Catalyst 6513 and SNMP logging issue

Answered Question
Oct 3rd, 2008

I have a Catalyst 6513 that I would like to have snmp report failed login attempts to the logging buffer when the maximum limit it reached. I have enabled all traps and the log does not pick this up. I notice on my older 6500's with CAT OS this is sent to the logging buffer (on the switch side). Does anyone know if this is possible with IOS? My current code version is Version 12.2(18)SXF7

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 3 months ago

Alan

There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295

[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
satish_zanjurne Fri, 10/03/2008 - 07:25

Hi,

1.A system message is generated when a user is either locked by the system or unlocked by the system administrator. The following is an example of such a system message:

%AAA-5-USER_LOCKED: User user1 locked out on authentication failure.

2.If you have commands like

logging buffered 16384

logging trap notifications

logging on

it should log to the buffer which you can see using "show log" command

3. To lockout the user after max. attempts use following commands.

username name [privilege level] password encryption-type password

aaa new-model

aaa local authentication attempts max-fail number-of-unsuccessful-attempts

aaa authentication login default method

4.For SNMP use following commands

snmp-server community RO-community ro

snmp-server community RW-community rw

snmp trap enable

snmp-server host ip_address [traps | informs] [version {1 | 2c | 3}]

community-string

HTH..rate if helpful..

Correct Answer
Richard Burts Fri, 10/03/2008 - 07:28

Alan

There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295

[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.

HTH

Rick

agivens02 Fri, 10/03/2008 - 07:55

Thank you Rick,

This is exactly what I was looking for. I just tested it and it worked exactly as I wanted. I greatly appreciate your help!

Alan

Richard Burts Fri, 10/03/2008 - 09:25

Alan

I am glad that my answer was able to point you in the right direction. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that a response was able to resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

Actions

This Discussion