CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets

Syslog and SNMP Configuration

Lab 14 

Cisco IOS Syslog and SNMP Configuration

Back to book index.

Lab Objective:

The objective of this lab exercise is for you to learn and understand how configure Syslog and SNMP reporting on Cisco IOS routers.

Lab Purpose:

Syslog and SNMP are tools that can be used to provide security-related information, such as access breaches, configuration changes and high processor utilization, for example. As a CCNA Security administrator, you are expected to demonstrate a solid understanding of the basic Syslog and SNMP configuration in Cisco IOS routers.

Lab Difficulty:

This lab has a difficulty rating of 7/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes. 

Lab Topology:

Please use any single switch to complete this lab:

Lab 14 1 

Lab 14 Configuration Tasks 

Task 1:

Configure the hostname on R1 and IP addressing as illustrated in the diagram. In addition, configure Host 1 with the IP address specified and a default gateway of 172.16.1.1.

NOTE:

 

If you do not have a Host in your lab, you can simply substitute Host 1 for another router with an Ethernet interface and a default static route pointing to 172.16.1.1.

 

Task 2:

Configure the following Loopback interfaces on R1:

Interface Address Mask
Loopback 10 10.1.1.1 /24
Loopback 20 20.1.1.1 /28
Loopback 30 30.1.1.1 /20

Task 3:

Configure an extended ACL on R1 that provides the most detailed logging on all traffic to the Loopback10, Loopback20 and Loopback30 subnets. This ACL should deny all IP traffic to these subnets. Apply this ACL inbound on the FastEthernet0/0 interface of R1.

Task 4:

Configure the local time on R1 as 20:00 GMT/UTC using today’s date for the clock date.

Task 5:

Configure Syslog on R1 as follows:

  • Log all debugging messages to the local router buffer
  • Configure a buffer size of 10,000
  • Log all informational messages to SYSLOG server 172.16.1.254

In addition to this, configure the logs to show the date and time, as well as the time zone. And, finally, configure R1 so that all logs include sequence numbers for easier identification. 

Task 6:

Configure SNMP on R1 as follows:

  • Configure R1 to send all configuration traps to server 172.16.1.254
  • Configure R1 so that server 172.16.1.254 has read and write access to the router
  • Server 172.16.1.254 will use the SNMP Community string secret to manage R1

Task 7:

Clear your logs and verify your configuration by pinging from Host 1 to any of the Loopback interfaces on R1. There should be entries that provided detailed information in the local router buffer. You can also Telnet from Host 1 to any of the Loopback interfaces on R1.

Verify your SNMP configuration by entering/exiting configuration mode on R1. If you have configured this correctly, you will see SNMP traps being sent by R1.

Lab 14 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#interface f0/0

R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#exit

R1(config)#exit

R1#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            172.16.1.1      YES NVRAM  up                    up

Serial0/0                  unassigned      YES manual administratively down down

Lab 14 2

Task 2:

R1(config)#int lo 10

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#int lo 20

R1(config-if)#ip address 20.1.1.1 255.255.255.240

R1(config-if)#exit

R1(config)#int lo 30

R1(config-if)#ip address 30.1.1.1 255.255.240.0

R1(config-if)#exit

R1(config)#exit

R1#

R1#

R1#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            172.16.1.1      YES NVRAM  up                    up

Serial0/0                  unassigned      YES manual administratively down down

Loopback10                 10.1.1.1        YES manual up                    up

Loopback20                 20.1.1.1        YES manual up                    up

Loopback30                 30.1.1.1        YES manual up                    up

 Task 3:

To complete this Task, do not forget that there is an implicit deny all statement at the end of ACLS; therefore ensure that you permit all other traffic once your deny statements are done.

R1(config)#ip access-list extended DETAILED-LOGGING

R1(config-ext-nacl)#deny ip any 10.1.1.0 0.0.0.255 log-input

R1(config-ext-nacl)#deny ip any 20.1.1.0 0.0.0.15 log-input

R1(config-ext-nacl)#deny ip any 30.1.1.0 0.0.15.255 log-input

R1(config-ext-nacl)#permit ip any any

R1(config-ext-nacl)#exit

R1(config)#int fast0/0

R1(config-if)#ip access-group DETAILED-LOGGING in

R1(config-if)#exit

R1(config)#exit

R1#

R1#show ip interface fast0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 172.16.1.1/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

  Inbound  access list is DETAILED-LOGGING

Proxy ARP is enabled

—-[Truncated Output]—-

Task 4:

R1(config)#clock timezone UTC -0

R1(config)#exit

R1#clock set 20:00:00 28 July 2009

R1#

R1#show clock

20:00:03.545 UTC Tue Jul 28 2009

 Task 5:

R1(config)#logging on

R1(config)#logging buffered debugging

R1(config)#logging buffered 10000

R1(config)#logging trap informational

R1(config)#logging host 172.16.1.254

R1(config)#service timestamps log datetime show-timezone

R1(config)#service sequence-numbers

R1(config)#exit

R1#

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

 

No Active Message Discriminator.

 

 

 

No Inactive Message Discriminator.

