ACL

Hi
I've been looking at the ACLs as part of my course at university, I recall my lecturer (or was it the lab tutor, forgot) saying that the ACLs can be logged, like if u have a deny ACL, it can log that someone tried to access this. I would like to know if this logging can be logged to something like RADIUS.
Like, if you have ACL 101 thats granting 172.16.1.0/24 access to the net
Can we, say, log all occurances of ACL 101 being matched to a RADIUS server?

Thanks
Jason

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

karanc

its simple u have to just add a word log at end of your extended list and in global conf
add a command
#log 10.0.0.1 /hostanme (.....where radius/or other logging software is running)

Mr.Bobster

Hi
I don't fully understand what you mean sorry.

If I have this

access-list 101 permit ip any any log

(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason

tech-airman

Mr.Bobster wrote:
Hi
I don't fully understand what you mean sorry.

If I have this
access-list 101 permit ip any any log
(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason

Mr.Bobster,

What does RADIUS stand for?

Kalabin

tech-airman wrote:
Mr.Bobster wrote:
Hi
I don't fully understand what you mean sorry.

If I have this
access-list 101 permit ip any any log
(just as a test ACL)
Is that how I should configure it for logging to RADIUS ?
Or must I constantly import the log data?
Thanks
Jason
Mr.Bobster,

What does RADIUS stand for?

Remote Authentiaction Dial-in User Service. Used on straight PPP Dialup connection's, and PPPoE connection's for user authentication.

ccnpninja

Mr. Bobster,

access-list 101 permit ip any any log

This statement means that any ip packet will cause the router to launch syslog, which will write a new entry in the logging journal.
The ACE can be a "deny" as well as a "permit".
Here's an example of log messages:

*May  1 22:12:13.243: %SEC-6-IPACCESSLOGP: list ACL-IPv4-E0/0-IN permitted
   tcp 192.168.1.3(1024) -> 192.168.2.1(22), 1 packet
*May  1 22:17:16.647: %SEC-6-IPACCESSLOGP: list ACL-IPv4-E0/0-IN permitted
   tcp 192.168.1.3(1024) -> 192.168.2.1(22), 9 packets

hope this helps

Mr.Bobster

Sorry, I don't think my original question was very clear, it was to do with traffic accounting with ACLs.
I don't have a router to play with until my lab, so I can't seem to test anything until then, so I'm just trying to gather some information on what I can/should do.
So, like, from my understanding, RADIUS can used for Accounting, Authorization and Auth, so we are unable to use ACLs to log accounting? Or must this be done through something like NetFlow?

Thanks
Jason