Scribd
Upload
160 views

CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI

The document describes configuring syslog and SNMP on a Cisco IOS router. It provides tasks to configure syslog logging to send debug messages to the local buffer and informational messages to a syslog server. It also tasks to configure SNMP to send configuration traps to a server and allow the server read-write access using a community string.

Uploaded by

velramsen
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
160 views

CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI

The document describes configuring syslog and SNMP on a Cisco IOS router. It provides tasks to configure syslog logging to send debug messages to the local buffer and informational messages to a syslog server. It also tasks to configure SNMP to send configuration traps to a server and allow the server read-write access using a community string.

Uploaded by

velramsen
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

http://www.howtonetwork.

net

CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI
Lab 14

Cisco IOS Syslog and SNMP Configuration

Lab Objective:

The objective of this lab exercise is for you to learn and understand how

configure Syslog and SNMP reporting on Cisco IOS routers.

Lab Purpose:

Syslog and SNMP are tools that can be used to provide security-related

information, such as access breaches, configuration changes and high processor

utilization, for example. As a CCNA Security administrator, you are expected to

demonstrate a solid understanding of the basic Syslog and SNMP configuration in

Cisco IOS routers.

Lab Difficulty:

This lab has a difficulty rating of 7/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in

no more than 15 minutes.

Lab Topology:

Please use any single switch to complete this lab:

Lab 14 Configuration Tasks

Task 1:

Configure the hostname on R1 and IP addressing as illustrated in the diagram. In

addition, configure Host 1 with the IP address specified and a default gateway

of 172.16.1.1.

NOTE:

If you do not have a Host in your lab, you can simply substitute Host 1 for another router with an Ethernet
interface and a default static route pointing to 172.16.1.1.

Task 2:
Configure the following Loopback interfaces on R1:

Interface Address Mask


Loopback 10 10.1.1.1 /24
Loopback 20 20.1.1.1 /28
Loopback 30 30.1.1.1 /20

Task 3:

Configure an extended ACL on R1 that provides the most detailed logging on all traffic to the Loopback10,
Loopback20 and Loopback30 subnets. This ACL should deny all IP traffic to these subnets. Apply this ACL inbound on
the FastEthernet0/0 interface of R1.

Task 4:

Configure the local time on R1 as 20:00 GMT/UTC using today's date for the clock date.

Task 5:

Configure Syslog on R1 as follows:

Log all debugging messages to the local router buffer


Configure a buffer size of 10,000
Log all informational messages to SYSLOG server 172.16.1.254

In addition to this, configure the logs to show the date and time, as w ell as the time zone. And, finally, configure R1
so that all logs include sequence numbers for easier identification.

Task 6:

Configure SNMP on R1 as follows:

Configure R1 to send all configuration traps to server 172.16.1.254


Configure R1 so that server 172.16.1.254 has read and write access to the router
Server 172.16.1.254 will use the SNMP Community string secret to manage R1

Task 7:

Clear your logs and verify your configuration by pinging from Host 1 to any of the Loopback interfaces on R1. There
should be entries that provided detailed information in the local router buffer. You can also Telnet from Host 1 to any
of the Loopback interfaces on R1.

Verify your SNMP configuration by entering/exiting configuration mode on R1. If you have configured this correctly,
you will see SNMP traps being sent by R1.

Lab 14 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#interface f0/0

R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#exit
R1(config)#exit

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 172.16.1.1 YES NVRAM up up

Serial0/0 unassigned YES manual administratively down down


Task 2:

R1(config)#int lo 10

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#int lo 20

R1(config-if)#ip address 20.1.1.1 255.255.255.240

R1(config-if)#exit

R1(config)#int lo 30

R1(config-if)#ip address 30.1.1.1 255.255.240.0

R1(config-if)#exit

R1(config)#exit

R1#

R1#
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 172.16.1.1 YES NVRAM up up

Serial0/0 unassigned YES manual administratively down down

Loopback10 10.1.1.1 YES manual up up

Loopback20 20.1.1.1 YES manual up up

Loopback30 30.1.1.1 YES manual up up

Task 3:

To complete this Task, do not forget that there is an implicit deny all statement at the end of ACLS; therefore ensure
that you permit all other traffic once your deny statements are done.

R1(config)#ip access list extended DETAILED LOGGING


R1(config)#ip access-list extended DETAILED-LOGGING

R1(config-ext-nacl)#deny ip any 10.1.1.0 0.0.0.255 log-input

R1(config-ext-nacl)#deny ip any 20.1.1.0 0.0.0.15 log-input

R1(config-ext-nacl)#deny ip any 30.1.1.0 0.0.15.255 log-input

R1(config-ext-nacl)#permit ip any any

R1(config-ext-nacl)#exit

R1(config)#int fast0/0

R1(config-if)#ip access-group DETAILED-LOGGING in

R1(config-if)#exit

R1(config)#exit

R1#

R1#show ip interface fast0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 172.16.1.1/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is DETAILED-LOGGING

Proxy ARP is enabled

----[Truncated Output]----

Task 4:

R1(config)#clock timezone UTC -0

R1(config)#exit

R1#clock set 20:00:00 28 July 2009

R1#

R1#show clock

20:00:03.545 UTC Tue Jul 28 2009

Task 5:

