Continuing from the previous NTP post, our GNS3 topology hasn't changed except for UbtSvr:
I created a working syslog-ng server on UbtSvr2 long before I did the NTP post so, to make sure I don't miss a step or forget to mention something I did to get it working, I've gone ahead and created a brand new Ubuntu server in VirtualBox named UbtSvr3. The default route 192.0.0.0/8 and ip address on UbtSvr3 is the same as UbtSvr2 in the previous NTP post. Nothing else has changed.
Setting up an Ubuntu NTP Server in preparation for creating a syslog-ng server.
I’m working on creating a syslog-ng server on UbtSvr2 to capture events from routers in my GNS3 environment. The first step is having correct time on all devices; this isn’t important for syslog to function but its nice to associate syslog events with the current date and time – which my devices don’t have:
VirtualBox ver: 4.2.10
Virtual Machine (VM): Windows 7 pro, guest additions installed
Requirements: Ability to run a command prompt and VirtualBox as administrator (the usual problem with accessing VBoxManage).
Scenario:
I have a Win7Pro Virtual Machine (VM) with a 20 GB dynamically allocated storage disk (VDI) which only has about 2 GB of space left. I need to install a program on the VM which requires 2.5 GB of disk space. In short, I cannot install this program unless I increase the disk size.
So, in this post I’m going to increase the same disk (disk 0 or drive C) from 20 GB to 30 GB. This will give me the space I need with room to grow.
I did this a while ago when I was preparing a lot of config files (.txt) for use on my routers & switches. I needed to find interface numbers and replace them with interfaces that I had available or was using (i.e. s0/0/0 with s0/0, etc.). As I don’t use this feature very often, it is a prime candidate for a blog post.
PART 2:
Now that SRV is set up and running WinRadius we can configure DLS1 & DLS2 to use RADIUS on SRV for login authentication (telnet).
The configurations are straight forward and if you’d like to know more I’d suggest searching Cisco’s site.
Some of the key information we needed to take note of in Part 1 was the following:
Radius IP: 10.1.50.1
Radius Password (a.k.a NAS Secret): WinRadius
Radius auth-port: 2812
Radius acct-port: 2813
Our User: User1
& Password: CCnP
Part 1: Configuring the Radius Server
In this post we want to secure access to our devices and do so with a single authentication server. There are many reasons to do this; for example we can easily manage users and passwords without having to micromanage each device.
The topology is similar to the RSPAN post:
DLS1 VLAN 5 (MGT): 10.1.5.252
DLS2 VLAN 5 (MGT): 10.1.5.253
While monitoring an analyzer using RSPAN, I was getting a bunch of packets that I don’t care about. I don’t really want to filter based on just one packet but instead would like to filter out the packets I don’t want. Here you can see STP and HSRP packets being exchanged on the switched port I’m analyzing:
Topology
I have several config files (about 30) for each of 6 devices – that’s 180 configs files that I don’t want to manually move over. Not only would it be exhausting and error prone, I know it would take some time to do. I want to move these to the devices so I can quickly move through some TShoot labs without having to tftp each config file for each lab individually. Doing the later would also require each device to have connectivity to the tftp server at all times – it’s just not functional. So, instead, I’d rather have all the config files for each lab already installed in flash so I can quickly “configure replace” as I move through each lab.
(as a personal reference dedicated to Nanook)
The router configs for this post came from “Installing SDM” (1) YouTube video posted by "Cisco Learning Institute" (CSSIAdotORG)
I'm installing SDM-V25 (Cisco’s Security Device Manager) on a c3725 in GNS3 from a WinServer 2008 VM. I’m sure you can use an XP VM to do this. Note that SDM is EoL (End-of-Life) and is replaced (?) by CCP (Cisco Configuration Professional)… but I believe, at this time, SDM is still in the CCNA Security curriculum (?). See: http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html
