Packet Tracer – Configure Cisco Devices for Syslog, NTP, and SSH Operations (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Blank Line, No additional information

Part 1: Configure Syslog Service

Part 2: Generate Logged Events

Part 3: Manually Set Switch Clocks

Part 4: Configure NTP Service

Part 5: Verify Timestamped Logs

In this activity, you will configure secure remote access for the router. You will remote access the devices to enable and use the Syslog service and the NTP service so that the network administrator is able to monitor the network more effectively.

Part 1:Configure Remote Access

In this part, you will access the router R1 via the console port to configure secure remote access SSH. The privileged EXEC password for all the network devices is cisco12345.

Step 1:Configure SSH on R1.

1. From the Admin PC, click Terminal within the Desktop tab. Click OK to access router R1.
2. Set a domain name of your choice on R1.
3. Create a user of your choice with a strong encrypted password.
4. Generate 1024-bit RSA keys.
5. Configure all vty lines for SSH access and use the local user profiles for authentication.
6. Set the EXEC mode timeout to 5 minutes on the vty lines.
7. Block anyone for five minutes who fails to log in after four attempts within a two-minute period.

R1(config)# login block-for 600 attempts 4 within 120

Step 2:Verify SSH access.

In this step, you will establish an SSH session to the network devices.

1. From the command prompt of another laptop or PC, access S1 via SSH using the username SSHuser and password SSHuserpass.

C:/> ssh -l SSHuser 10.0.1.2

2. Repeat and access S2 (10.0.2.2) via SSH using the credentials SSHuser / SSHuserpass.
3. From the command prompt of a laptop or PC, access R1 via SSH using the user account configured in the previous step.
4. Leave all the established SSH sessions open for NTP and Syslog configurations.

Part 2:Configure Syslog Service

Step 1:Enable the Syslog service.

1. Click Syslog, then Services tab.
2. Turn the Syslog service on and move the window so you can monitor activity.

Step 2:Configure the intermediary devices to use the Syslog service.

1. From the remote SSH session, configure R1 to send log events to the Syslog server.

R1(config)# logging 10.0.1.254

2. From the remote SSH session, configure S1 to send log events to the Syslog server.

S1(config)# logging 10.0.1.254

3. From the remote SSH session, configure S2 to send log events to the Syslog server.

S2(config)# logging 10.0.1.254

Part 3:Generate Logged Events

Step 1:Change the status of interfaces to create event logs.

1. Within the established SSH session, configure a Loopback 0 interface on R1 then disable it.

R1(config)# interface loopback 0

R1(config-if)# shutdown

2. Turn off PC1 and PC2. Turn them on again.

Step 2:Examine the Syslog events.

1. Look at the Syslog events.

Note: All the events have been recorded; however, the time stamps are incorrect. You may need to click inside the cells to see the messages.

2. Clear the log before proceeding to the next part.

Part 4:Manually Set Switch Clocks

The clocks can be set manually on the routers and switches. In this part, you will set the clocks on the switches manually and configure the switches to send the timestamps with logs to the syslog server.

Step 1:View the date and time on the switches.

1. After the PCs have finished reloading, establish the SSH sessions to the network devices again as necessary.
2. View the current time set on the clock.

S1# show clock

Step 2:Manually set the clocks on the switches.

From the established SSH session, manually set the clock on S1 and S2 to the current date and approximate time. An example is provided.

S1# clock set 11:47:00 July 10 2013

Step 3:Enable the logging timestamp service on the switches.

Configure S1 and S2 to send its timestamp with logs it sends to the Syslog server via the established SSH session.

S1(config)# service timestamps log datetime msec

S2(config)# service timestamps log datetime msec

Part 5:Configure NTP Service

Step 1:Enable the NTP service.

In this activity, we are assuming that the NTP service is being hosted on a public internet server. If the NTP server was private, authentication could also be used.

1. Open the Services tab of the NTP server.
2. Turn the NTP service on and note the date and time that is displayed.

Step 2:Automatically set the clock on the router.

Set the clock on R1 to the date and time according to the NTP server.

R1(config)# ntp server 64.103.224.2

Step 3:Enable the logging timestamp service of the router.

Configure R1 to send its timestamp with the logs that it sends to the Syslog server.

R1(config)# service timestamps log datetime msec

Part 6:Verify Timestamped Logs

Step 1:Change the status of interfaces to create event logs.

1. Re-enable and then disable the Loopback 0 interface on R1.

R1(config)# interface loopback 0

R1(config-if)# no shutdown

R1(config-if)# shutdown

2. Turn off laptops L1 and L2. Turn them on again.

Step 2:Examine the Syslog events.

Look at the Syslog events. Note: All the events have been recorded and the time stamps are correct as configured. Note: R1 uses the clock settings from the NTP server, and S1 and S2 use the clock settings configured in an earlier part of this activity.

Router R1

enable

config terminal

ip domain-name anyname.com

username anyusername secret anyusernamepassword

line vty 0 4

transport input ssh

login local

exec-time 5 0

login block-for 600 attempts 4 within 120

crypto key generate rsa general-keys modulus 1024

ntp server 64.103.224.2

service timestamps log datetime msec

Router S1

clock set 13:20:00 Feb 12 2021

enable

config terminal

service timestamps log datetime msec

Router S2

clock set 13:20:00 Feb 12 2021

enable

config terminal

service timestamps log datetime msec