R1(config)#logging on

R1(config)#logging buffered debugging

R1(config)#logging buffered 10000

R1(config)#logging trap informational

R1(config)#logging host 172.16.1.254

R1(config)#service timestamps log datetime show-timezone

R1(config)#service sequence-numbers

R1( fi )# it
R1(config)#exit

R1#

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 3 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 38 message lines logged

Logging to 172.16.1.254 (udp port 514, audit disabled,

authentication disabled, encryption disabled, link up),

3 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

Log Buffer (10000 bytes):

000035: Jul 28 20:03:17 UTC: %SYS-5-CONFIG_I: Configured from console by console

000036: Jul 28 20:13:17 UTC: %SYS-5-CONFIG_I: Configured from console by console

000037: Jul 28 20:14:07 UTC: %SYS-5-CONFIG_I: Configured from console by console

Task 6:

R1(config)#access-list 5 permit host 172.16.1.254

R1(config)#snmp-server community secret RW 5

R1(config)#snmp-server host 172.16.1.254 traps secret config


( g) p p g

R1(config)#snmp-server enable traps config

R1(config)#exit

R1#

R1#

R1#show snmp

Chassis: FTX0915A2V4

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

2 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

2 Trap PDUs

SNMP logging: enabled

Logging to 172.16.1.254.162, 2/10, 0 sent, 0 dropped.

Task 7:

R1#clear log

Clear logging buffer [confirm]

R1#

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.


No Inactive Message Discriminator.

Console logging: level debugging, 1 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 7 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 42 message lines logged

Logging to 172.16.1.254 (udp port 514, audit disabled,

authentication disabled, encryption disabled, link up),

7 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

Log Buffer (10000 bytes):

R1#

Now, perform a ping from Host 1 to any Loopback interface on R1 and verify the logs:

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 126 messages logged, xml disabled,

filtering disabled

M it l i l ld b i 0 l d l di bl d
Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 132 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 44 message lines logged

Logging to 172.16.1.254 (udp port 514, audit disabled,

authentication disabled, encryption disabled, link up),

9 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

Log Buffer (10000 bytes):

000116: Jul 28 20:30:40 UTC: %SEC-6-IPACCESSLOGDP: list DETAILED-LOGGING denied icmp


172.16.1.254 (FastEthernet0/0 001d.09d4.0238) -> 20.1.1.1 (0/0), 1 packet

To validate SNMP, use the debug snmp packets command and then access configuration mode. You will see SNMP
traps being sent by R1 to the SNMP server 172.16.1.254

R1#debug snmp packets

SNMP packet debugging is on

R1#

R1#config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#

R1(config)#

000119: Jul 28 20:33:22.727: SNMP: Queuing packet to 172.16.1.254

000120: Jul 28 20:33:22.727: SNMP: V1 Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6,
spectrap 1

ccmHistoryEventEntry.3.32 = 1

ccmHistoryEventEntry.4.32 = 2

ccmHistoryEventEntry.5.32 = 3

000121: Jul 28 20:33:22.979: SNMP: Packet sent via UDP to 172.16.1.254

R1(config)#exit

R1#

R1#conf

000122: Jul 28 20:33:31 UTC: %SYS-5-CONFIG_I: Configured from console by console


Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#

000123: Jul 28 20:33:39.975: SNMP: Queuing packet to 172.16.1.254

000124: Jul 28 20:33:39.975: SNMP: V1 Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6,
spectrap 1

ccmHistoryEventEntry.3.33 = 1

ccmHistoryEventEntry.4.33 = 2

ccmHistoryEventEntry.5.33 = 3

000125: Jul 28 20:33:40.227: SNMP: Packet sent via UDP to 172.16.1.254

R1(config)#exit

R1#

000126: Jul 28 20:33:44 UTC: %SYS-5-CONFIG_I: Configured from console by console

R1#undebug all

All possible debugging has been turned off

Lab 14 Configurations

R1 Configuration

R1#show running-config

Building configuration...

Current configuration : 1458 bytes

! Last configuration change at 20:33:44 UTC Tue Jul 28 2009

version 12.4

service timestamps debug datetime msec

service timestamps log datetime show-timezone

no service password-encryption

service sequence-numbers

hostname R1

boot-start-marker

boot-end-marker

no logging message-counter syslog

logging buffered 10000


logging buffered 10000

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate w ic 0

ip cef
!

multilink bundle-name authenticated

archive

log config

hidekeys

interface Loopback10

ip address 10.1.1.1 255.255.255.0

interface Loopback20

ip address 20.1.1.1 255.255.255.240

interface Loopback30

ip address 30.1.1.1 255.255.240.0

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

ip access-group DETAILED-LOGGING in

duplex auto
duplex auto

speed auto

interface Serial0/0

no ip address

shutdow n

ip forward-protocol nd

ip http server

ip http secure-server

ip access-list extended DETAILED-LOGGING

deny ip any 10.1.1.0 0.0.0.255 log-input

deny ip any 20.1.1.0 0.0.0.15 log-input

deny ip any 30.1.0.0 0.0.15.255 log-input

permit ip any any

logging 172.16.1.254

access-list 5 permit 172.16.1.254

snmp-server community secret RW 5

snmp-server enable traps config

snmp-server enable traps cpu threshold

snmp-server host 172.16.1.254 secret config

control-plane

line con 0

line aux 0

line vty 0 4

privilege level 15

password cisco

login
g

end

<< previous lab ¦ CCNA Security Labs ¦ next lab >>

© 2006-2011 HowtoNetwork.net All Rights Reserved. Reproduction without permission prohibited.

You might also like