

IOS XR Software: https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xr-software/

series.html

NX-OS: https://www.cisco.com/c/en/us/support/ios-nx-os-software/nx-os-software/series.html
Answer

The correct answer is Documentation, downloads, and data sheets. This answer is correct because
the links for each software version on the Cisco support web page provide access to documentation,
downloads, and data sheets. The Links to purchase new software option is incorrect because the
page does not provide purchase links. The User testimonials and feedback option is not correct
because it does not focus on user testimonials. The Lists of discontinued products option is incorrect
since the page does not specifically list discontinued products.

Software Release Reference Guide

Cisco Networking Software—Cisco IOS and Cisco NX-OS Software—is constantly advancing to keep up
with the demanding enterprise and service provider (SP) networks. The software release reference
guide provides an overview of the current release of IOS and Cisco NX-OS Software, covering various
release families and trains, release-naming conventions, packaging architectures, and image-naming
conventions. It provides insight into the software lifecycle, with examples of migration paths for
typical migration scenarios.

Effectively managing Cisco IOS and Cisco NX-OS Software requires a good understanding of the
release models and naming conventions across various families, trains, and individual releases. The
following image shows Cisco IOS XE Software version naming.
Let's discuss each part of the name in more detail:

Train identifier: Also known as name brand, specifies the particular software train that an IOS XE
release belongs to. Each train delivers software with a specific set of features to a specific set of
platforms.

Major release: Indicated a series of software releases, for example, 17 for a release from Amsterdam,
Bengaluru, Cupertino, or Dublin series.

Minor release: Enhances a major release by providing new features, bug fixes for existing features,
and support for new hardware platforms. It increases by an increment of 1.

Maintenance Release: Primarily addresses defects in a minor release and typically does not include
any new features.

Optional Special Release: If present, it indicates this is a special release. A special release typically
adds support for new hardware or integrates fixes for critical defects or security vulnerabilities. It is
identifiable by lowercase, English alphabetical letter.

The naming convention for IOS XR differs from IOS XE. Feature releases contain new features and
support for new hardware. They are delivered approximately every 90 days. Extended maintenance
releases deliver critical bug fixes for feature releases, contain no new features, and are typically
released 3 months after the corresponding feature release. The following figure explains the IOS XR
naming scheme.
The naming of NX-OS includes a major release number, a minor release number, a maintenance
release number (in parentheses), a rebuild identifier (optional), and an additional platform
designator (uppercase alphabetical character), for example, 7.3(13)N1(1). Here the "N" (platform
designator) indicates that the software is meant for Cisco Nexus 5000 and 6000 Series switches. The
"1" next to "N" specifies capabilities or enhancements tailored to these platforms. Finally, "(1)" is the
patch number (patches are typically issued to address urgent issues/security vulnerabilities).

Cisco IOS Software employs packaging models and architectures tailored to specific service and
market needs, simplifying the software image selection process. However, the Cisco NX-OS Software
system image is a single file, employing no special packaging model.

Certain platforms support the Cisco Software Activation feature. This feature allows on-demand
service activation through license validation, enabling a single, universal software image approach
that can be customized with licenses to activate specific feature sets. Network devices, which
support this feature, ship with a single, universal Cisco IOS Software image that contains all available
features. Administrators can then obtain specific licenses to enable the corresponding feature sets.

There are two types of universal software images:

universalk9: Includes all features with strong payload cryptography capabilities like IPsec VPN, Secure
Sockets Layer (SSL) VPN, and secure unified communications.

universalk9_npe: Contains all the same features except for strong payload cryptography to comply
with the import laws of certain countries that restrict such capabilities. These images are tailored to
meet global export and import regulations by omitting strong encryption features.

Universal software images have features grouped into specific feature sets. The main feature sets
include:
IPBase: The default image for switches and routers, supporting essential network protocols like
Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing
Protocol (EIGRP), and so on.

SEC: Enhances network security with features like firewalls, VPNs, and intrusion prevention systems
(IPSs).

UC: Supports Unified Communications with tools like Cisco Unified Communications Manager
Express and voice gateways.

DATA: Provides support for data services and technologies, such as Bidirectional Forwarding
Detection (BFD), IP service-level agreement (IP SLA), and others.

For devices without feature activation, Cisco offers seven software packages to suit different
networking needs, depending on the model, to meet the requirements of different market
categories. These packages provide varying levels of network functionality tailored to specific
requirements. The software packages are the following:

Layer 2 Base

LAN Base

IP Base

IP Services

Advanced IP Services

Enterprise Services

Advanced Enterprise Services

Cisco IOS XE Software is available in consolidated packages, each containing several software
subpackages. A consolidated package is a single image comprising multiple subpackages, each
designed to manage specific functionalities or elements of a router or switch. For example, the Route
Processor IOS (RPIOS) subpackage, which includes the Cisco IOS kernel, is a typical component of
these consolidated packages.

Cisco IOS XR Software is distributed in modular packages, each supporting specific functionalities like
routing or security. Devices come with a core bundle of essential packages preinstalled.
Administrators can add and activate optional packages and updates as needed to enhance features
or address issues.

Unlike Cisco IOS Software, where features are fixed at the time of image creation, IOS XR Software
allows dynamic loading and unloading of packages. This modular approach enables systems to be
updated or patched without restart or service interruptions, facilitating ongoing maintenance and
upgrades.

Image files have their own naming convention as well. The following is an example of an image file
for Catalyst 8500 Series Edge Platform (IOS XE Software).

It is made up of several elements:

Hardware: This is the hardware that the image is built for (in this case Catalyst 8500 Series Edge
Platform)

Platform type: If there are multiple possible platform types, it specifies which one ("aep" here means
Aggregation Edge Platform)
Services provided: Also called feature set. This example contains the "universal" feature set, and the
"k9" designation indicated support for strong cryptography features. Also, there may be a no payload
encryption ("npe") tag.

IOS XE Version: Written without train identifier.

Digital Signature Indicator: The image is digitally signed, as indicated by the "SPA" designation. "S"
stands for signed (as in digitally signed software), "P" stands for production, and the third character
indicates the key version used for the signature. It is identified by an alphabetical character (A, B, and
so on).

File format: The file is in a binary format, which is indicated by the .bin extension.

Note

Image files for Cisco NX-OS Software typically do not use digital signature indicators, although the
images are digitally signed on most platforms. You can verify it by executing the show software
authenticity file path/filename command.

The lifecycle of Cisco IOS and NX-OS Software releases follows well-defined release policies, defining
key phases in the lifecycle of each release. The following figure shows the lifecycle of Cisco IOS
Software and Cisco NX-OS Software releases.

The following is an explanation of the lifecycle:

First customer shipment (FCS): The initial day that the release is made available to customers.

End-of-sale announcement: A public notice about the upcoming end-of-sale date for a release is sent
out.
End of sale: The final day customers can order the release through Cisco sales channels and the final
day the manufacturing shipments of Cisco hardware include the release.

End of software maintenance (EoSW): The last day for any final software maintenance releases or
bug fixes for the release.

End of security vulnerability support (EoSV): The final day for a possible security fix release.
Sometimes, for a brief time after the EoSW, Cisco Engineering may provide rebuilds that include fixes
for security vulnerabilities and issues.

Last date of support: The final day the Cisco Technical Assistance Center (TAC) offers support for the
release. After this time, support ceases, and the release becomes obsolete.

Note

The duration of lifecycle phases for software release varies by release family, train, and version. For
specific details, refer to the associated release notes and support timeline bulletins.

It is advisable that administrators keep copies of all software releases active on their networks and
deploy only the latest releases. While releases are usually retired based on age, continued use of a
retired release is viable if it still meets network needs. Cisco TAC offers support for these retired
releases until they reach the last date of support.

Answer
The correct answer is To store and manage Cisco IOS configuration files for enhanced rollback
capability. This answer is correct because the primary purpose of the Cisco IOS XE configuration
archive is to store and manage configuration files, enhancing rollback capability. The To permanently
delete old configuration files option is incorrect because the archive does not permanently delete
files; it manages them by deleting the oldest file when the maximum number is reached. The To
merge multiple configuration files into one option is also incorrect, because the archive does not
merge configuration files; it stores them as individual checkpoints. Finally, the To encrypt
configuration files for security purposes option is incorrect, because the archive is not specifically
designed for encrypting configuration files.

Cisco At-a-Glance Documentation

At-a-glance documents are concise documents, which are designed to deliver key information in an
easy-to-read format. They are particularly valuable during the decision-making process. When
assessing which solutions might be appropriate for a particular business need or infrastructure
requirement, the documents reduce the time to read through all technical documentation.

At-a-glance documents are not just limited to products, they are available for features too. They help
in understanding how a particular product or feature works.

For a single product or a feature, there may be multiple at-a-glance documents. Here is what
information that you can expect from these documents:

Services: Essential information about the services of the products/features—what is offered, what is
included in the pricing, and similar.

Solution Overview: a comprehensive overview of the products including key features, intended use
cases, and network design benefits.

Integrations with applications: How the product/feature is integrated with applications developed by
Cisco.

The following is an example of an at-a-glance document. This example is just a part of the document
that belongs to the Cisco Nexus 9000 Series switch at-a-glance documents.
This at-a-glance document is presented in a visually engaging format that combines graphics with
concise text to effectively communicate key points without overwhelming the reader with technical
details. It is designed to be easy to understand, so the readers can quickly grasp the essential
information from the text.

Answer
The correct answer is Key features and intended use cases. This answer is correct because the
'Solution Overview' section provides a comprehensive overview of the product, highlighting key
features and intended use cases. The Pricing details of the product option is incorrect because
pricing is not typically covered in the 'Solution Overview'. The Detailed configuration instructions
option is incorrect, because the section focuses on summarizing product capabilities. Lastly, the
Historical background of the product option is incorrect, because historical context is not the focus of
this section.

Data Sheets

A data sheet is an essential document that provides technical and functional details of a product, for
example, a Cisco Nexus 9800 Series switch. It helps engineers, system administrators, and others
understand a product's capabilities, specifications, features, benefits of use, and how compatible
they are within a network infrastructure.

It is structured so it introduces you to a product and its features. Each topic has its own section,
where critical information is presented, all in all giving you a comprehensive overview of the product.

You can expect the data sheet to cover these topics:

Product Overview: Summary of a product's purpose and market positioning.

Technical Specifications: Detailed description of the product's technical features, for example number
of ports, bandwidth capabilities, power consumption, supported standards, and so on.

Configuration options: Define possible device configurations and their specific specifications.

Key Features: Highlight the best features, like high-speed connectivity, power efficiency, and so on.

Licensing and compliance: Explains required licenses for specific features.

Ordering Information: Product IDs, descriptions, and ordering options so users have an easier time
identifying the configuration they would like to order.
There can be additional sections, such as warranty information, environmental sustainability
information, performance metrics, and so on.

