Lab 11.5.6.1 Configure Syslog on AP



Similar documents
Lab 5.5 Configuring Logging

Lab Configure Basic AP Security through IOS CLI

Lab Configuring Syslog and NTP (Instructor Version)

Lab Configure Intrusion Prevention on the PIX Security Appliance

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

System Log Setup (RTA1025W Rev2)

Configuring System Message Logging

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

Configuring System Message Logging

Lab Configuring LEAP/EAP using Local RADIUS Authentication

System Message Logging

Chapter 1: Planning Maintenance for Complex Networks. TSHOOT v6 Chapter , Cisco Systems, Inc. All rights reserved.

Configuring a Cisco 2509-RJ Terminal Router

Lab Analyzing Network Traffic

Lab Creating a Logical Network Diagram

Planning Maintenance for Complex Networks

PIM SOFTWARE TR50. Configuring the Syslog Feature TECHNICAL REFERENCE page 1

Lab Configure Cisco IOS Firewall CBAC

Enhanced Password Security - Phase I

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Immotec Systems, Inc. SQL Server 2005 Installation Document

Lab 5.3.9b Managing Router Configuration Files Using TFTP

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Enhanced Password Security - Phase I

Chapter 4 Management. Viewing the Activity Log

RSA Security Analytics

Lab 8.3.3b Configuring a Remote Router Using SSH

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Connecting to the Firewall Services Module and Managing the Configuration

How To Configure Syslog over VPN

Configuring System Message Logging

Lab Configure IOS Firewall IDS

3.1 Connecting to a Router and Basic Configuration

Configuring Logging. Information About Logging CHAPTER

Management, Logging and Troubleshooting

Kiwi SyslogGen. A Freeware Syslog message generator for Windows. by SolarWinds, Inc.

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

TotalCloud Phone System

One-Step Lockdown with Cisco SDM

Lab Configure Local AAA on Cisco Router

Lab Creating a Network Map using CDP Instructor Version 2500

Debugging Network Communications. 1 Check the Network Cabling

NAS 272 Using Your NAS as a Syslog Server

Lab Configuring Access Policies and DMZ Settings

Lab Configuring Access Policies and DMZ Settings

Lab 8.4.3a Managing Cisco IOS Images with TFTP

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Chapter 9 Monitoring System Performance

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

How To Configure A Cisco Router With A Cio Router

PIX/ASA 7.x with Syslog Configuration Example

Chapter 3 Management. Remote Management

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

Smart Business Architecture for Midsize Networks Network Management Deployment Guide

Lab assignment #2 IPSec and VPN Tunnels (Document version 1.1)

Lab Load Balancing Across Multiple Paths

Configuring System Message Logging

Using Debug Commands

Lab Organizing CCENT Objectives by OSI Layer

LAN-Cell to Cisco Tunneling

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Cisco Setting Up PIX Syslog

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Lab Characterizing Network Applications

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Configuring the Cisco Secure PIX Firewall with a Single Intern

Lab Load Balancing Across Multiple Paths Instructor Version 2500

Objectives. Background. Required Resources. CCNA Security

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Cisco Configuration Professional Quick Start Guide

Configuring Syslog Server on Cisco Routers with Cisco SDM

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

Lab Use Network Inspector to Observe STP Behavior

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Lab Advanced Telnet Operations

Applicazioni Telematiche

Pre-lab and In-class Laboratory Exercise 10 (L10)

Per-Packet Load Balancing


enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

APNIC Members Training Course Security workshop. 2-4 July, Port Vila Vanuatu. In conjunction with PACNOG 4

CS3695/M6-109 Lab 8-NPS02 VOIP Sniffing Ver. 8 Rev. 0

Configuring Basic Settings

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

Using Debug Commands

Skills Assessment Student Training Exam

TDP43ME NetPS. Network Printer Server. Control Center. for Ethernet Module

Monitoring the Firewall Services Module

Network Load Balancing

How To: Configure a Cisco ASA 5505 for Video Conferencing

Lab Conducting a Network Capture with Wireshark

Lab 3 Routing Information Protocol (RIPv1) on a Cisco Router Network

Document ID: Introduction

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Lab Developing ACLs to Implement Firewall Rule Sets

Troubleshooting the Firewall Services Module

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

Configuring WAN Failover with a Cisco 881 Router and an AirLink ES440

Transcription:

Lab 11.5.6.1 Configure Syslog on AP Estimated Time: 25 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will configure and use syslog logging to monitor network events. Scenario A network security administrator should always log significant events on the AP to the syslog server. A syslog server should be located on a secure internal network to ensure log integrity. The syslog server can be a dedicated server or another server running syslog services. A Syslog Server is a basic application that allows Aironet AP and bridge event information to be viewed from a Windows system. It includes all the following features: Receiving syslog messages through either TCP or UDP Topology Full reliability because messages can be sent through TCP Ability to receive syslog messages from devices 1-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

