Securing login on 2851

Unanswered Question
Sep 15th, 2008
User Badges:

Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?

Thanks in advance! Mitchell

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 09/16/2008 - 08:18
User Badges:
  • Purple, 4500 points or more

Mitchell-


1. ip ssh authentication-retries 3

2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html


You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.


Hope that helps.

mitchell.smith Tue, 09/16/2008 - 10:11
User Badges:

Hi Collin,

Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.


About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?

Thanks for your help!

Mitchell


Collin Clark Tue, 09/16/2008 - 13:06
User Badges:
  • Purple, 4500 points or more

I think you can do it with aaa authentication attempts login 3. Are you using AAA locally or with a RADISU/TACACs server?



mitchell.smith Tue, 09/16/2008 - 14:21
User Badges:

We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!

Actions

This Discussion