Using a data sheet is invaluable because it provides all the necessary information about a certain
product. It is a document with clear and trustful information. Each product has its own data sheet.
The following is an example of how a page in a data sheet looks like. The example is from a data
sheet for the Cisco Nexus 9800 Series switch.
This page of the data sheet describes interoperability between different components and some of
the prominent features of the device.
Answer

The correct answer is To provide technical and functional details of a product. This answer is correct
because a data sheet is designed to give comprehensive technical and functional information about a
product, such as specifications, features, and compatibility within a network infrastructure. The To
provide installation instructions for a product option is incorrect because installation instructions are
not the primary focus of a data sheet. The To offer a detailed financial analysis of a product option is
also incorrect, because financial analysis is not typically included in a data sheet. Finally, the To give
an overview of a product's marketing strategy option is incorrect, because a data sheet focuses on
technical and functional details rather than marketing strategies.

Hardware Installation Guides

Hardware installation documentation plays an important role in ensuring the successful deployment
and maintenance of networking equipment. It serves as a guide with all the necessary information
for successful hardware installation of a device. Following these instructions makes sure that your
device will work in the intended environment, reducing the possibility of damage and technological
difficulties after the installation.

The guide is separated into chapters, consisting of (but not limited to):

Device overview: Explains the device's technical features, its specifications, power demands, and
other information.

Preparation for installation: Explains the requirements and limitations for installation. This includes
temperature, humidity, vibration, dimensional requirements, and others. Follow these instructions to
establish a proper working environment for network devices, ensuring they operate as intended.
Installation process: Describes step-by-step instructions about how to physically install the device, for
example, how to install bottom-support rails, how to mount the device chassis, and so on.

Powering on and connecting to network: Explains how to connect the power modules and turn on
the device. There is also a short overview of how to connect the device to the network, including
connecting a console to the device, creating initial configuration, and other procedures.

Component replacement: Talks about how to replace failing components, like fan modules.

LED troubleshooting: Explains LED troubleshooting, for example what a flashing blue LED means.

For certain devices, there may be other chapters as well. These can include what additional kits are
available, site preparation and maintenance records, and others. The following is an example of a
part of the hardware installation guide belonging to the Cisco Nexus 93180YC-EX.

The preparation chapter talks about temperature requirements (what the operating temperature is),
and humidity requirements. There are also specific requirements for dust and particulate, explaining
how dust can interfere with electrical components. There are many other requirements, which are
defined in the hardware installation guide.
Answer

The correct answer is Device overview. This answer is correct because the device overview section
explains the device's technical features, specifications, power demands, and other crucial
information. The Preparation for installation option is incorrect because it focuses on outlining
requirements and limitations for installation, not specifications. The Powering on and connecting to
network option is also incorrect, because it involves instructions on network connections and power
modules. Lastly, the Component replacement option is incorrect because it pertains to instructions
on replacing failing components, not device specifications.

Configuration Guides
Configuration guides provide detailed instructions for setting up the devices. They are organized to
provide a structured approach to configuring network devices, with each guide focusing on specific
aspects or features.

A base configuration guide serves as the primary document, covering essential setup and initial
configuration steps necessary to get a device operational. This guide typically includes things such as
setup, upgrade workflows, and various installation modes. It may also cover topics such as device
management, troubleshooting, and others.

There are multiple benefits to using configuration guides:

Provide clear step-by-step instructions.

Reduce the risk of misconfiguring a device.

Often include troubleshooting tips and best practices.

The configuration guides are not limited to devices only, there are also configuration guides for
individual features (for example using ZTP to deploy a router).

Beyond the base guide, there are individual configuration guides for specific features and
implementations, such as routing, telemetry, security, and various protocols. These feature-specific
guides allow users to implement and customize advanced functionalities according to their network’s
requirements. They also provide users with an easy way to find only the configuration guide they
require.

Note

Typically, these guides are divided by operating system versions and deployment types, such as
virtual versus physical environments, ensuring users have the most relevant and compatible
instructions.

The configuration guides are not only step-by-step instructions. They explain each step, so the user
understands how their commands/input change the configuration. They include requirements,
illustrations for clarity, and other resources to make configurations easier to understand.

The following figure is an example of a configuration guide.

Answer

The correct answer is They reduce the risk of misconfiguring a device. This answer is correct because
configuration guides offer clear instructions and best practices, helping users avoid common
configuration errors. The They guarantee error-free device operation option is incorrect because
guides do not guarantee error-free operation. The They provide a structured approach to learning
programming languages option is incorrect because the guides are not designed for programming
language learning. Finally, the They eliminate the need for device updates option is incorrect because
guides do not eliminate the need for updates.
Release Notes Overview

Release notes inform users about the changes, updates, and important details related to a new
software version. Reading them gives you crucial information about changes that could impact
network performance and stability, improve the workload of certain devices, and so on.

Release notes contain a lot of information. Most of it is dedicated to the following:

New and changed software features.

Resolved and open bugs.

Compatibility information and supported hardware.

Reading through the release notes, you are sure to find a lot of the document content is dedicated to
new and changed features. You can discover what the engineering team has
added/removed/modified. Alongside the feature, there is a description of what exactly has been
done.

Resolved bugs indicate issues that have been fixed, offering reassurance that previous problems are
no longer present. Meanwhile, open bugs outline known issues that are still unresolved, enabling
users to anticipate potential challenges. This transparency allows users to anticipate known issues, if
there are any, which helps in planning workarounds or delays in updating if issues are significant.

The compatibility information and supported hardware section in the release notes ensures that
users understand which devices, configurations, and operating environments are compatible with
the latest software version. This prevents users from unknowingly installing software on unsupported
hardware, preventing potential issues.

Note

Each software version has its own release notes, which may vary even further depending on the
device. Ensure you read the release notes for your specific software version and device (if
applicable).
The following illustration is a part of the release notes, belonging to Cisco ASR 1000 Series
Aggregation Services routers.

Answer

The correct answer is To inform users about changes, updates, and important details related to a new
software version. This answer is correct because the primary purpose of release notes is to
communicate technical changes and updates that can impact network performance and stability, as
well as improve the workload of certain devices. The To provide marketing information about the
software option is incorrect because release notes focus on technical information rather than
marketing. The To list the pricing of the new software version option is incorrect because release
notes do not include pricing details. Finally, the To offer a detailed guide on how to uninstall the
software option is incorrect because release notes do not typically provide uninstallation
instructions.

Command Reference

Command references are documents, which aim to explain the syntax, usage, and functions of
commands available for configuring and managing devices. This ensures users know exactly which
commands to use and how to use them, to perform certain actions on the device. It helps the users
not only in understanding correct usage, but helps them troubleshoot, configure, and change
configuration settings effectively.

Also, Cisco often provides separate documents for different command types—such as configuration
commands for setting up devices and show commands for monitoring and diagnostic purposes. This
allows users to find the most relevant information based on their needs.

Furthermore, each software version has its own set of command references. This is don, because
some features may only be available in newer software releases, or they have been changed.

The following is an example, showing a part of a command reference document.

As you can see in the figure, the command reference includes syntax
description with an explanation. It also gives usage guidelines, and an
example of use, alongside appropriate output.

Answer

The correct answer is To explain the syntax, usage, and functions of commands. This answer is
correct because command reference documents are designed to help users understand how to
configure and manage devices by providing detailed information on command syntax and usage.
The To provide a comprehensive guide on hardware specifications option is incorrect because
command references focus on commands, not hardware specifications. The To offer customer
support contact information option is incorrect because providing customer support contact
information is not the primary aim of these documents. The To list all available device models option
is incorrect because these documents do not focus on listing device models.

End-of-Sale Announcements

End-of-sale announcements are documents dedicated to informing the reader about the stages at
which the product will no longer be sold. Similarly, end-of-life documents announce the end of
development and support. These documents help customers and partners prepare for product
transitions and manage their timelines.

End-of-sale and end-of-life documents have the following content:

Overview: Brief explanation—product name and the end-of-sale date.

Product part numbers: Which part numbers are affected by this document.

End-of-life milestones: Dates for all milestones (end-of-sale date, last ship date, and so on).

Migration options: Offers guidance on replacement products or similar models featuring updated
software and hardware.

There are multiple milestones:

End-of-Life Announcement Date: The date when the document announcing a product's end-of-sale
and end-of-life is released to the public.

End-of-Sale Date: The last day to order a product through sales channels, after which it will not be
available for purchase.

Last Ship Date: The last day to request shipping. The actual ship date can depend on the lead time.
End of Software Maintenance Releases Date: The last day there could be a release of software, for
maintenance or bug fixes. After this day, only critical security updates are provided.

End of Vulnerability/Security Support: The last date for software release including security or
vulnerability bug fixes. Beyond this date, any fixes will only be available in newer supported software
versions.

Last Date of Support: The last day to receive applicable service and support for the product. After
this, all support ceases, and the product becomes obsolete.

By publishing end-of-sale and end-of-life documents in advance, Cisco enables customers and users
to plan for key milestones. These dates provide clarity for customers, allowing for easier planning
without the need to estimate milestone timings.

The following is an example of an end-of-sale document, regarding the Cisco Nexus 9500 100G Line
Cards.
Answer

The correct answer is End-of-Sale Date. This answer is correct because the End-of-Sale Date is the
last opportunity to order a product, signaling the end of its availability through sales channels. The
End-of-Life Announcement Date option is incorrect because it refers to when the announcement is
made. The Last Ship Date option is incorrect because it relates to the shipping timeline. The End of
SW Maintenance Releases Date option is incorrect because it pertains to software updates and
maintenance.

Licensing Guide Overview

Licensing guide documents are documents that describe the licensing requirements, policies, and
procedures for a certain platform. They provide you with all the needed information so you can
effectively manage licenses across different products, including Cisco IOS XE Software, IOS XR, and
Cisco NX-OS Software.

Each version of software may have its own licensing document specifying licensing only for that
version. For Cisco IOS XE, IOS XR, and NX-OS Software, you can find these version-specific documents
on their respective support pages in the documentation section.

To effectively convey information, the licensing guide is a structured document containing a table of
contents. The document goes through many topics, including device-specific licensing, module-based
licenses, licensing terminology, and others. It explains, in detail, all licensing options, requirements,
and other specifications.

The following is a part of licensing guide from Cisco NX-OS software documentation.
Information that can be found in a licensing guide:

Licensing options

Features included in a licensing package

Licensing differences between devices

Release history for licensing

Smart Software licensing overview

Licensing guidelines and limitations

Cisco also offers smart software licensing, providing a flexible model providing you with an easier,
faster, and more consistent way to purchase and manage software across the different devices. This
approach helps you with easier activation and licenses are transferable, as they are not locked to
hardware. Through the Cisco portal, you gain a comprehensive view of your licenses, making it easy
to track what you own and actively use.

Answer

The correct answer is Ownership and active usage of licenses. This answer is correct because the
Cisco portal provides a comprehensive view of the ownership and active usage of licenses, helping
users track their software assets efficiently. The Software installation progress option is incorrect
because tracking installation progress is not the primary function of the Cisco portal in this context.
The Hardware compatibility option is incorrect because it is not directly tracked through licensing
information. The Networking performance statistics option is incorrect because these statistics are
outside the scope of licensing tracking.