Preparation The student will read and understand material presented in FWL Chapter 11 prior to this lab. There are numerous syslog servers available on the Internet. This lab assumes that Kiwi Syslog Daemon is used. This is a freeware utility that can be downloaded at http://www.kiwisyslog.com. Download the syslog server and install the executable file. Tools and resources The following tools and resources will be helpful with this lab: Additional materials A properly setup wired LAN A properly setup and installed AP A PC acting as the syslog server with a static IP address A PC with a properly installed wireless client adapter and utility Further information about the objectives covered in this lab can be found at the following website: http://www.kiwisyslog.com Command List In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise. Command configure terminal logging on logging host show logging show running-config copy running-config startupconfig service timestamps log uptime service sequence-numbers Description Enter global configuration mode Enables Message Logging Log Messages to a syslog server host Verify the log settings and entries entries. Verify the active configuration in DRAM. Save the active configuration into Flash Enable log timestamps. Enable sequence numbers. Step 1 Download and install the Kiwi Syslog software a. Go to the http://www.kiwisyslog.com/software_downloads.htm site and download the free edition of the kiwi syslog software. b. Install the executable file. 2-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

Step 2 Setup the Kiwi Syslog Daemon a. Click on the Kiwi Syslog Daemon Icon on the desktop to bring up the syslog screen. Step 3 Enable logging on the AP a. Open up the AP browser menu and go to the EVENT LOG>Notification Options Page. b. Enable the Event Generate Syslog Messages utility on the AP c. Type in the Syslog Server Host IP address. This should be 10.0.P.10 d. Set the Syslog Facility logging level. The default, Local7, can be used. e. What other selections are available? f. Click the apply button to begin logging events to the Kiwi Syslog. 3-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

Step 4 View the Kiwi Syslog event log a. Generate events to the syslog by logging into the AP that is being monitored. b. Have the wireless users log onto the AP. c. Have the wireless users log off the AP. d. These changes will trigger a logged event on the syslog. What is the message that was displayed on the syslog? Step 5 Enabling logging on the AP a. Erase the configuration and reload the AP. b. Configure the AP according to the Topology. c. Enabled on an AP using the Cisco IOS with the following commands: PodP(config)#logging on d. To send the logging messages to a syslog server which is located on PC1, use the following command: PodP(config)#logging host 10.0.P.10 (where P is the Pod number) e. View the available messaging levels for syslog : PodP(config)#logging trap? <0-7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) 4-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) <cr> f. Configure the syslog message level to debugging. PodP(config)#logging trap debugging (or 7) g. Enable the service timestamps on the AP using the following command: PodP(config)#service timestamps log uptime h. Enable the service sequence numbers on the AP logging using the following command: PodP(config)#service sequence-numbers Step 6 Verify the configuration a. Verify the configuration on the AP. PodP#show running-config Building configuration... Current configuration : 2552 bytes version 12.2 no service pad service timestamps debug datetime msec service timestamps log uptime service password-encryption service sequence-numbers hostname PodP logging trap debugging logging 10.0.1.10 [output omitted] 5-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

b. Use the show logging command to view the entries. PodP#show logging Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 312 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 314 messages logged Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 316 message lines logged Log Buffer (4096 bytes): *Mar 4 04:44:28.924: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticatin Station 0007.8592.e4ea Reason: Previous authentication no longer valid *Mar 4 04:47:55.076: %DOT11-6-ASSOC: Interface Dot11Radio0, Station csawyer 00 9.b74c.b479 Associated KEY_MGMT[NONE] *Mar 4 04:51:36.967: %DOT11-4-MAXRETRIES: Packet to client 0009.b74c.b479 reac ed max retries, remove the client *Mar 4 04:51:36.968: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticatin Station 0009.b74c.b479 Reason: Previous authentication no longer valid *Mar 4 05:36:44.416: %DOT11-6-ASSOC: Interface Dot11Radio0, Station KDEVIAEN-W K02 00d0.59c8.ca3f Reassociated KEY_MGMT[NONE] --More-- [output omitted] c. To clear the log, use the following command: PodP#clear logging Clear logging buffer [confirm] PodP# d. Issue the show log command again to view the clear log: PodP#show log Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 312 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 314 messages logged Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 316 message lines logged Log Buffer (4096 bytes): PodP# 6-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

Step 7 View the Kiwi Syslog event log a. Generate events to the syslog by establishing a wireless connection to the AP. Next, use Telnet or SSH to log into the AP. b. The login will trigger logged events on the syslog server located on PC1. c. What is the message that was displayed on the syslog? 7-7 Fundamentals of Wireless LANs v 1.2 Lab 11.5.6.1 Copyright 2003, Cisco Systems, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information