Collecting network information:
- Device type
- CPU type
- Memory size and utilization
- Flash size
- OS Software version
- Routing tables // If it is a router or L3 switch
- Interface types
- Average link utilizations
- Unused interfaces, modules, slots
You can use NBAR to do traffic analysis and arrange the gathered information neatly, for example:
- Description: Accounting software
- Protocol: TCP port 5021
- Servers: 2
- Clients: 90
- Scope: Campus
- Importance: High
- Avg. rate: 60 Kbit/s with 5-sec bursts to 300 Kbit/s
From a CCDA book:
The network audit should provide the following information:
¦ Network device list
¦ Hardware models
¦ Software versions
¦ Configuration of network devices
¦ Auditing tools output information
¦ Interface speeds
¦ Link, CPU, and memory utilization
¦ WAN technology types and carrier information
When performing manual auditing on network devices, you can use the following commands
to obtain information:
¦ show tech-support
¦ show processes cpu (provides the average CPU utilization information)
¦ show version
¦ show processes memory
¦ show log
¦ show interface
¦ show policy-map interface
¦ show running-config (provides the full router or switch configuration)
The following network checklist can be used to determine a network’s health status:
¦ New segments should use switched and not use dated hub/shared technology.
¦ No WAN links are saturated (no more than 70 percent sustained network utilization).
¦ The response time is generally less than 100ms (one-tenth of a second); more commonly, less than 2ms in a LAN.
¦ No segments have more than 20 percent broadcasts or multicast traffic. Broadcasts are sent to all hosts in a network and should be limited. Multicast traffic is sent to a group of hosts but should also be controlled and limited to only those hosts registered to receive it.
¦ No segments have more than one cyclic redundancy check (CRC) error per million bytes of data.
¦ On the Ethernet segments, less than 0.1 percent of the packets result in collisions.
¦ A CPU utilization at or more than 75 percent for a 5-minute interval likely suggests network problems. Normal CPU utilization should be much lower during normal periods.
¦ The number of output queue drops has not exceeded 100 in an hour on any Cisco router.
¦ The number of input queue drops has not exceeded 50 in an hour on any Cisco router.
¦ The number of buffer misses has not exceeded 25 in an hour on any Cisco router.
¦ The number of ignored packets has not exceeded 10 in an hour on any interface on a Cisco router.
¦ QoS should be enabled on network devices to allow for prioritization of time-sensitive or bandwidth-sensitive applications.