Troubleshooting Guides
A troubleshooting guide is a document to help users identify, diagnose, and resolve problems they
are dealing with. Cisco provides guides tailored to individual platforms using Cisco IOS XR, IOS XE,
and NX-OS Software. There are also device-specific troubleshooting guides. These guides provide
solutions, commands, and best practices specific to each platform, enhancing the efficiency and
accuracy of troubleshooting.

To find troubleshooting guides, navigate to the product support page. There you will find many
different troubleshooting guides, which cover a variety of issues. The following is an example,
displaying part of troubleshooting guide for Cisco Nexus 9000 Series switch, regarding
troubleshooting ports.
In a guide like this, you can find guidelines for troubleshooting, problem descriptions, commands to
use, and many explanations, that will help you troubleshoot quickly and effectively.

The following is another example of a troubleshooting document. This chapter describes the
troubleshooting tools and methodology to use. It provides a user with a comprehensive overview of
possible commands to use, for example how to trace packet routes using traceroute utility.
Answer

The correct answer is To help users identify, diagnose, and resolve problems. This answer is correct
because troubleshooting guides are specifically designed to assist users in identifying, diagnosing,
and resolving issues they encounter. The To provide a historical overview of the product option is
incorrect because the guide is not intended to provide a historical overview. The To list all available
products option is not correct because the guide does not focus on listing products. Finally, the To
offer customer reviews of the product option is incorrect because the guide is not about customer
reviews.

Additional Documents
Cisco offers many different kinds of support documents, ranging from troubleshooting guides to end-
of-sale documents, and everything in between. To effectively manage the lifecycle of products, it is
suggested to use multiple different documents.

To help you with lifecycle management, you should utilize multiple sources, including:

Ordering guides: Help with product selection and compatibility during the ordering process.

Design guides: Provide proven architectures to ensure reliable and efficient deployments.

Field Notices: Alert users to hardware or software issues affecting performance.

White Papers: Provide best practices and give advice on their respective topics.

You can find these documents alongside others under documentation of each specific platform or
product. They help you optimize your planning, deployment, maintenance, and replacement of Cisco
products.

The following figure is part of a white paper, concerning the security of different software platforms.
nswer

The correct answer is White Papers. This answer is correct because White Papers are designed to
provide best practices and guidance on specific topics, making them a valuable resource for in-depth
understanding and advice. The Ordering guides option is incorrect because ordering guides are
primarily for product selection and compatibility. The Design guides option is incorrect because
design guides offer proven architectures for deployment. Finally, the Field Notices option is incorrect
because field notices alert users to issues affecting performance.

Summary

Cisco documentation, accessible via Cisco Support, is your go-to resource for managing network
setups, troubleshooting issues, and maintaining device performance. In dire situations, you can
quickly locate solutions, implement fixes, and restore network functionality with the help of Cisco
documentation, ensuring minimal downtime and maintaining operational efficiency.

It is best practice to use these documents in combination as needed to ensure accurate

configurations, efficient troubleshooting, and well-informed updates. In this way, you can easily
maintain a secure and high-performing network environment.

After completing this course, you will be able to answer the following questions:

Which document provides step-by-step instructions for setting up a new Cisco device?

Which document should I refer to when encountering connectivity or performance issues?

Where can I find command syntax and options specific to a particular Cisco platform?

Cisco Operating Systems Licensing

Imagine you are a network administrator in a company that is rapidly expanding its operations across
multiple regions. With increasing demands on your network infrastructure, ensuring reliable
connectivity, secure communication, and efficient resource utilization becomes crucial. To achieve
this goal, you need a licensing strategy that simplifies network management while offering flexibility
and control.

In such cases, Cisco licensing solutions come into play. Cisco provides a range of licensing options
that are designed to meet the diverse needs of modern enterprises. From traditional licensing
models to Smart Licensing using Cisco Smart Software Manager (SSM), these tools empower you to
streamline license management, reduce administrative overhead, and gain real-time visibility into
your network's licenses.

In this course, you will:

Explore Traditional Licensing for cisco networking devices, understanding how legacy licensing
models work.

Learn about Cisco SSM and how it transforms licensing management with centralized, automated
capabilities.

Understand Cisco SSM licensing deployment options, exploring different ways to manage licenses
efficiently.

Discover Cisco Catalyst router licensing options, helping you choose the right licensing model for
your organization.

Examine Cisco Catalyst switch licensing options, ensuring you understand how licensing applies to
different switch models.

Review Cisco Nexus switch licensing options, focusing on licensing models designed for high-
performance data center networks.

Understand Cisco IOS XR platforms licensing options, exploring the licensing structure for high-scale
networking environments.

Gain insight into Cisco IOS XR flexible consumption models, learning how these models provide
greater agility in managing licensing needs.

Get a hands-on experience where you will learn how to license a Cisco Catalyst switch using Cisco
SSM.

This course will equip you with the skills and knowledge needed to use Cisco licensing tools to their
full potential, enabling you to build a scalable and efficient network infrastructure.

Traditional Licensing for Cisco Networking

Devices
Licensing is essential for enabling the basic operation and advanced functionalities of Cisco
networking devices. It governs access to essential software features, defines hardware capabilities,
and facilitates compliance with regulatory requirements. Cisco traditional licensing models, which
include concepts such as perpetual licensing, feature-based licensing, and platform-specific licensing,
serve as the cornerstone for deploying and managing network solutions in static and predictable
environments. These models were designed to meet the demands of organizations operating within
a defined scope, where network configurations and requirements remained largely unchanged over
time. However, as networks evolved and organizations scaled, the limitations of these licensing
models became increasingly evident. To fully understand the transition toward more adaptive
licensing solutions, it is crucial to examine the key elements of traditional licensing and the pivotal
role of Product Activation Keys (PAKs).

While perpetual, feature-based, and platform-specific licensing categories are utilized in some form
under Smart Licensing, these models are referred to as "traditional". Initial implementations of the
"traditional" models relied on manual, static, and device-specific processes.

This topic explores their characteristics, the challenges they posed, and how their evolution has led
to the modern licensing framework.

Traditional Licensing Models and Their Evolution

Cisco’s traditional licensing models offered a structured and stable approach to software acquisition,
allowing businesses to manage their networks effectively. However, as networks became more
dynamic, these models struggled to keep pace with evolving demands.

This section explores Perpetual Licensing, Feature-Based Licensing, and Platform-Specific Licensing,
their advantages and limitations, and the transition to modern Smart Licensing.

Perpetual Licensing

Perpetual licensing provides customers with indefinite rights to use Cisco software as long as they
purchase the associated hardware. This model remains a component of Cisco licensing strategy,
though its implementation has evolved under Smart Licensing. Traditionally, perpetual licensing was
highly predictable, offering a straightforward approach to licensing. Customers paid an upfront cost
to obtain software rights, and these rights remained valid for the lifespan of the hardware.
Organizations appreciated the simplicity of this model, as it allowed them to plan their network
expenses with minimal uncertainty. However, traditional perpetual licensing had drawbacks. Licenses
were tied to specific devices, which meant they could not be easily transferred or reused, even in
cases of hardware replacement or upgrade. Also, while perpetual licenses provided indefinite usage
rights, they did not include access to regular software updates.

Organizations were required to pay extra for these updates to access the latest features and security
enhancements. Staying current with updates was also necessary for maintaining access to technical
support, adding further costs to the long-term ownership of perpetually licensed software. This type
of licensing often led to inefficiencies, particularly in organizations with rapidly evolving network
infrastructures. Moreover, traditional perpetual licensing lacked the flexibility to accommodate
temporary needs, which limited its applicability in modern, agile environments.

Feature-Based Licensing

Feature-based licensing, historically a key component of Cisco traditional licensing frameworks,

introduced the concept of unlocking specific functionalities on Cisco devices. This allowed customers
to tailor their purchases to their operational needs, a practice that continues today under Smart
Licensing but with significant improvements in flexibility and management. For instance, Cisco
Catalyst switches were offered with distinct tiers of feature sets.

These tiers included:

LAN Base: This tier provided essential Layer 2 functionalities, including VLAN support, spanning tree
protocols, and basic quality of service (QoS). It was ideal for small to medium-sized networks
requiring fundamental Layer 2 capabilities without advanced routing functions.

IP Base: Building upon LAN Base, this tier included basic Layer 3 routing features, such as static
routing and support for Routing Information Protocol (RIP). It also offered enhanced QoS features
and access control lists (ACLs) for improved network traffic management and security. This tier was
suitable for enterprises needing inter-VLAN routing and basic Layer 3 functionalities.

IP Services: The highest tier, offering all features of IP Base plus advanced Layer 3 routing protocols
such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), and Enhanced Interior
Gateway Routing Protocol (EIGRP). It provided comprehensive support for IPv6 as well. This tier was
ideal for large-scale networks requiring full enterprise services and advanced routing capabilities.

Feature-based licensing allows organizations to optimize their investments by selecting the specific
capabilities they require. However, this approach comes with certain complexities. In traditional
implementations, each feature set required a separate license and manual activation, which could
complicate the management of large-scale deployments. Upgrading from one feature set to another
often incurred additional costs and operational downtime, disrupting network operations and
increasing administrative overhead.

Organizations using feature-based licensing faced the additional responsibility of managing periodic
software updates to unlock new functionalities and ensure that their systems remained compatible
with evolving network standards. These updates, while critical for maintaining optimal performance
and security, often came with extra costs, increasing the total cost of ownership. Staying up to date
with software releases was also necessary to retain support for certain advanced feature sets, adding
another layer of complexity to license management. The fragmented and manual nature of
traditional feature-based licensing created significant scalability challenges, particularly for large
enterprises with complex and dynamic networking architectures and requirements.

Under Smart Licensing, feature-based licensing has been modernized, offering centralized
management, and streamlined workflows. This evolution addresses many of the operational
challenges while retaining the flexibility of tailoring features to specific business needs.
Platform-Specific Licensing

Platform-specific licensing was designed to address the unique requirements of different Cisco
devices, such as routers, switches, and firewalls. This model allowed organizations to tailor their
network solutions to the specific operational needs of each device. For example, advanced
functionalities like enhanced security, or data center features could be activated based on the type of
device and the licenses purchased. While specific licensing structures varied, the goal was to ensure
that each platform operated efficiently within its intended role in the network.

Managing platform-specific licenses in traditional environments was often a manual and fragmented
process. Different platforms required separate licenses, and administrators needed to track them
across multiple devices, which could result in inconsistencies and administrative burdens. This lack of
centralized visibility and control posed challenges for scalability and compliance, particularly in
complex enterprise environments. Modern Smart Licensing has since streamlined these processes,
offering centralized tools to simplify license management while maintaining the flexibility of
platform-specific functionality. For example, advanced functionalities like security and data center
features could be enabled through additional licensing, depending on the platform and deployment
scenario.

