1841 Login failures do not show user name

Unanswered Question
Apr 24th, 2009
User Badges:

Hi,


I have a 1841 router and I'm trying to see the user name when he fails to login to the router; I have the following configuration and when I do a show log; I see the failed attempts but do not see the user who failed:


login block-for 60 attempts 3 within 60

login on-failure log every 3

login on-success log


1340818: .Apr 24 16:37:17.322 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] at 16:37:17 UTC Fri Apr 24 2009

1340820: .Apr 24 16:37:25.325 UTC: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 5 secs, [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 16:37:25 UTC Fri Apr 24 2009

HO_1841#


Has anybody experienced the same? I'm running IOS version 12.4(10a)


Thanks for any help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ansalaza Fri, 04/24/2009 - 09:13
User Badges:
  • Cisco Employee,

This is a known issue:


CSCsd58148 Bug Details

%SEC_LOGIN-4-LOGIN_FAILED does not show username in [user: ]


Symptom:

Username of the user who fails to login is not shown in the

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:] message.


Conditions:

Cisco 2821 running 12.4(3a)


Workaround:

Use TACACS


Fixed-In

12.4(7.23)M

12.4(7.24)T

12.4(22.3.4)PIC1

12.4(24.5.2)PIC1


u.naranjo Fri, 04/24/2009 - 09:24
User Badges:

Really? thanks I'll upgrade the image on the router.


Thanks again.


kst.amand Wed, 08/19/2009 - 12:13
User Badges:

I too am having the same issue, even after upgrading to 12.4(22)T. What I have found though is the user information is filled in on failed SSH attempts, but not for Telnet.


I'm curious how you made out with your situation.

Erick Delgado Wed, 08/19/2009 - 14:09
User Badges:
  • Bronze, 100 points or more

Hi,


You are hitting the bug id CSCsd58148. This bug is solved in IOS version 12.4(24)T1.


I did the lab recreation on my lab please see logs below.


*Aug 19 22:08:28.531: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 192.168.250.24] [localport: 23] [Reason: Login Authentication Failed] at 22:08:28 UTC Wed Aug 19 2009


Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Fri 19-Jun-09 15:13 by prod_rel_team



Please upgrade and if you still having the issue please let me know.

Actions

This Discussion