Router Security and Logging

[krock22]

Hello

I was wondering what is the minimum security that I can apply to a router, but more immportanly is there a way that I can create a log to see who is logging into the router via telnet/ssh?

 

[North323]

you can set logging and use kiwi syslog they have a free version

 

[imbadatthis]

Krock22:

if you have SDM / one step lock down works.

if you have CLI access just type
R1#auto secure

it will ask you some questions and will setup a decent security on your router...

as for logging:
i have to agree with North323 kiwi works fairly well and its a two liner in CLI to get everything started..

 

[lerdalt]

If you are wanting more specifics to see who is logging into the router, you will probably want to setup a TACACS authentication so that every user has a unique ID as well.

 

[krock22]

How can I set that up?

 

[imbadatthis]

download it and install it on a server


then you will need to setup

tacacs-server host ip address here
aaa new-mod
aaa authentication login default group tacacs+ local
! add the local in case your tacacs server goes down
! if you dont then no one can login until it comes back up
! thats assuming you have a local username

that should do it.

if you want to have tacacs login for only a specific interface such as console, aux, telnet , ssh then instead

aaa new-mod
aaa authentication login NAMEOFLIST group tacacs+ local
!telnet used as exmaple
line vty 0 15
aaa authorization NAMEOFLIST


i think that should do it.
*going off memory here, ? doesn't work in forums .

 

[imbadatthis]

forgot to close my tag ignore the "