ACL
Mr.Bobster
Member Posts: 77 ■■□□□□□□□□
in CCNA & CCENT
Hi
I've been looking at the ACLs as part of my course at university, I recall my lecturer (or was it the lab tutor, forgot) saying that the ACLs can be logged, like if u have a deny ACL, it can log that someone tried to access this. I would like to know if this logging can be logged to something like RADIUS.
Like, if you have ACL 101 thats granting 172.16.1.0/24 access to the net
Can we, say, log all occurances of ACL 101 being matched to a RADIUS server?
Thanks
Jason
I've been looking at the ACLs as part of my course at university, I recall my lecturer (or was it the lab tutor, forgot) saying that the ACLs can be logged, like if u have a deny ACL, it can log that someone tried to access this. I would like to know if this logging can be logged to something like RADIUS.
Like, if you have ACL 101 thats granting 172.16.1.0/24 access to the net
Can we, say, log all occurances of ACL 101 being matched to a RADIUS server?
Thanks
Jason
Comments
-
karanc
Member Posts: 21 ■□□□□□□□□□
its simple u have to just add a word log at end of your extended list and in global conf
add a command
#log 10.0.0.1 /hostanme (.....where radius/or other logging software is running)next exam -> ICSW (CCNP 50% done) -
Mr.Bobster
Member Posts: 77 ■■□□□□□□□□
Hi
I don't fully understand what you mean sorry.
If I have thisaccess-list 101 permit ip any any log
(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason -
tech-airman
Member Posts: 953
Mr.Bobster wrote:Hi
I don't fully understand what you mean sorry.
If I have thisaccess-list 101 permit ip any any log
(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason
Mr.Bobster,
What does RADIUS stand for? -
Kalabin
Member Posts: 64 ■■□□□□□□□□
tech-airman wrote:Mr.Bobster wrote:Hi
I don't fully understand what you mean sorry.
If I have thisaccess-list 101 permit ip any any log
(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason
Mr.Bobster,
What does RADIUS stand for?
Remote Authentiaction Dial-in User Service. Used on straight PPP Dialup connection's, and PPPoE connection's for user authentication. -
ccnpninja
Member Posts: 1,010 ■■■□□□□□□□
Mr. Bobster,
This statement means that any ip packet will cause the router to launch syslog, which will write a new entry in the logging journal.access-list 101 permit ip any any log
The ACE can be a "deny" as well as a "permit".
Here's an example of log messages:*May 1 22:12:13.243: %SEC-6-IPACCESSLOGP: list ACL-IPv4-E0/0-IN permitted tcp 192.168.1.3(1024) -> 192.168.2.1(22), 1 packet *May 1 22:17:16.647: %SEC-6-IPACCESSLOGP: list ACL-IPv4-E0/0-IN permitted tcp 192.168.1.3(1024) -> 192.168.2.1(22), 9 packets
hope this helpsmy blog:https://keyboardbanger.com -
Mr.Bobster
Member Posts: 77 ■■□□□□□□□□
Sorry, I don't think my original question was very clear, it was to do with traffic accounting with ACLs.
I don't have a router to play with until my lab, so I can't seem to test anything until then, so I'm just trying to gather some information on what I can/should do.
So, like, from my understanding, RADIUS can used for Accounting, Authorization and Auth, so we are unable to use ACLs to log accounting? Or must this be done through something like NetFlow?
Thanks
Jason
