Telnet access and syslog messages

Unanswered Question
Jan 18th, 2008
User Badges:

Hi,


in this forum I found that to log telnet access to routers (Successful/Unsuccessful - Authorized/Unauthorized) a possible configuration is:

access-list 10 permit 10.1.1.1

access-list 10 permit 10.51.21.34

access-list 10 permit 10.51.8.32


I find on cisco.com these syslog events related to telnet:


%TN-2-BADLOGIN : Bad login string pointer [hex]

%TN-3-BADSTATE : Illegal state [dec]

%TN-3-READLINE : Unknown return code [dec] from telnet_readline()

(http://www.cisco.com/en/US/docs/ios/12_3/sem2/system/messages/emgtdm.html#wp139576)


"%TN-2-BADLOGIN : Bad login string pointer [hex]" is related to unauthorized telnet access to the router?


Can you suggest me some syslog messages generated when someone tries to access a router?


Thanks a lot

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ivillegas Thu, 01/24/2008 - 11:14
User Badges:
  • Silver, 250 points or more

I have experienced "% telnet connections not permitted from this terminal " messages on the console. Issuing the command "transport output telnet ssh " under line vty 04 resolves this issues.


cisco24x7 Thu, 01/24/2008 - 12:01
User Badges:
  • Silver, 250 points or more

Try this:


login block-for 1 attempts 3 within 1

login delay 1

login on-failure log


Here is a message of someone login unsuccessfully to a router:


Jan 24 17:59:16 10.109.114.101 13632: Jan 24 19:59:15: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: dkdkdk] [Source: 192.168.1.1] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 19:59:15 UTC Thu Jan 24 2008



Easy right?


CCIE Security

fisko Wed, 04/21/2010 - 00:08
User Badges:

What about OLD IOS this is extended login feature in 12.4(3)?

Actions

This Discussion