PAKs—A Core Licensing Mechanism

PAKs were a part of traditional licensing. A PAK is a unique alphanumeric code that is issued upon the
purchase of a license, serving as proof of purchase. PAKs provided a means of associating software
features with specific hardware, ensuring compliance with licensing agreements. These keys
functioned as a bridge between the purchased software and the hardware on which the software
was deployed, making them essential for activating purchased features. The PAK system was
designed to ensure that only authorized users could access premium functionalities, thus protecting
Cisco intellectual property and providing customers with a secure method of license activation.

PAK Licensing Workflow

The process of activating a license using PAKs involved several steps:

License Purchase: The customer purchased a license for a desired feature or software version.

Receive PAK: A unique PAK code was issued, either electronically or included in the product
packaging.

Register PAK: The customer registered the PAK on Cisco licensing portal, linking it to the device’s
Unique Device Identifier (UDI).

Generate License File: After registration, a license file tied to the device’s UDI was generated.

Install License: The license file was manually installed on the device, unlocking the purchased
features.

Below is a simplified diagram illustrating the PAK workflow, with a user interacting through a PC to
complete each step in the process.

This workflow, while functional, required precise execution. Any errors in the process, such as an
incorrect PAK entry or mismatched UDIs, could delay feature activation and potentially disrupt
network operations. Also, the manual nature of the workflow often introduced inefficiencies,
particularly in environments with many devices requiring frequent license updates.
Challenges of PAK Licensing

While effective for its time, PAK-based licensing had several limitations:

Manual Process: The activation process required manual registration and installation, increasing the
likelihood of human error. This was particularly problematic in large-scale deployments where
hundreds or thousands of devices needed to be licensed.

Hardware Dependency: Licenses were tied to individual devices, complicating hardware

replacements or upgrades. In cases of hardware failure, transferring a license to new hardware
required a complex re-registration process, often involving external intervention. This static and
device-bound nature of PAK licensing limited flexibility, making it difficult for organizations to adapt
to changing network requirements. PAK licensing also led to potential delays and increased costs in
dynamic environments.

Scalability Issues: Managing large numbers of PAKs in enterprise environments was time-consuming
and prone to oversight. Organizations often struggled to keep track of which licenses were applied to
which devices, leading to inefficiencies and potential compliance risks.

Limitations of Traditional Licensing

Traditional licensing, while foundational, struggled to meet the demands of modern, dynamic
network environments. Key limitations included:

High Administrative Overhead: The manual nature of license registration and activation required
significant effort and introduced the risk of administrative errors. Network administrators often had
to maintain detailed spreadsheets or other tracking systems to manage license inventories, which
could quickly become unmanageable in large environments.

Fragmented Management: Different licensing models for different platforms led to inconsistent
management practices, making it difficult to maintain a unified licensing strategy. This fragmentation
often resulted in redundant purchases and inefficient use of resources.

Limited Visibility: Tracking license usage, compliance, and expiration dates required manual
intervention, increasing the likelihood of lapses in compliance. Organizations often faced challenges
during audits due to incomplete or inaccurate records.

Inadequate Scalability: As networks grew, the static nature of traditional licensing proved increasingly
unsuitable. Organizations needed more adaptable licensing solutions that could scale with their
evolving infrastructure requirements.
Traditional licensing for Cisco networking devices provided a crucial framework for enabling software
features and capabilities. Despite its effectiveness in static environments, the lack of flexibility,
administrative burden, and scalability challenges of traditional licensing highlighted the need for
more dynamic and flexible approaches. By understanding the details of traditional frameworks and
mechanisms like PAKs, network administrators can better recognize the evolution of Cisco licensing
strategies and the reasons behind modern alternatives. As networks continue to grow and evolve,
the limitations of traditional licensing underscore the importance of adopting more adaptive
solutions to meet the demands of contemporary IT environments.

Answer

The correct answer is Indefinite rights to use the software. This answer is correct because
organizations appreciated the predictability offered by indefinite rights, allowing them to plan
expenses with minimal uncertainty. The Regular software updates included option is incorrect
because updates were not included in perpetual licensing. The Easy transferability of licenses option
is also incorrect, because licenses were tied to specific devices and not easily transferable. Finally, the
Automated license activation option is incorrect, since traditional perpetual licensing required
manual activation.

Cisco Smart Software Manager Overview

Effective software management is of utmost importance for organizations seeking to retain efficiency
and adapt to the ever-changing nature of the business world. In this context, adopting innovative
systems for overseeing software assets is no longer optional but a strategic necessity. By using
streamlined solutions, companies can enhance their control over resources, improve compliance,
and adapt to shifting technological landscapes.

Smart Licensing: Modernizing License Management

Cisco Smart Licensing represents a modern approach to managing software licenses, providing
organizations with a centralized, automated, and dynamic licensing system. Unlike traditional
licensing, which relied on PAKs and manual registration, Smart Licensing functions as a software asset
management system.

It addresses two fundamental questions:

What have I purchased?

What am I currently using?

By providing concise answers to these questions, Cisco Smart Licensing empowers organizations to
make informed decisions about their software investments, improving both operational efficiency
and cost management.

At the heart of Smart Licensing is the Cisco SSM, a comprehensive platform that allows
administrators to manage licenses efficiently. Cisco SSM provides a clear, consolidated view of all
licenses and devices, enabling businesses to manage their software investments effectively. To
enable Smart Licensing, organizations must first set up a Smart Account, which acts as a centralized
repository for managing all licenses within SSM

Cisco Smart Licensing represents a modern approach to managing software licenses, addressing two
fundamental questions:

What have I purchased?

What am I currently using?

Key Differences and Benefits of Smart Licensing

Cisco Smart Licensing addresses the limitations of traditional licensing by providing:

Enhanced visibility: Organization-wide view of all licenses through Cisco SSM.

Simplified registration: Automated license assignment and activation, eliminating PAKs.

Flexibility: License pooling enables redistribution across devices.

Overuse Capability: Ensures uninterrupted operations during demand peaks.

These benefits, supported by the Cisco SSM, make Smart Licensing a powerful tool for modern IT
environments.

Centralized Management with Cisco SSM

Cisco SSM serves as the centralized hub for managing Smart Licenses across all Cisco devices and
software platforms. It eliminates the need for traditional, device-specific license management by
consolidating all licenses into a unified interface. In this way, it ensures greater control, transparency,
and flexibility in license utilization.

Key Features of Cisco SSM

Some of the key features of Cisco SSM include:

Unified License Dashboard: Cisco SSM provides a real-time, organization-wide view of all active
licenses, including their status, usage, and expiration dates. Administrators can access this
information through the web-based portal at Cisco Software Central. The dashboard enables quick
identification of compliance issues and potential license shortages, ensuring proactive management.

Dynamic License Allocation: Cisco SSM supports license pooling, which allows organizations to
distribute licenses flexibly across devices and locations if needed. For example, if a device in one
branch office is decommissioned, its license can be returned to the pool and reassigned to another
device in a different location, minimizing waste and optimizing resource use.

Automated License Activation: Once a license is assigned to the Smart Account, registered devices
automatically retrieve and activate their required licenses through secure communication with Cisco
SSM. This approach eliminates manual input and reduces the likelihood of configuration errors.
Compliance Monitoring and Alerts: Cisco SSM Continuously monitors license usage and compares it
against the number of licenses purchased and available in the pool. If a device exceeds the available
license count, Cisco SSM flags this as overuse and sends alerts to administrators. This way, it ensures
that potential compliance violations are addressed promptly, avoiding disruptions.

Custom Reporting: The platform allows administrators to generate custom reports on license usage
trends, compliance status, and forecasted needs. These insights enable better budget planning and
help align software investments with operational demands.

Virtual Accounts: Organizing License Management

Another important concept or feature in Cisco SSM is the use of Virtual Accounts, which allow
organizations to segment their licenses for better organization and management. Virtual Accounts
are essentially subdivisions of a Smart Account, enabling the allocation of licenses based on specific
organizational units, such as departments, regions, or projects. This structure enhances control by
providing a clear and detailed overview of how licenses are distributed and utilized across the
organization. Cisco SSM provides a straightforward interface for creating and managing Virtual
Accounts, making it easy to adjust the structure as organizational needs evolve. Licenses and devices
can also be easily transferred between Virtual Accounts within Cisco SSM.

For instance, a multinational organization might create separate Virtual Accounts for each regional
office. Each office can manage its licenses independently, while administrators at the central level
maintain overall visibility. This setup not only improves accountability by linking licenses to their
corresponding teams or departments but also ensures that resource utilization aligns with
organizational priorities. Furthermore, Virtual Accounts offer the advantage of assigning specific
permissions to users, aligning access rights with organizational roles. For example, a regional IT
manager may have full control over their Virtual Account but limited or no access to other accounts.
This role-based access control (RBAC) strengthens security and reduces the risk of unauthorized
changes to critical licenses.
Token Generation: Simplified Workflow for Device Registration

Tokens and Virtual Accounts are closely integrated within the Cisco Smart Licensing framework,
enabling efficient and secure license management. Tokens establish a secure connection between
devices and the Smart Account, ensuring that licenses are dynamically allocated based on device
requirements. These unique strings of characters act as keys, granting devices access to the
centralized license pool within a Virtual Account in Cisco SSM.

When a token is generated in Cisco SSM, it is associated with a specific Virtual Account, which
contains a pool of licenses. The token enables devices to self-register with Cisco SSM and request the
necessary licenses based on their configuration and operational needs.

How Tokens Work

When a device is registered using a token, it securely connects to the Cisco SSM and gains access to
the centralized license pool within the associated Virtual Account. Based on its product type,
software version, and enabled features, the device is automatically assigned the necessary licenses.
This process ensures that each device receives the appropriate license dynamically, without requiring
manual intervention.

For example, an organization might register a new router using a token. Upon registration, the router
communicates its details to the Cisco SSM, which then assigns the basic license that is required for its
operation. If additional features, such as advanced security, are configured later, Cisco SSM will
allocate the corresponding feature license automatically.

End-to-End Smart License Management Workflow

Ordering Smart Licenses: The process begins with purchasing the required Smart Licenses. Once the
licenses are purchased, they are automatically associated with the customer’s Smart Account,
ensuring immediate availability in Cisco SSM.
Reviewing the License Pool: Administrators log in to Cisco SSM to access the Virtual Account and
view the license pool. This provides a comprehensive overview of all available licenses.

Token Generation: An administrator generates a token that is linked to a specific Virtual Account
within the Cisco SSM. This token acts as the bridge between the device and the Smart Account,
ensuring secure registration and license allocation. To generate a token, the administrator logs in to
Cisco SSM, navigates to the relevant Virtual Account, and selects the "New Token" option. The
generated token is unique and time-limited to enhance security.

