10-09-2009 11:56 AM
Hi,
Is there a Trap generated by device when a authentication is successful.
How to enable that is IOS.
-Thanks
10-09-2009 12:08 PM
While there is a trap keyword to the login on-success command, it doesn't work. However, you can enable on-success log, then use syslog traps to get an SNMP trap notification:
login on-success log
snmp-server enable traps syslog
Then you'll see something like:
Oct 9 16:02:46 nms-server2 snmptrapd[61799]: 2009-10-09 16:02:46 nms-3560-a.rtp.cisco.com [UDP: [0.0.0.0]->[14.32.100.39]:-3362]: EXPRESSION-MIB::sysUpTimeInstance = Timeticks: (1100611999) 127 days, 9:15:19.99 SNMPv2-MIB::snmpTrapOID.0 = OID: CISCO-SYSLOG-MIB::clogMessageGenerated CISCO-SYSLOG-MIB::clogHistFacility.75428 = STRING: SEC_LOGIN CISCO-SYSLOG-MIB::clogHistSeverity.75428 = INTEGER: notice(6) CISCO-SYSLOG-MIB::clogHistMsgName.75428 = STRING: LOGIN_SUCCESSCISCO-SYSLOG-MIB::clogHistMsgText.75428 = STRING: Login Success [user: cse] [Source: 14.32.100.33] [localport: 23] at 16:02:45 EDT Fri Oct 9 2009 CISCO-SYSLOG-MIB::clogHistTimestamp.75428 = Timeticks: (1100611999) 127 days, 9:15:19.99
10-09-2009 01:13 PM
Any reason why the trap keyword doesn't work? Is it supposed to? Any fix in sight?
Does any of the above apply to "login on-failure"?
10-09-2009 01:34 PM
From reading the code, it appears they never intended it to work. I don't see any bugs complaining about the lack of functionality, but tests show it doesn't work, and the code seems to agree. Yes, the same thing applies to on-failure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide