Unanswered Question
Oct 9th, 2009


Is there a Trap generated by device when a authentication is successful.

How to enable that is IOS.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Joe Clarke Fri, 10/09/2009 - 12:08

While there is a trap keyword to the login on-success command, it doesn't work. However, you can enable on-success log, then use syslog traps to get an SNMP trap notification:

login on-success log

snmp-server enable traps syslog

Then you'll see something like:

Oct 9 16:02:46 nms-server2 snmptrapd[61799]: 2009-10-09 16:02:46 [UDP: []->[]:-3362]: EXPRESSION-MIB::sysUpTimeInstance = Timeticks: (1100611999) 127 days, 9:15:19.99 SNMPv2-MIB::snmpTrapOID.0 = OID: CISCO-SYSLOG-MIB::clogMessageGenerated CISCO-SYSLOG-MIB::clogHistFacility.75428 = STRING: SEC_LOGIN CISCO-SYSLOG-MIB::clogHistSeverity.75428 = INTEGER: notice(6) CISCO-SYSLOG-MIB::clogHistMsgName.75428 = STRING: LOGIN_SUCCESSCISCO-SYSLOG-MIB::clogHistMsgText.75428 = STRING: Login Success [user: cse] [Source:] [localport: 23] at 16:02:45 EDT Fri Oct 9 2009 CISCO-SYSLOG-MIB::clogHistTimestamp.75428 = Timeticks: (1100611999) 127 days, 9:15:19.99

yjdabear Fri, 10/09/2009 - 13:13

Any reason why the trap keyword doesn't work? Is it supposed to? Any fix in sight?

Does any of the above apply to "login on-failure"?

Joe Clarke Fri, 10/09/2009 - 13:34

From reading the code, it appears they never intended it to work. I don't see any bugs complaining about the lack of functionality, but tests show it doesn't work, and the code seems to agree. Yes, the same thing applies to on-failure.


This Discussion