Nov
26

Here is a small task that illustrates how combining a few technologies may result in interesting solution.

Task:

Configure R1 to send all logging messages to the remote server at the IP address "10.0.0.100". Ensure secure (non-cleartext) and reliable (acknowledged) information delivery.

DO NOT USE:

1) TCP as the transport protocol.
2) IPsec for encryption.
3) Any tunneling technology.

Recent update: do not use BEEP. This seems to be ruled out by "don't use TCP", but worths being mentioned separately. The solutions is supposed to be a "bit" more complicated :)

For simplicity, assume the server to be directly connected to the router via Ethernet. Also, assume the server could be configured in any way to match the router's configuration.

The first person to find the correct solution would win a 100$ Amazon.com gift card. Since tomorrow is a big holiday in the US, we will post the solution and announce the winner somewhere around the coming weekend.

Have a nice Thanksgiving!

----

OK, it looks like I'm getting old after all :) The solution has been found a few hours after I actually made the post! The Winner is: Carl Burkland. Congratulaitons! He was the first to post a working solution. I'm disclosing the comments right now, so you can see other people who came with correct solutions or bright ideas after Carl. Also, see some explanations and comments below.

R1:
logging history debugging
snmp-server engineID remote 10.0.0.100 ABCD12345678
snmp-server group TRAP v3 priv
snmp-server user TRAP TRAP remote 10.0.0.100 v3 auth sha CISCO priv des56 CISCO
snmp-server enable traps syslog
snmp-server host 10.0.0.100 informs version 3 priv TRAP

The idea is combine the following features:

1) Syslog history buffer logging.
2) SNMP traps/informs generation based on syslog messages.
3) SNMPv3 DES encryption for traps/informs.
4) Reliable delivery thanks to informs mechanism.

Of course, using any reliable transport would be too easy ;). Antonio Soares (and later Sorin CONSTANTINESCU) came with an idea of using PPPoE with MPPE and PPP reliable delivery features. While this violates the requirement of not using any tunneling techniques (in this case - L2 inside L2) the idea is really good. The only problem is that I never found the "reliable" PPP to work, particularly with PPPoE :) Looks like you still need good old LAPB encapsulation on serial interfaces to enforce reliable delivery. There is another protocol called "RBSCP" which you could use across unreliable/long-haul links to imporve TCP performance, but this is deserves a separate post.

Other people (e.g. NTllect, Lejoe Thomas – see their comment) correctly suggested using SNMPv3 informs, but some did not provide the complete working configuration. The trick is that in order to get SNMPv3 informs working you need to configure a remote engine ID for the remote server and associate the SNMPv3 user with this ID. Without that, the router will not send any informs! You can easily verify if your configuration is working by doing something like this:

access-list 100 permit udp any any eq 162

R1#debug ip packet 100 dump

Generating some syslog messages, and see if you see packets captured.
After that, use the command show snmp pending to see the pending informs (if any).

Overall I’ve seen a bunch of pretty good answers. Thanks a lot to everyone for participating. Congratulations to winner once again, our sales team will contact you after holidays! Oh yeah, and next time I will try to come with more complicated tasks.

Subscribe to INE Blog Updates

New Blog Posts!