Catalyst 6513 and SNMP logging issue

Answered Question
Oct 3rd, 2008
User Badges:

I have a Catalyst 6513 that I would like to have snmp report failed login attempts to the logging buffer when the maximum limit it reached. I have enabled all traps and the log does not pick this up. I notice on my older 6500's with CAT OS this is sent to the logging buffer (on the switch side). Does anyone know if this is possible with IOS? My current code version is Version 12.2(18)SXF7

Correct Answer by Richard Burts about 8 years 7 months ago

Alan


There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295


[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
satish_zanjurne Fri, 10/03/2008 - 07:25
User Badges:
  • Silver, 250 points or more


Hi,


1.A system message is generated when a user is either locked by the system or unlocked by the system administrator. The following is an example of such a system message:


%AAA-5-USER_LOCKED: User user1 locked out on authentication failure.


2.If you have commands like


logging buffered 16384

logging trap notifications

logging on


it should log to the buffer which you can see using "show log" command


3. To lockout the user after max. attempts use following commands.


username name [privilege level] password encryption-type password

aaa new-model

aaa local authentication attempts max-fail number-of-unsuccessful-attempts

aaa authentication login default method


4.For SNMP use following commands


snmp-server community RO-community ro

snmp-server community RW-community rw

snmp trap enable

snmp-server host ip_address [traps | informs] [version {1 | 2c | 3}]

community-string


HTH..rate if helpful..

Correct Answer
Richard Burts Fri, 10/03/2008 - 07:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Alan


There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295


[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.


HTH


Rick

agivens02 Fri, 10/03/2008 - 07:55
User Badges:

Thank you Rick,


This is exactly what I was looking for. I just tested it and it worked exactly as I wanted. I greatly appreciate your help!


Alan

Richard Burts Fri, 10/03/2008 - 09:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Alan


I am glad that my answer was able to point you in the right direction. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that a response was able to resolve the question.


The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.


HTH


Rick

Actions

This Discussion