Device Registration: Once the token is generated, it must be applied to the device. This is done
through the device's CLI with the following command:

license smart register idtoken <token>

This command establishes a secure connection between the device and Cisco SSM, enabling the
device to register and authenticate. During this process, the device automatically transmits key
details, such as product type, software version, and enabled features.

License Consumption and Assignment: Once registered, Cisco SSM uses the device’s configuration
details to dynamically allocate the required licenses from the pool. The assigned licenses are now
consumed, allowing the device to operate with the necessary features. If sufficient licenses are not
available, Cisco SSM flags the issue as overuse, enabling the device to continue operating temporarily
while notifying administrators to address the problem.

Verification and Monitoring: After registration and license allocation, administrators can use CLI
commands to verify the license status on the device. For example:

show license status

Cisco SSM continuously monitors license usage in real-time, ensuring compliance and providing
alerts for any irregularities.

Below is a simplified diagram illustrating the streamlined process of managing Smart Licenses, from
ordering and viewing licenses in Cisco SSM to securely registering devices and dynamically assigning
licenses for seamless operation.
Answer

The correct answer is By allowing license pooling. This is correct because license pooling enables the
redistribution of licenses across different devices, optimizing resource use and minimizing waste. The
By restricting licenses to specific devices option is incorrect because it is a characteristic of traditional
licensing, not Smart Licensing. The By requiring manual intervention for license allocation option is
incorrect because Smart Licensing automates this process. The By Limiting license visibility to
individual departments option does not describe the flexibility offered by Smart Licensing.

Cisco Smart Software Manager Licensing

Deployment Options
Cisco SSM provides several deployment models to meet the diverse needs of modern organizations.
These models address varying levels of security, connectivity, and operational control, ensuring that
businesses can maintain efficient and compliant license management regardless of their unique
infrastructure.

Whether operating in highly secure, air-gapped environments or dynamic cloud-connected systems,

Cisco SSM offers flexibility and scalability to adapt to the evolving demands of organizations. This
section explores the key deployment options available, highlighting their distinctive features and
benefits, and helping administrators select the best fit for their operational landscape.

Direct Cloud Access

The direct cloud access model allows devices to communicate directly over the internet with the
web-based Cisco SSM application, hosted on Cisco cloud servers, enabling real-time license
management.

This deployment option can be further subdivided into two approaches—direct HTTPS connectivity
to Cisco SSM and connectivity via an HTTP proxy server.

Direct HTTPS connectivity to Cisco SSM: For organizations that have unrestricted internet access,
devices can connect directly to Cisco SSM using HTTPS, communicating securely over the internet.
This method is the simplest and requires minimal configuration, ensuring seamless and secure data
exchange. It provides immediate access to license updates and facilitates automatic compliance
tracking.

Connectivity via HTTP proxy server: Alternatively, a customer may choose to use an HTTP proxy
server to establish HTTPS connectivity to Cisco SSM, depending on their security requirements and
network policies. This choice is often driven by the organization's need to oversee outbound traffic
closely and meet more strict regulatory requirements. In such cases, the connection must be
configured through the Call-Home functionality, a feature that enables devices to automatically send
operational data and license usage information to Cisco SSM. To enable proxy server communication,
the http-proxy command must be included within the Call-Home configuration, ensuring that data is
routed securely through the proxy. This setup facilitates secure and monitored communication while
maintaining compliance with organizational security policies.

This flexibility in connectivity options makes the direct cloud access model suitable for a wide range
of environments, from simple setups to those with more complex security and network
requirements.

This model simplifies configuration and ensures real-time license tracking and compliance. It is
particularly suited for organizations with reliable internet connectivity. However, direct internet
communication may not comply with the security requirements of highly regulated industries.

Cisco SSM On-Premises

For organizations with strict data control and security requirements, Cisco SSM On-Premises provides
a solution by replicating the functionality of the cloud-based Cisco SSM within the organization’s
internal network. This deployment option ensures that all licensing operations occur locally, reducing
the exposure of sensitive data to external networks. Cisco SSM On-Premises is particularly well suited
for environments where regulatory compliance, data privacy, and operational continuity are critical.

This deployment option can be further subdivided into two models: connected and disconnected
(air-gapped).

Connected On-Premises Model: This model uses a software-based replica of Cisco SSM, called the
"Cisco Smart Software Satellite," which is deployed as a virtual appliance within the customer’s
internal network. The Satellite replicates Cisco SSM functionality within the local network and
periodically transmits licensing data to the cloud through scheduled network synchronization. This
setup ensures that only the Cisco Smart Software Satellite communicates with the cloud, providing
an added layer of control over the information being transmitted. Administrators can customize what
data is included in the collector database, making this model particularly suitable for organizations
prioritizing enhanced security while maintaining operational efficiency.

Disconnected On-Premises Model: This model also uses the Cisco Smart Software Satellite but
operates entirely offline. Instead of direct network synchronization, the Cisco Smart Software
Satellite’s collected files are transferred to the cloud manually, typically on a monthly basis. This
approach ensures a complete air gap between the customer’s network and the Cisco Cloud, offering
maximum security. This method is ideal for environments that require strict isolation, such as
government or defense sectors, where no direct communication with external networks is permitted.
Although this approach demands more administrative effort, it guarantees the highest level of data
protection.

Cisco SSM On-Prem can be installed on physical servers, such as the Cisco Unified Computing System
(UCS) C220 M3 Rack Server, or deployed on virtual machines (VM) that meet specific requirements.
The deployment process for Cisco SSM On-Prem is straightforward: administrators download an ISO
file from Cisco.com, upload it to a VMware ESXi datastore, and install the VM using standard
procedures. VMware vSphere Web Client versions 5.5 through 6.5 are supported, providing flexibility
in deployment options. Depending on the deployment scale—small, medium, large, or maximum—
the system can manage between 4000 and 300,000 products. Below is a summary of the system
requirements for both physical and virtual deployments:
This scalability makes Cisco SSM On-Prem suitable for a wide range of organizational needs while
maintaining robust security and operational flexibility. This deployment approach allows
organizations to choose a model that aligns with their unique requirements, ensuring efficiency in
their license management processes.

Specific License Reservation

Specific License Reservation (SLR) is designed for highly secure environments with no internet
connectivity. In this model, licenses are manually reserved and applied to devices using encrypted
files, ensuring that no device communicates directly with Cisco SSM. SLR provides an additional layer
of security and can be used in government, defense, and other sectors where data sensitivity is
paramount.

SLR requires administrators to generate a request code from the device, which is then entered into
Cisco SSM along with the required licenses and their quantities. Cisco SSM generates an
authorization code, which is applied back to the device to map the license to its UDI. This process
ensures complete control over license distribution while maintaining isolation from external
networks.

For devices in a stack, generate individual request codes for each stack member. Cisco SSM will
provide separate authorization codes for each request, which must be applied to each member to
complete the reservation process.

For modular switches, request codes must be generated separately for the supervisor module and
the chassis module. Cisco SSM provides distinct authorization codes for each—for example, a
network license is required for the supervisor module, while a Cisco Digital Network Architecture
(DNA) license is needed for the chassis module.

Comparing Deployment Models (Ease of Use vs. Security)

The deployment models offered by Cisco SSM span a spectrum where ease of use inversely
correlates with security. Organizations must assess their operational priorities and regulatory
requirements to select the most appropriate model.
Direct Cloud Access sits at one end of the spectrum, offering the highest level of convenience. With
its automated processes and real-time synchronization, this model is ideal for organizations with
minimal regulatory constraints and a need for rapid, straightforward deployment. However, its lower
security level may not meet the requirements of highly sensitive industries.

On the other end, SLR provides maximum security by completely isolating devices from external
networks. SLR ensures that no data is transmitted outside the organization, making it the go-to
option for environments with stringent data protection policies. Despite its security advantages, SLR
demands significant manual effort for license reservation and management, which increases
administrative overhead.

Between these extremes lie the Cisco SSM On-Premises models. The Connected On-Premises Model
offers a strong balance, maintaining local control over license data while enabling periodic
automated synchronization with the cloud. This model is well-suited for industries like healthcare or
finance, where both security and operational efficiency are critical. The Disconnected On-Premises
Model, or air-gapped deployment, prioritizes security by eliminating direct cloud connectivity. It
provides an extra layer of data protection while requiring periodic manual synchronization, making it
a preferred choice for the defense and government sectors.

The diagram below illustrates the relationship between ease of use and security for each Cisco SSM
deployment model.
Answer

The correct answer is Connected On-Premises Model. This answer is correct because this model
offers a balance of local control and periodic cloud synchronization, suitable for sectors needing both
security and efficiency. The Direct Cloud Access option is incorrect as, while convenient, it may not
meet the stringent security needs of sensitive sectors. The Disconnected On-Premises Model is
incorrect because, although highly secure, it requires more manual effort, reducing operational
efficiency. The SLR option is incorrect as, despite its high security, SLR's manual processes can hinder
operational efficiency.

Cisco Catalyst Router Licensing Options

The Cisco Catalyst routers offer flexible licensing models that are designed to meet diverse network
requirements and deployment strategies. When selecting the right license, several key factors come
into play—most notably whether the router will operate in a standalone (autonomous) or controller-
based (software-defined WAN [SD-WAN]) mode, along with the specific features and performance
levels your organization requires.

The flexible licensing model is influenced by:

Deployment type - One of the most important considerations influencing licensing on a router.

If a router operates in a standalone mode, perpetual network stack capabilities will be the most
relevant criteria.

When the router is deployed in the SD-WAN mode, it will require a valid subscription and
appropriate bandwidth tier.
Similar is true for SD-Routing deployment where the router needs either a valid DNA subscription or
a Catalyst Routing Essentials subscription.

Needed feature set

At the perpetual level, Network Essentials provides foundational routing, security, and WAN
functionality, while Network Advantage unlocks more sophisticated capabilities, including advanced
multicast, Multiprotocol Label Switching (MPLS) VPNs, and advanced application experience. These
perpetual licenses remain valid for the lifetime of the router.

Subscription feature set: DNA Essentials vs DNA Advantage vs Catalyst Routing Essentials.

Subscription term

3, 5, or 7-year subscription.

Cisco requires a DNA subscription upon purchasing a new Catalyst 8000 router. At the end of the
chosen term, if a router is running in a standalone mode, you can renew the subscription to maintain
advanced software benefits or continue with only the perpetual license features.

Bandwidth requirements can also influence which license tier you select. Each Catalyst 8000 model
supports specific throughput levels, but what is relevant for licensing of physical routers is the IPSec
traffic bandwidth. For virtual routers like C8000V all traffic counts toward bandwidth tier.

Cisco DNA Software SD-WAN and Routing Matrices

Cisco DNA software for SD-WAN and Routing feature matrices outline each licensing tier and the
specific entitlements that come with each option in details.
The figures above illustrate which entitlements are included with each license tier and subscription.

For the most current version of the matrix, please visit: For the most current version of the matrix,
please visit: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html.

