Config Lab: Syslog 3

Wendell Odom
By Wendell Odom October 12, 2021 17:05

When first starting out with Cisco routers and switches, log messages are those irritating messages that show up to interrupt us from the current task at hand. Over time, most of us find those messages more and more useful. Eventually, in production networks, you can use those log messages to systematically to monitor network performance, react more quickly to issues, and to better troubleshoot a network. Today’s lab works through a few of the basic commands that let us enable and disable system logging (Syslog) and the severity levels of messages sent to each logging service.

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Requirements

This lab shows two routers. The topology is actually of little importance to the lab. In reality, the lab gives requirements for different logging configuration for two different routers, just to help you exercise your skills. The requirements for this lab are as follows:

  1. On router R1, disable all terminal logging
  2. On router R2, disable all console and buffer logging
  3. On R1, configure console logging to log console severity level 4 and lower; configure those details using numeric severity levels
  4. On R1, configure logging to an internal buffer for severity 6 and below messages; configure those details using numeric severity levels
  5. On R2, enable logging to a Syslog server at address 192.168.2.100
  6. On R2, configure logging to terminals with severity level 5 and below messages; configure those details using names of the severity levels
  • Assumptions:
    • All router interfaces shown in the lab are up, working and correctly configured with IP addresses
    • IPv4 routing is configured

Figure 1: Two Router Topology

Initial Configuration

Examples 1 and 2 show the beginning configuration state of R1 and R2.

 

Example 1: R1 Config

 

Example 2: R2 Config

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

The CML topology matches the lab topology.

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Answers

Figure 1: Two Router Topology

 

Example 1: R1 Config (Global Commands)

 

Example 2: R2 Config (Global Commands)

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Commentary

For this lab we are focused on configuring device logging and syslog. Note that the requirements for this lab are not in line with what would be configured on a production network and have been set up as a way to configure a number of different logging and syslog commands within a single lab on only two devices.

Examples 1 and 2 show the configuration on routers R1 and R2, respectively. The examples note which requirements are met by which commands. Rather than repeat all those commands, the following list details a few points that are not obvious from looking at the commands:

  • R1 requirement 1: on R1, the no logging monitor global command means that no remote terminal user (that is, Telnet or SSH user) can see log messages on their terminal session after using the terminal monitor command.
  • Severity levels: The lab references severity level 4 (warning), 5 (notification), and 6 (informational). Many of the logging commands can take the number or name for a severity level in the same position in the command. For instance, on R2, logging monitor notifications could have instead been configured as logging monitor 6.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 None No known issues related to this lab.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. If you Telnet to R1 and issue the terminal monitor EXEC command, you still should not see any log messages on the screen. (Requirement 1)
  2. If you connect to the console of R2 and try to generate log messages, you should not see them at the console and should not see them when using the show logging EXEC command. (Requirement 2)
  3. From the console of R1, if you pick an interface and repeatedly issue a shutdown and no shutdown, you should see only the severity 3 messages, but not the severity 5 messages. (Requirement 3)
  4. From R1 (console or Telnet), get into configuration mode (configure terminal) and back out again (end or Ctl-z) repeatedly. Then from any login session, issue a show logging command. You should see the severity 5 (notification) level messages about the fact that you exited configuration mode; look to the end of the output to see those.
  5. Testing with an external Syslog server will be challenging to test. Just look at the configuration on router R2.
  6. Telnet to R2. Then issue the terminal monitor EXEC command. At that point, you should be able to see any new log messages.

More Labs with Related Content!

Config Lab: Syslog 2
Config Lab: Static NAT 1
Wendell Odom
By Wendell Odom October 12, 2021 17:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories