Test network services

This container has been tested with IOS / NXOS and ACI.

Test syslog

You can verify if you receive logs with syslog-ng. This service runs on the default port udp/514.

The configuration on the file /etc/syslog-ng/syslog-ng.conf redirects the external logs to the following file: /var/log/remote-syslog.log

# Extract of syslog-ng.conf

source s_net {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};

log { source(s_net); destination(d_net); };
destination d_net { file(“/var/log/remote-syslog.log”); };

Logs could be see with the following command:

root@89944db0da60:~# tailf /var/log/remote-syslog.log
Apr 15 06:50:51 10.0.100.46 2019 Apr 15 06:50:48 UTC: %ETHPORT-5-IF_DOWN_CFG_CHANGE: Interface Ethernet1/1 is down(Config change)
Apr 15 06:50:52 10.0.100.46 2019 Apr 15 06:50:49 UTC: %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/1 is down (Administratively down)
Apr 15 06:50:55 10.0.100.46 2019 Apr 15 06:50:52 UTC: last message repeated 1 time
Apr 15 11:57:59 10.255.0.2 %LOG_LOCAL7-4-SYSTEM_MSG [F1186][raised][config-failure][warning][sys/phys-[eth1/35]/fault-F1186] Port configuration failure.                                   Reason: 2                                   Failed Config: l1:PhysIfspeed_failed_flag

Test snmptrap

snmptrapd is used to receive snmptrap. The logs are redirect to the file : /var/log/snmptrapd.log.

The configuration files are the following : /etc/snmp/snmptrapd.conf and /etc/default/snmptrapd.

The community configured is “public”. You can change in the /etc/snmp/snmptrad file or disabled the authentification with ” disableAuthorization yes”

Example:


Agent Address: 0.0.0.0
Agent Hostname: nxos – UDP: [10.0.100.46]:59353->[172.21.0.2]:162
Date: 6:50:57 15-4
Enterprise OID: .
EngineID:
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: TRAP2, SNMP v2c, community nxos
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
iso.3.6.1.2.1.1.3.0 = Timeticks: (16384794) 1 day, 21:30:47.94
iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.2.1.17.0.2
iso.3.6.1.4.1.9.9.46.1.3.1.1.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.31.1.1.1.1.436207616 = STRING: “Ethernet1/1”


Agent Address: 0.0.0.0
Agent Hostname: nxos – UDP: [10.0.100.46]:59353->[172.21.0.2]:162
Date: 6:51:6 15-4
Enterprise OID: .
EngineID:
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: TRAP2, SNMP v2c, community nxos
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
iso.3.6.1.2.1.1.3.0 = Timeticks: (16385696) 1 day, 21:30:56.96
iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.4.1.9.9.43.2.0.2
iso.3.6.1.4.1.9.9.43.1.1.1.0 = Timeticks: (16384764) 1 day, 21:30:47.64
iso.3.6.1.4.1.9.9.43.1.1.6.1.6.7117 = INTEGER: 3


Test tacacs+

tacacs+ is used to verify the Authentication, Authorization and Accounting. The configuration is in the file /etc/tacacs/tac_plus.conf.

We use the following package : http://www.shrubbery.net/tac_plus/

The current configuration is the following:

  • Tacacs Key : cisco1234
  • user : user1 / cisco1234
  • Right: admin

The log files are the following :

  • For accounting : /var/log/tacacs/tac_plus.acct
  • For authentication : /var/log/tac_plus.log

Test radius

We use freeradius with the following files:

  • radiusd.conf
  • clients.conf
  • users

The logs are in the following directory /var/log/freeradius/.

Example for IOS/NXOS and ACI :

user1 Cleartext-Password := “cisco1234”
Service-Type = NAS-Prompt-User,
Cisco-AVPair = “shell:priv-lvl=15”,
Cisco-AVPair += “shell:domains=all/admin/”

Docker-compose file

docker-compose.yml

version "3"
services:
network-test:
image: zednetwork/network-test:latest
ports:
- "49:49"
- "162:162/udp"
- "514:514/udp"
- "1812:1812/udp"
- "1813:1813/udp"
tty: true
stdin_open: true

To download the container :
docker pull zednetwork/network-test:latest

To enter in the container :

docker exec -it <container_ID> /bin/bash