Bandwidth Tiers

Cisco Catalyst 8000 Series routers use a license-based performance model that specifies how much
of the underlying hardware’s throughput capacity is accessible under a given bandwidth tier.
Although throughput enforcement only applies to certain models, it is still essential to ensure that
every router operates within its purchased license entitlements. So, having a clear understanding of
how bandwidth tiers are defined remains crucial.

Which traffic is counted into the bandwidth entitlement depends on the deployment type:

SD-WAN

Any traffic in the Transport virtual routing and forwarding (VRF) (VPN 0) going to or coming from the
WAN.
Standalone deployment of physical routers

Only IP Security (IPSec) traffic counts into bandwidth entitlement.

Exception: C8500-20X6C

Standalone deployment of virtual routers

All traffic counts toward the bandwidth entitlement.

For SD-WAN deployments all traffic in the Transport VPN (VPN 0) counts toward bandwidth tiers. This
includes not only IPSec traffic, but also direct Internet traffic for example.

For standalone deployments of physical routers, only the IPSec traffic counts into the bandwidth
entitlement. For deployments without the use of IPSec, one can select the lowest bandwidth tier
available. One important exception is the Cisco Catalyst 8500-20X6C platform, which is a high
throughput router where all traffic counts into the bandwidth entitlement.

Note

Keep in mind that bandwidth tiers vary across different router models. Lower-end platforms do not
support the highest bandwidth tiers due to hardware limitations, while higher-end platforms
typically only offer greater throughput options.

For virtual routers, such as the Catalyst 8000V in standalone mode, all traffic is counted toward the
licensed bandwidth entitlement. This platform is one of the few where the purchased throughput
tier is strictly enforced: any traffic that exceeds the licensed limit is shaped by a policer.

As illustrated in the image above, each bandwidth tier is assigned a specific capacity. For instance, T0
is listed at 25 Mbps but supports an aggregated traffic entitlement of up to 50 Mbps.

For example, a standalone router carrying 350 Mbps of combined IPSec traffic and 4 Gbps of
unencrypted traffic would need a T1 bandwidth tier, which covers up to 400 Mbps of aggregate IPSec
traffic.
For throughput exceeding 250 Mbps and support for an unlimited number of IPSec tunnels, the
router also requires a High Security (HSEC) license. This license is subject to U.S. export control laws.

When ordering a new router for applicable platforms and bandwidth tiers that require an HSEC
license, selecting the corresponding Cisco DNA subscription automatically includes the needed HSEC
license at no extra cost.

Cisco Catalyst Switch Licensing Options

Cisco Catalyst 9000 Series switches employ a dual-licensing model. This model pairs a Perpetual Base
License (Network Essentials or Network Advantage) with a mandatory Cisco DNA subscription (DNA
Essentials or DNA Advantage) at the time of initial purchase.

The characteristics of the Cisco Catalyst 9000 Series licensing model are as follows:

Perpetual Base License (Network Essentials or Network Advantage).

The perpetual license ensures core functionality remains intact for the life of the switch.

Network Essentials: Fundamental enterprise features.

Network Advantage: Full Layer 3 routing, network segmentation, enhanced scalability.

Mandatory DNA subscription at initial purchase (DNA Essentials or DNA Advantage).

Grants advanced automation, analytics, security, and continuous feature updates.

Terms: 3, 5, or 7 years.

After this subscription term expires, you may choose to renew it or not. Letting it lapse means
retaining only the perpetual feature set while losing continuous software enhancements and
advanced capabilities.

Subscription tier must match the perpetual license tier.

Software Subscription Matrix for Switching

Cisco Software Subscription Matrix for Switching outlines each licensing tier and the specific
entitlements that come with each option in details.

The following figures illustrate which entitlements are included with each license tier and
subscription. Note that all DNA and DNX tiers include automation via Cisco Catalyst Center, while
DNX tiers also offer base product-level software and hardware support.
For the most current version of the matrix, please visit:
https://www.cisco.com/c/m/en_us/products/software/dna-subscription-switching/en-sw-sub-
matrix-switching.html.

Note

Cisco recently introduced an additional subscription option called Cisco Catalyst Essentials or Cisco
Catalyst Advantage, which combines license entitlements with product-level software and hardware
support into a single package.
Answer

The correct answer is The switch retains only the perpetual feature set. This answer is correct
because if the Cisco DNA subscription is not renewed, the switch will still function with its core
capabilities as defined by the perpetual license but will no longer receive new feature enhancements
or updates. The The switch loses all functionality option is incorrect because the switch does not lose
functionality; it retains its perpetual features. The The switch continues to receive advanced features
and updates option is incorrect because the switch stops receiving new updates. The The switch
becomes ineligible for any support option is incorrect because support eligibility is not directly tied
to the DNA subscription renewal.

Cisco Nexus Switch Licensing Options

Cisco Nexus 9000 switches come with flexible licensing options to cater to all types of needs in
different data center environments. The licensing framework is designed to provide various features
depending on the licensing tier the customer decides on.

The tier-based licensing model applies to both Cisco Application Centric Infrastructure (ACI) and NX-
OS standalone architectures where these switches are deployed. Tier-based licenses are offered in
both subscription and perpetual consumption models, depending on the selected tier. There are
three main tiers, each intended for different levels of feature availability:

Essentials: Includes fundamental features such as basic routing, fabric management features, and
telemetry capabilities. It is available only as a subscription license, offering an affordable option for
basic functions.
Advantage: Builds on the Essentials package. This tier provides enhanced capabilities such as Tenant
Routed Multicast and advanced data canter interconnect features like MPLS Layer 3 VPN, and Virtual
Extensible LAN (VXLAN) Ethernet VPN (EVPN) Multi-Site. Cisco Data Center Networking (DCN)
Advantage is available as both perpetual and subscription license, providing flexibility for
organizations with varying preferences.

Premier: Unlocks the most advanced features, including comprehensive visibility and analytics. This
tier encompasses all the features of the Essentials and Advantage packages, making it suitable for
highly demanding environments.

The tier-based licensing model is used for both Cisco ACI and NX-OS standalone architectures.

The table below outlines the options for both Cisco Nexus 9000 and 3000
Series switches, as they share a similar licensing model for both ACI and
NX-OS deployment styles.

Note
For the full breakdown of features that are included in each tier, refer to
the https://www.cisco.com/c/en/us/products/software/data-center-
networking-subscription/index.html page.
Perpetual Licenses and Subscription Licenses

Perpetual licenses are a traditional model where customers make a one-time purchase to gain
indefinite rights to use the licensed features. This model is ideal for organizations seeking long-term
stability in their infrastructure investments without recurring costs. However, perpetual licenses are
non-transferable, meaning they are tied to the original device and cannot be moved to another. The
Advantage tier is available as a perpetual license.

Subscription licenses are term-based, offering access to features for a specified period, typically
three, five, or seven years. This model provides greater flexibility, allowing organizations to adapt as
their requirements evolve. Subscription licenses enable customers to upgrade tiers or extend their
licensing terms, such as moving from an Essentials to an Advantage package or increasing the license
duration. Also, subscription licenses are often coupled with proactive renewal notifications, ensuring
seamless operations. If you install a subscription-based license, you will be notified 90 days before
your licensing contract expires.

Note

Use the Cisco Nexus 9000 and 3000 Series NX-OS Switch License Navigator to determine the license
you need to order based on your network requirements:
https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/license/index.html.

For added customization, add-on licenses are available to extend functionality in specific areas. For
example, customers who already have a Cisco DCN Essentials or Advantage subscription but wish to
activate the Day-2 Operations Suite, which includes Network Assurance and Insights, can get add-on
licenses.

Note that some add-on licenses apply only to platforms that support specific features, while others
are mandatory for certain platforms.

Below you can find add-on licenses and features for Cisco Nexus 9000 and 3000 Series switches.
Cisco Nexus 9000 Series switches also support honor mode licensing, which allows you to enable or
continue using a feature even without a valid license for that feature. This is particularly useful when
downgrading from a supported release with advanced licenses to an earlier release where those
licenses are not supported. The honor mode ensures that essential features continue functioning,
even though the associated licenses are no longer valid. However, users will not be able to add new
features or receive updates that are tied to the unsupported licenses.

Answer
The correct answer is Secure VXLAN EVPN Multi-Site using CloudSec.
This answer is correct because this feature is enabled by the security add-
on license. The FCoE option is incorrect because it is enabled by the
storage add-on license. The NIR support option is incorrect because it is
part of the Day 2 Ops add-on license. Finally, the SyncE support option is
incorrect because it is enabled by the SyncE add-on license.
Cisco IOS XR Platforms Licensing
Options
Cisco IOS XR Software contains all the supported features for a given release. However, there are
some differences in how the feature entitlements within the software can be activated and used.

The licensing methods and modes available for Cisco IOS XR Software are:

Smart Licensing

Classic (Traditional) Licensing

Evaluation Period: a period of 90 days during which the unlicensed features operate without
limitations

The first licensing model that was available for Cisco IOS XR Software was the classic one. You could
freely activate all available software packages on your network devices and enable all the bundled
features. In other words, there was one license for each device with all features enabled. Later on, in
the evolution of Cisco IOS XR Software, the Smart Licensing model was introduced. This model
allowed you to pay for and use only the features that you currently need, but also to upgrade the
license when necessary while keeping your investment safe. Smart Licensing enables you to purchase
individual software features and upgrade hardware capacity in a safe and reliable way.

Note that the 64-bit version of Cisco IOS XR, which powers the latest Cisco network devices, does not
support Classic Licensing. Therefore, understanding the details of Smart Licensing is very important
when dealing with such platforms.

When considering Smart Licensing options for Cisco IOS XR platforms, there are two types of
licenses, the Right to Use (RTU) perpetual licenses and the Software Innovation Access (SIA)
subscription-based license. While RTU licenses provide perpetual rights to use specific IOS XR
features with bandwidth limitations, SIA licenses offer per device time limited software upgrades and
more advanced license pooling and portability mechanisms.

Both RTU and SIA Smart Licenses for Cisco IOS XR Software are offered in three distinct tiers:
IOS XR Software Essentials

IOS XR Software Advantage

IOS XR Software Premier

Some product families may support a-la-carte licenses for specialized platform-specific features. You
can purchase such licenses to activate very specific features without having to buy a complete higher
tier license suite.

The software tiers are structured in a nested manner, meaning that the higher tier also includes all
the features of the lower tiers. The Essentials Software licenses include the IOS XR comprehensive
suite of routing and management services. Advantage Software licenses are an extension of the
Essentials Software licenses and include all features of Essentials Software licenses with additional
advanced routing and management services. Premium Software licenses include all the Essentials
and Advantage features plus scaling and high-performance features. The specific list of features may
differ slightly from platform to platform. An example of features corresponding to the three tiers of
RTU licenses for Cisco 8000 Series is laid out in the following figure.

