Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Router Security

Is there any provision in cisco 2610 router to identify unauthrized access like event viewer in windows nt/2000.if it is possible please give right prodedure for setting that.

New Member

Re: Cisco Router Security

In order to indentify unauthorized access, you have to have:

1) any user identified (in some way or another - by ip address, username, etc).

2) you have to have some way to track that.

The normal way that I would recommend is to use AAA. i.e. If you set up authentication for all interfaces through which you allow a shell session (vty and console for instance), and then also set up accounting, then you can monitor all authentication attempts (successful and failed) in your AAA logs.

You will need a aaa server like ACS. If you need just real basics, Windows servers have a built-in radius server (IAS) that you could use.

A crude alternative, if you were just concerned about telnet, is to put a "permit" acl that allows telnet. On the end of the ACL you would use the keyword "log" and then set up logging on your router. The result would be that any traffic that matched that acl entry for telnet would generate a syslog. You have to decide how you would want to craft your acl entry so that the information is useful. Also, if this is your only acl on that interface, don't forget about the explict deny any at the end of the ACL.