Configuring Console, Local and Remote Sys Logging

Core Knowledge and Real World Scenarios

Having a historical log record of events that occur on your network devices is just common sense however there are some networks out there that do not use a syslog server and have limited logging configured on the local box.

This lab will concentrate on three different types of logging. With the first being console logging. Which from an engineering perspective is very annoying and is commonly disabled because it can result in overloading the console port.h

By default Console logging is enabled for level 5 messages out of the box. One of the most annoying syslog’s you’ll see when you’ve consoled into a Cisco device is the following;

%SYS-5-CONFIG_I: Configured from console by console

This is presented each time you make a config change to the device by entering global configuration.

Familiarize yourself with the list of command(s) compiled below;

Command	Description
aaa new-model	This command when executed in global configuration mode will enable AAA.
aaa authentication login {list-name} {authentication methods}	This command when executed in global configuration defines the AAA Authentication list along with its authentication method parameters.
username {name} privilege {1-15} secret {secretpassword}	This command when executed in global configuration creates a user in the local user database which is used for local authentication by AAA if defined to use local authentication

To get started with this lab exercise please review the lab topology and prerequisites prior to loading initial configs and attempting the objective(s).

Lab Logical Topology

The following logical topology is used in all labs found through out Section 2 of the CCNA Security Workbook;

To view the physical cabling topology please visit the Topology page.

Lab Device Initial Configurations

!############################################ !# R1 - CCNA Security Workbook Lab 2-3 # !############################################ ! enable config terminal ! hostname R1 ! no ip domain-lookup ! interface FastEthernet0/0 description Link to SW1 Fa0/1 ip address 10.1.1.2 255.255.255.0 no shut ! line con0 logging sync no exec timeout ! end !############################################ !# SW1 - CCNA Security Workbook Lab 2-3 # !############################################ ! enable config terminal ! hostname SW1 ! no ip domain-lookup ! interface FastEthernet0/1 description Link to R1 Fa0/0 switchport mode access no shut ! interface range FastEthernet0/19-24 shutdown ! interface vlan1 ip address 10.1.1.1 255.255.255.0 no shut ! line con0 logging sync ! end

Before you Start

This lab requires that you have access to a Cisco ASA. You can complete this lab using a virtual Cisco ASA within GNS3 or you can reserve free lab time on the Stub Lab to have access to a pair of Cisco ASA 5505 Series Firewalls which can be used to complete this lab.

Lab Objectives

In this lab you will complete the following objectives.

Coming Soon
Coming Soon
Coming Soon

One More Thing…

It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.

If you are a student preparing for the Cisco CCNA Security Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.

Lab Instruction

Objective 1. – Coming Soon lol…

SW1>enable
SW1(config)#