Smart Licensing is enabled by default on the 64-bit versions of Cisco IOS XR and can't be disabled. If
you want to test out specific features on a device, there is support for an evaluation period, which
allows you to use all Cisco IOS XR features for 90 days. During the evaluation period, all licensed
features are fully available without any restrictions. When the evaluation period expires, a grace
period may allow features to continue functioning temporarily, depending on the licensing model
and device. The evaluation period cannot be extended without explicit Cisco permission. The
evaluation period starts automatically on the first use of unlicensed features or can be initiated
manually through the command line.
Cisco IOS XR License Product IDs

The RTU licenses on Cisco IOS XR platforms are tiered perpetual licenses that allow you to use
specific features related to a given tier. But at the same time, they are also capacity licenses. For
example, the lowest tier license, Cisco IOS XR Essentials, is required for all “active” ports (in the “no
shutdown” state) and supports the IOS XR transport feature set. This is also a per capacity license,
where, depending on the hardware platform, the capacity is purchased in 100G or 10G increments.
For example, for Cisco Network Convergence System (NCS) 5x00, Cisco Aggregation Services Router
(ASR) 9000, and Cisco 8000 Series, the increment can range from 100G to 400G. For smaller
platforms, such as Cisco NCS 540, the increment is 10G.

If you configure features from higher license tiers on a device (for instance L3VPN or IPSec), you will
also need to purchase the appropriate license tier of that feature.

Licenses are additive with respect to the desired capacity. For example, in a scenario where your
device requires 200G of traffic, you would acquire two 100G licenses.

These examples present some of the RTU and SIA license product IDs for the Cisco 8000 Series with
their descriptions:

ESS-8KE-100G-RTU: Essentials RTU 100G for Cisco 8000 Series

ADN-8KE-100G-RTU: Advantage RTU 100G for Cisco 8000 Series

PRM-8KE-100G-RTU: Premier RTU 100G for Cisco 8000 Series

ESS-CA-100G-SIA-3: Essential 3-year term 100G SIA License

ADN-CA-100G-SIA-3: Advantage 3-year term 100G SIA License

It is also important to note that license consumption for each interface varies depending on the
release. Starting with Cisco IOS XR Software version 7.3.2 and later, the 400G incremental licenses
were discontinued. Four 100G licenses now replace a single 400G license for each 400G interface on
the device. Existing 400G licenses can be converted into four 100G licenses on request.

Deploying Smart Licenses on Cisco IOS XR

Smart Licensing solution makes it easier for you to procure, deploy, and manage your licenses. Cisco
SSM is your primary licensing server and portal where you can create your Smart Accounts and
manage licenses. Optionally, you can deploy an instance of Smart Software Manager On-Prem as
your locally installed on-premises user portal that works with Cisco SSM located in the Cisco cloud.

After you have ordered your licenses from Cisco Commerce Workspace, you will have to access Cisco
SSM and create the Smart Account and Virtual Accounts to organize your licenses. At this point, you
are ready to activate licenses on your Cisco IOS XR device.

To configure Call Home with direct cloud access and optionally through HTTPs Proxy, enter the
following:

To configure Call Home with a local SSM server, enter the following:

The second option, the air-gapped deployment, uses SLR where a reservation of a specific license is
made in Cisco SSM under your Smart Account. With a license reservation solution, the licensed
device is fully offline without any ongoing communication or additional infrastructure required.

An SLR license is deployed on a device using the following procedure:

Generate a request code with the license smart reservation request local command and enter the
code in CSSM.
In Cisco SSM, under Licenses > License Reservation select the licenses and generate an authorization
code.

Install the authorization code on the device with the license smart reservation install command.

Answer
The correct answer is RTU License. This answer is correct because RTU
licenses provide perpetual rights with certain bandwidth constraints,
allowing continuous use of specific features. The SIA License option is
incorrect because SIA licenses are subscription-based and offer time-
limited software upgrades. The A-la-carte License option is incorrect
because A-la-carte licenses are for specific features, not necessarily
perpetual or bandwidth-limited. The Evaluation License option is incorrect
because it provides temporary access to all features without limitations for
a limited period.

Cisco IOS XR Flexible Consumption

Model Overview
The Flexible Consumption Model (FCM) is a new IOS XR-based Pay-as-you-grow (PAYG) approach to
buying licenses that gives customers the flexibility to manage the capacity in their network. This
approach depends on the Cisco Smart Licensing solution, which simplifies the way licenses are
managed networkwide. FCM allows customers to initially start with a smaller, minimum fill rate, and
then easily add capacity to the network over time as the network grows. Capacity is added to a
“networkwide” pool and extra capacity licenses can be used by any FCM node in the network that
requires additional capacity to meet demand.
Customers are free to choose the level of service with a 3-tier software model. Cisco introduces a
new license management experience that facilitates the transfer of licenses throughout the
organization using cloud-based license pools. This flexibility to add capacity when and where needed
greatly assists customers in their network capacity planning.

Customers use the FCM to get several benefits including lower upfront costs to customers and
network-side license pooling. Software innovation and investment protection through software
portability are included as part of this new model.

What makes the FCM model better than the classical licensing models is that it includes IOS XR
Software innovation to keep your network on the cutting edge with ongoing feature development. In
this way, it helps provide differentiated new revenue generating services. Cisco FCM goes beyond the
basic “per box” level of PAYG that competitors typically offer, and allows for a true “Networkwide”
PAYG model that supports software portability for investment protection. Having a “networkwide”
view of the network licenses provides more visibility into the network and gives customers the
power to quickly move licenses to areas of demand.

As shown in the figure, Cisco IOS XR FCM has the following characteristics:

Hardware infrastructure is separated from software licensing.

A perpetual software component, also known as RTU licenses, is used to control which IOS XR
features you are entitled to use. Features are bundled in three tiers, but also a-la-carte features can
be obtained.

A recurring software component, also known as SIA subscription licenses, is used for software
upgrade support, license pooling, and portability.
RTU licenses provide customers with the ability to access and utilize specific software functionalities
without the requirement to purchase the complete set of available Cisco IOS XR Software features.
These RTUs are categorized into three tiers: Essentials, Advantage, and Premier.

A set of valid SIA licenses and a compliant network entitles the customer to access software feature
upgrades and other benefits.

A customer network under IOS XR FCM is considered compliant if the FCM-enabled devices in the
customer’s network are registered to Smart Licensing and are configured to report the usage
information to Cisco SSM.

Software Innovation Access Overview

SIA licenses are term based and provide customers with access to specific software benefits. SIA
licenses enable customers to optimize their software usage, easily manage licenses across their
network infrastructure, and ensure seamless upgrades to the latest versions of Cisco IOS XR
Software. SIA term contracts are designed for each system, offering coverage for one system. A
system may be a fixed box device or a line card.

SIA licenses are term-based subscription type licenses the offer the following benefits:

Pooling of software licenses:

Licenses are pooled at a product category (Access, Core & Aggregation, and Edge) and tier level in
the network.
Networkwide.

Capacity licenses can be used by any FCM node in the network.

Software upgrades: Provide access to new features and enhancements to existing features.

Investment protection: Enables portability of perpetual RTU software licenses to next generation
hardware.

SIA entitlement management manages software upgrades for FCM. Software upgrades are possible
when the device is in an in-compliance state. A device or a network can enter the out-of-compliance
(OOC) state in certain circumstances such as the following:

The number of consumed SIA licenses exceeds the number of purchased SIA licenses.

The number of consumed RTU licenses is higher than the number of purchased SIA licenses. An
active SIA subscription must exist for every configured RTU license in the customer network.

The term of an SIA license has expired and requires renewing of the subscription.

The SIA license grace period of 90 days has expired.

The license is not authorized, or authorization has expired due to device's inability to connect to
Cisco SSM for an extended period.

The device is not registered or is not reporting usage regularly, at least once in 90 days.

Other SIA benefits including license pooling and portability of RTU licenses will also be restricted if
the customer network is in the OOC state, or when devices have not reported with license usage
information to Cisco SSM within 90 days.

Networkwide License Pooling

License Pooling enables an efficient way to share RTU licenses across the network, in a flexible and
automated manner, using a common license pool through the Virtual Account. Using License Pooling
you can activate or deactivate different types of licenses on any device in your network without
installing a license file directly on the device.

Pooling allows any FCM nodes in the network to claim available licenses, making it easy to add
capacity to the network. Also, the licenses can be seamlessly diverted to areas of growth in the
network. FCM product categories are made up of Access, Core & Aggregation, and Services Edge
product families. It is within these categories (for instance Core) that licenses can be shared across all
network nodes belonging to the same category.

In the example license sharing scenario in the following image, the customer has two sites, site A and
B. The customer-deployed License Pooling and currently holds 10 Cisco IOS XR Essentials (depicted as
green licenses) and 10 Cisco IOS XR Advantage licenses (blue licenses) in their Smart Account. After
all nodes from both sites report license usage data, all licenses are added up to see if enough licenses
exist for the current customer network setup.

Since all routers report the aggregate usage of 25 Essentials and 25 Advantage licenses, and the
customer is in possession of only 10 of each, the network is in the OOC state. In such a state, the
network can continue to operate in the last-known configuration. The intention of Cisco is never to
disrupt traffic. The customer should purchase additional licenses to bring the network back to
compliancy, to be able to once again take advantage of the FCM and SIA functionality.

Next, the customer orders and adds 20 Essentials and 20 Advantage licenses to their account, which
brings the network back to the compliant state. There is now a surplus of 5 licenses of each type to
support the future growth by adding additional routers and assigning them to the customer's
company account.

Software Upgrades with SIA

Cisco Software Support offers technical support coverage and maintenance releases for the
Essentials, Advantage, and Premium software suites. By acquiring SIA license subscriptions, your
devices gain the benefits of continual software support for upgrades when necessary. Only a valid
and compliant SIA for the entire FCM network entitles the customer to access software feature
upgrades.

As outlined in the examples in the following figure, there are differences between software upgrades
and software updates or maintenance releases. Those differences also have practical ramifications
from the perspective of software entitlements. Software upgrades include major and minor versions
of software releases, while maintenance releases include mostly broken functionality and bug fixes.
Maintenance releases do not introduce new software features.

License Usage Reporting

License usage reporting by the devices is crucial in the operation of FCM. A customer network under
IOS XR FCM is considered compliant if the FCM-enabled devices in the customer’s network are
registered to Smart Licensing and are reporting the usage to Cisco SSM.

License usage reporting is done in two steps on all devices for all ports:

Check each individual port for the active/disabled state. If the port is active, add one Essentials
license to the count.

Check for Advantage software features configured on this port. If found, count one Advantage license
to the count.
After the checks are done for all ports, the device reports the license counts to Cisco SSM.

Per Node Capacity Calculation

To derive how many RTU licenses you have to obtain for a specific device (node), capacity wise, a
calculation must be done taking into account the active ports on the device. Active ports are all ports
of a device that are not in the administrative shutdown state. The capacity calculation is then done
on a per-node basis, where a node is a platform, a system or a chassis, for example one Cisco NCS
5500 is considered a node. Setting a standard metric unit for each platform (node) greatly reduces
the number of licenses throughout the network.