 

 

Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging:  level debugging, 3 messages logged, xml disabled,

                     filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 38 message lines logged

        Logging to 172.16.1.254  (udp port 514,  audit disabled,

authentication disabled, encryption disabled, link up),

3 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

 

Log Buffer (10000 bytes):

 

000035: Jul 28 20:03:17 UTC: %SYS-5-CONFIG_I: Configured from console by console

000036: Jul 28 20:13:17 UTC: %SYS-5-CONFIG_I: Configured from console by console

000037: Jul 28 20:14:07 UTC: %SYS-5-CONFIG_I: Configured from console by console

 Task 6:

R1(config)#access-list 5 permit host 172.16.1.254

R1(config)#snmp-server community secret RW 5

R1(config)#snmp-server host 172.16.1.254 traps secret config

R1(config)#snmp-server enable traps config

R1(config)#exit

R1#

R1#

R1#show snmp

Chassis: FTX0915A2V4

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

2 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

2 Trap PDUs

 

SNMP logging: enabled

    Logging to 172.16.1.254.162, 2/10, 0 sent, 0 dropped.

 Task 7:

R1#clear log

Clear logging buffer [confirm]

R1#

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

 

No Active Message Discriminator.

 

 

 

No Inactive Message Discriminator.

 

 

Console logging: level debugging, 1 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging:  level debugging, 7 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 42 message lines logged

Logging to 172.16.1.254  (udp port 514,  audit disabled,

authentication disabled, encryption disabled, link up),

7 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

 

Log Buffer (10000 bytes):

R1#

 Now, perform a ping from Host 1 to any Loopback interface on R1 and verify the logs:

R1#show logging

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

 

No Active Message Discriminator.

 

 

 

No Inactive Message Discriminator.

 

 

Console logging: level debugging, 126 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging:  level debugging, 132 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

Trap logging: level informational, 44 message lines logged

Logging to 172.16.1.254  (udp port 514,  audit disabled,

authentication disabled, encryption disabled, link up),

9 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

 

Log Buffer (10000 bytes):

 

000116: Jul 28 20:30:40 UTC: %SEC-6-IPACCESSLOGDP: list DETAILED-LOGGING denied icmp 172.16.1.254 (FastEthernet0/0 001d.09d4.0238) -> 20.1.1.1 (0/0), 1 packet

To validate SNMP, use the debug snmp packets command and then access configuration mode. You will see SNMP traps being sent by R1 to the SNMP server 172.16.1.254

R1#debug snmp packets

SNMP packet debugging is on

R1#

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#

R1(config)#

000119: Jul 28 20:33:22.727: SNMP: Queuing packet to 172.16.1.254

000120: Jul 28 20:33:22.727: SNMP: V1 Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6, spectrap 1

ccmHistoryEventEntry.3.32 = 1

ccmHistoryEventEntry.4.32 = 2

ccmHistoryEventEntry.5.32 = 3

000121: Jul 28 20:33:22.979: SNMP: Packet sent via UDP to 172.16.1.254

R1(config)#exit

R1#

R1#conf

000122: Jul 28 20:33:31 UTC: %SYS-5-CONFIG_I: Configured from console by console

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#

000123: Jul 28 20:33:39.975: SNMP: Queuing packet to 172.16.1.254

000124: Jul 28 20:33:39.975: SNMP: V1 Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6, spectrap 1

ccmHistoryEventEntry.3.33 = 1

ccmHistoryEventEntry.4.33 = 2

ccmHistoryEventEntry.5.33 = 3

000125: Jul 28 20:33:40.227: SNMP: Packet sent via UDP to 172.16.1.254

R1(config)#exit

R1#

000126: Jul 28 20:33:44 UTC: %SYS-5-CONFIG_I: Configured from console by console

R1#undebug all

All possible debugging has been turned off

 

 

Lab 14 Configurations

R1 Configuration

R1#show running-config

Building configuration…

 

Current configuration : 1458 bytes

!

! Last configuration change at 20:33:44 UTC Tue Jul 28 2009

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime show-timezone

no service password-encryption

service sequence-numbers

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no logging message-counter syslog

logging buffered 10000

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface Loopback10

ip address 10.1.1.1 255.255.255.0

!

interface Loopback20

ip address 20.1.1.1 255.255.255.240

!

interface Loopback30

ip address 30.1.1.1 255.255.240.0

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

ip access-group DETAILED-LOGGING in

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

ip forward-protocol nd

!

!

ip http server

ip http secure-server

!

ip access-list extended DETAILED-LOGGING

deny   ip any 10.1.1.0 0.0.0.255 log-input

deny   ip any 20.1.1.0 0.0.0.15 log-input

deny   ip any 30.1.0.0 0.0.15.255 log-input

permit ip any any

!

logging 172.16.1.254

access-list 5 permit 172.16.1.254

snmp-server community secret RW 5

snmp-server enable traps config

snmp-server enable traps cpu threshold

snmp-server host 172.16.1.254 secret  config

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

password cisco

login

!

!

end

content-filler

ABOUT US

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.

MOST POPULAR

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Members

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Newsletter

Subscription Form

Secure Site

website security secure

Copyright Reality Press Ltd . / Paul Browning

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.