SNMP Trap on Failed Telnet Attempt

Unanswered Question
Sep 13th, 2007
User Badges:

We've recently implemented ACLs to block network ranges from telneting to ur routers and switches from unauthorised IP address ranges which is working well. We would like to log attempts from blocked ranges, preferably to our NMS via an SNMP trap. Is this possible at all? We already have TACACS+ logging to an ACS server for failed login attempts and could turn on syslogging, but would like to do it via SNMP so that the manager can see an instant alert from our NMS server screen which is SNMP only.


Many thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Wed, 09/19/2007 - 08:24
User Badges:
  • Bronze, 100 points or more

I know that it is an issue that is device/mib specific. Some devices will indeed issue a trap for an SNMP authentication failure and the trap will include the IP of the offending device. Other will send the trap but it will not have a space for the offending device included. SNMP appears to be the only source for the auth failures. A failed telnet attempt does not appear to generate the same trap sequences. This appears to be a device feature. Higher end devices will include the IP. You may close the case. Unless you have some insight into how to get the devices to include the offending IP and to generate an auth fail trap for SNMP queries and for Telnet attempts, we can consider this a moot point.


Actions

This Discussion