Calculating a per-node capacity is performed by following these rules:

Total capacity is derived by adding up the interface speeds of all active ports.

Total capacity is rounded to the nearest value.

Rounded to the nearest 10G for Cisco NCS 540 router.

Rounded to the nearest 100G for Cisco NCS 5x00, Cisco NCS 560, and Cisco 8000 Series.

Rounded to the nearest 100G using a specific rounding factor of 0.2 (instead of the standard 0.5) for
Cisco ASR 9000 Series. For example, 120G would round up to 200G and 119G would round down to
100G.
Rounded aggregate capacity value is finally used to derive the number of required RTU licenses for a
node.

In the example capacity calculation in the previous image, there are three 10G ports, two 100G ports,
and two 40G ports being used which adds up to 310G. In this case, the total number rounds down to
300G, which translates to three 100G Essentials RTU licenses required for that Cisco NCS 5500 node.
Keep in mind that the lowest license is 100G, so any total aggregate capacity below 100G will result
in one 100G RTU license.

Answer

The correct answer is They are term-based licenses that allow for software upgrades and license
portability. This answer is correct because SIA licenses provide access to software upgrades and
enable the portability of perpetual RTU licenses. The They are perpetual licenses that grant indefinite
access to all software features option is incorrect because SIA licenses are not perpetual. The They
restrict the network to a single service tier option is incorrect because SIA licenses do not limit the
network to a single service tier. Finally, the They require separate license files for each network
device option is incorrect because SIA licenses use a centralized license management approach.

License Cisco IOS XRv Router with Cisco

Smart Licensing Manager
Alex is a senior network engineer with 13 years of experience with data
center and enterprise networks. For the past 8 years, Alex has been
working in a mid-size manufacturing company in Minnesota, where his
main responsibility was ensuring the smooth operation of the company's
network. His responsibilities included the installation of new switches and
routers, performing hardware and software upgrades, and also making sure
that all 85 devices he was in charge of were properly licensed at all times.
When it comes to licensing, he spent most of his time tracking individual
license files, dealing with expirations, and ensuring compliance across
devices.

When Alex finally decided to change jobs, he joined a new company that
had been established just a few years ago. The company was full of young,
energetic engineers and primarily relied on Cisco solutions. Since PAK
licenses were the only way of Cisco licensing that he was familiar with, he
was amazed after a younger employee introduced him to Cisco Smart
Licensing. The new tool that the company was using, Cisco SSM, allowed
him to view all of the purchased licenses and their expiration dates in a
simple view and he could easily observe the number of consumed licenses
and all devices that were licensed.

The simulation that you are about to start will guide you through the Cisco
SSM interface. In this lab, you will:
 Explore the concept of Virtual Accounts.
 Learn how to view the status of purchased licenses and licensed
devices.
 Register a Cisco device with Cisco SSM.
 Verify the license status on a device.

Verify License Status in Cisco SSM

Step 1
Show Me
One of the ways to access Cisco SSM and view your licenses is opening
Cisco Software Central and from there navigate to Cisco SSM.
Click the bottom part of the vertical scroll bar on the right side of the
window or press the down arrow key to view all information displayed on
the page.
Step 2
Show Me
You can see that many different Cisco tools are listed on the Cisco
Software Central page.

Since your goal is to view all licenses, locate the Smart Software Manager
tool on the page and access it by clicking the Manage Licenses > link.
Step 3
Show Me
Since you were not previously logged in to Cisco account you first have to
enter [email protected] in the username field. Press Enter or
click Next to proceed with the login.
Step 4
Show Me
Enter 1234QWer! in the password field. Press Enter or click Verify to
proceed.
Step 5
Show Me
Observe alerts visible in your Smart Software Licensing account. You can
see that there are many alerts visible on the main page of the Cisco SSM.
These alerts let you know about insufficient or expiring licenses for the
entire Smart Account.

Click Inventory to proceed.

Step 6
Show Me
By selecting the inventory tab you will be redirected to one of the Virtual
Accounts that were created within the Smart Account of the organization.
Virtual Accounts allows you to easily manage and segment licenses
deposited to the Smart Account.

Since this is not the Virtual Account where licenses are deposited,
click CiscoLive 2020 to view all Virtual Accounts that are configured.
Step 7
Show Me
The drop-down menu that appeared allows you to select and search for a
specific Virtual Account.

From the drop-down menu, select the CNIOS Virtual Account.

Step 8
Show Me
Notice that the CNIOS Virtual Account has no tokens generated. Note that
a token needs to be created and configured on a device for the device to
be connected with Smart Licensing.

Click Licenses.
Step 9
Show Me
Click the bottom part of the vertical scroll bar on the right side of the
window or press the down arrow key to view all the licenses.
Step 10
Show Me
Observe the licenses that are deposited to the CNIOS Virtual Account.
Note that licenses are automatically deposited to the account once
purchased.

On the Licenses tab you can locate five different licenses. These licenses
are used for different Cisco devices—Cisco Catalyst 9300 and 9500 Series
switches and the IOS XRV router. The view also displays the total number
of licenses, the number of consumed licenses, and even alerts for
individual licenses.

Locate the IOS XRv 9000 license entry on the table and click the + button
next to it to view more information about the license.
Step 11
Show Me
Clicking this button will list the license stock keeping unit (SKU), used to
purchase the license, as well as start and expiration dates. In this example,
the license will expire in 30 days.

Once finished, click the Product Instances tab located above the table.
Step 12
Show Me
The Product Instances tab allows you to view all Cisco devices that are
linked to this particular Virtual Account. Since there are currently no
devices linked to this account, the list is empty.

Proceed by clicking the Event Log tab.

Step 13
Show Me
The Event Log tab lists all messages related to the CNIOS Virtual Account.
You can observe when individual licenses were added to the account and
view user actions that were performed. In this case, you can see that a
user created and deleted a token.

Generate a Token in Cisco SSM

Step 14
Show Me
Your next task will be to generate a token that will be used to link a new
device with the CNIOS Virtual Account.

Click the General tab to return to token view.

Step 15
Show Me
Click the New Token... button.
Step 16
Show Me
Read the notification message and click Proceed to continue with the
token creation.
Step 17
Show Me
For each token, you can configure additional settings such as the maximum
number of users and expiration date. Optionally, you can also add a
description that makes token management easier in case multiple tokens
are used.

Since you will use a token for licensing of the Cisco IOS XRV router,
enter IOS XRV 9000 Router Token in the description field and click Create
Token.
Step 18
Show Me
Once the token is created it will be listed in the Virtual Account.

To view token related actions, click the Actions link located in the lower
right corner.
Step 19
Show Me
As you can see, the token can be copied, downloaded, or revoked in case
it is not needed anymore. To proceed, select Copy from the drop-down
menu.

Now, the newly-created token is copied to your clipboard and can be used
to register a device with the Cisco Smart Licensing portal.

Register a Router with Cisco SSM

Step 20
Show Me
Press Enter to access the Putty tool. You will notice that there is an SSH
session already established to a device with an IP address 10.247.1.19.
Step 21
Show Me
To determine the type of device that you are connected to, enter the show
inventory command and press Enter.

From the command output you can determine that the device with the IP
address 10.247.1.19 is indeed a Cisco IOS XRv 9000 router.
Step 22
Show Me
Enter the show license summary command to view license related
information.

You can see that Smart Licensing is enabled on the router and the router is
currently unregistered. This simply means that the router is not yet linked to
any Cisco Smart Account.

The licensing information also indicates that the IOS-XRv-9000-vRouter-

VM license used on the device is currently in evaluation mode. The output
also shows the remaining time for the evaluation period.
Step 23
Show Me
It is recommended to always check network reachability of Cisco tools
before attempting to register a device.

Proceed by entering the ping vrf MGMT tools.cisco.com command.

From the output, you can see that the device correctly resolved the DNS
entry and managed to ping the server over the network.
Step 24
Show Me
To register the router with Cisco Smart Licensing enter the license smart
register idtoken command.

Note that the same or similar command can also be used on other Cisco
routers and switches.
Step 25
Show Me
Since the command is missing the token you generated earlier,
press Enter to paste the token that you have previously copied to the
terminal. Once the token is pasted in the terminal, press Enter to execute
the command.

From the output you can observe that the command was executed
successfully.
Step 26
Show Me
Proceed by entering the show license all command and verify that the
device is successfully licensed. Note that you will have to press Enter one
more time to reach the end of the command output.

You can see that the device is now registered and licensed. The command
also displays information about Smart and Virtual Accounts, time and date
of last and next renewal attempts, and information about the license that
was consumed. In your case, the router automatically consumed the IOS-
XRv-9000-vRouter-VM license.
Step 27
Show Me
Press Enter to return back to the Cisco SSM portal.
Verify Licensing on the Router
Step 28
Show Me
Select the Event Log tab.
Step 29
Show Me
In the event log, you can observe that a new product instance has been
added to a Virtual Account after the successful registration.

Click the Product Instances tab to view the products linked to the CNIOS
Virtual Account.
Step 30
Show Me
As expected, the device is visible on the list. The view also displays the
device hostname, type, and last contact date and time.

Click the Actions link to view all actions available for the device.
Step 31
Show Me
In case needed, the device can also be removed from the Virtual Account.

Click Licenses.
Step 32
Show Me
Click the bottom part of the vertical scroll bar on the right side of the
window or press the down arrow key to view all licenses.

You can notice that after the IOS XRv router consumed one of the licenses,
this was detected by the Cisco SSM, and the license balance was
automatically updated.
Answer

The correct answer is It links a device to a specific Virtual Account for licensing. This answer is correct
because the token that is generated in Cisco SSM is specifically used to link a device to a particular
Virtual Account, facilitating the licensing process. The It provides secure access to the Cisco SSM
interface option is incorrect because the token is not used for accessing the Cisco SSM interface. The
It is used to verify network connectivity option is incorrect because the token is not related to
verifying network connectivity. The It enables backup of license data option is incorrect because
tokens are not used for backing up license data.

Summary

In this course, you explored traditional and modern licensing options for Cisco network operating
systems. Now that you understand the challenges of traditional licensing, the benefits of Cisco Smart
Licensing, and the licensing tiers for various platforms, you can apply this knowledge to manage,
apply, and verify licenses on Cisco IOS XE, NX-OS, and IOS XR devices.

Consider each of the following reflection questions now that you have completed the course:

What are the differences between traditional licensing and Cisco Smart Licensing?

How does Cisco SSM simplify license management?

What deployment options are available for Cisco SSM?

What licensing options are available for Cisco Catalyst routers, Catalyst switches, and Nexus
switches?

What licensing models are supported for Cisco IOS XR platforms, including flexible consumption
models?

How can you license a Cisco Catalyst switch using the Cisco Smart Licensing Manager?

By answering these questions, you will be equipped to use Cisco licensing tools to build a scalable
and efficient network infrastructure.