2. The network

2.1. The switch

Because GNS3 does not support port security, the test needs to be done with physical hardware.


The switch is a Cisco Catalyst 3560 with IOS 12.2, because that is what I got. most cisco switches will support port security, so it doesn't really matter. The switch has a DHCP server and all ports are assigned to VLAN 10. Syslog is redirected to the management server

The most relevant parts of the general config are:
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool CLIENT
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
vlan 10 
interface Vlan10
 ip address

2.2. The management server

The management server is a raspberry pi. Besides the reception of syslog, it is used to launch scripts that automate the tedious cisco command line use.

The pi uses rsyslogd. Standard, it does not receive syslog from other servers. In /etc/rsyslog.conf you need to add:
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

In the catch-all section, I added local7 to /var/log/messages because cisco logs on local7:
        mail,news.none          -/var/log/messages

2.3. The rest

For computer1 and computer2, you can use anything that has an ethernet NIC. The admin workstation needs to be able to ssh into the pi.