Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

syslog messages in AAA

I have an issue with a switch's syslog messages showing up in the failed authentication attempts report in the AAA.

If anyone has any thoughts, let me know!!

CHRIS

3 REPLIES
Silver

Re: syslog messages in AAA

Hi

This is not uncommon! I've seen all types of random stuff (usually via TACACS+).

The request packets were perfectly formed T+ requests but had data that contain what looks like random parts of the device's onboard RAM.

Most likely a similar thing.

Darran

New Member

Re: syslog messages in AAA

hmmm...It seems to only be happening with 1 switch. Is there anyway to prevent/stop it?

Hall of Fame Super Silver

Re: syslog messages in AAA

Do you perhaps have this switch console connected on a terminal server, and if so, does the terminal server have "no exec" configured on the lines used for reverse telnet?

I have seen symptoms similar to what you describe in a situation where I had a switch whose console port was connected to a terminal server and the terminal server lines did not have no exec. It looks like there was some activity on the switch which the terminal server presented a login prompt. The next text displayed on the switch was interpreted by the terminal server as the login id and was logged in the failed attempts log.

HTH

Rick

149
Views
0
Helpful
3
Replies
CreatePlease to create content