Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
1
Replies

SNMP Trap on Failed Telnet Attempt

phawker56
Level 1
Level 1

‎09-13-2007 03:24 AM - edited ‎03-05-2019 06:27 PM

We've recently implemented ACLs to block network ranges from telneting to ur routers and switches from unauthorised IP address ranges which is working well. We would like to log attempts from blocked ranges, preferably to our NMS via an SNMP trap. Is this possible at all? We already have TACACS+ logging to an ACS server for failed login attempts and could turn on syslogging, but would like to do it via SNMP so that the manager can see an instant alert from our NMS server screen which is SNMP only.

Many thanks for any help.

Labels:
0 Helpful
1 Reply 1

htarra
Level 4
Level 4

‎09-19-2007 08:24 AM

I know that it is an issue that is device/mib specific. Some devices will indeed issue a trap for an SNMP authentication failure and the trap will include the IP of the offending device. Other will send the trap but it will not have a space for the offending device included. SNMP appears to be the only source for the auth failures. A failed telnet attempt does not appear to generate the same trap sequences. This appears to be a device feature. Higher end devices will include the IP. You may close the case. Unless you have some insight into how to get the devices to include the offending IP and to generate an auth fail trap for SNMP queries and for Telnet attempts, we can consider this a moot point.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card