06-05-2007 02:43 PM
Hi...
I tried to configure cisco Login Enhacements on a cat 3560 like this...
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_login.htm
and when I attempt to access via telnet I cant generate the usser name for the log messasg
00:55:11: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: ] [Source: 192.168.1.1] [localport: 23] at 00:55:10 UTC Mon Mar 1 1993
[user: ]
Does somebody know what could be happening?
06-05-2007 05:33 PM
Xavier
It would be helpful to have some details of the config of your 3560, especially details of how you authenticate telnet users.
But without having that detail I will make a guess about what is happening. My guess is that you are authenticating telnet users based on the line password. In this case the 3560 has no information about who the user is. It only knows that someone from source address 192.168.1.1 successfully created a telnet session (entered the correct password). So it reports what it knows (source address, local port, time) and has no information to report about [user]
HTH
Rick
06-06-2007 07:48 AM
Thanks Rick
Of course, this is the config of my lab switch...
I hope it is useful to solve my issue...
I have tried as success o failed access but allways failed the usser name
Switch#show running-config
Building configuration...
Current configuration : 2481 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable password cisco
!
username patricio password 0 cisco1
username alfonso password 0 cisco2
aaa new-model
aaa authentication login default local enable
aaa authentication enable default enable
aaa authorization exec default local
aaa accounting suppress null-username
aaa accounting update newinfo
!
aaa session-id common
ip subnet-zero
no ip domain-lookup
!
login on-failure log
login on-success log
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
<<...>>
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
transport input telnet
line vty 5 15
!
!
end
06-06-2007 08:24 AM
Xavier
Thanks for the additional information. According to the config it is possible to login using a locally defined username or by entering just a password. Can you tell us whether the messages you originally posted are from a login using just the password (this is the scenario that I suggested in my previous post where the switch does not have any user name to put into the message) or was from a login using a username and password?
HTH
Rick
06-06-2007 09:11 AM
Of course...
It was trying to access using the user name
and passwork configured...
Something similar happened when I generate a snmp tty trap...
snmp-server enable traps tty
snmp-server enable traps stpx root-inconsistency loop-inconsistency
snmp-server host 192.168.1.1 version 2c ptvtps
I realy need to identify the user trying to access to a cat 3560...
thanks Rick.
06-07-2007 08:15 AM
I have tried with aaa comands because I am using a tacacs server...
When I access using a tacacs server every thing seems to be ok, but for local users not...
The config looks lije this,
Switch#show running-config
Building configuration...
Current configuration : 2427 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
username xxx password xxx
username xxx password xxx
username xxx password xxx
aaa new-model
aaa authentication login lineas local
!
aaa session-id common
ip subnet-zero
no ip domain-lookup
!
login on-failure log
login on-success log
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
...
!
interface GigabitEthernet0/4
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
logging synchronous
login authentication lineas
transport input telnet
line vty 5 15
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide