10-03-2008 05:30 AM - edited 03-06-2019 01:44 AM
I have a Catalyst 6513 that I would like to have snmp report failed login attempts to the logging buffer when the maximum limit it reached. I have enabled all traps and the log does not pick this up. I notice on my older 6500's with CAT OS this is sent to the logging buffer (on the switch side). Does anyone know if this is possible with IOS? My current code version is Version 12.2(18)SXF7
Solved! Go to Solution.
10-03-2008 07:28 AM
Alan
There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295
[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.
HTH
Rick
10-03-2008 07:25 AM
Hi,
1.A system message is generated when a user is either locked by the system or unlocked by the system administrator. The following is an example of such a system message:
%AAA-5-USER_LOCKED: User user1 locked out on authentication failure.
2.If you have commands like
logging buffered 16384
logging trap notifications
logging on
it should log to the buffer which you can see using "show log" command
3. To lockout the user after max. attempts use following commands.
username name [privilege level] password encryption-type password
aaa new-model
aaa local authentication attempts max-fail number-of-unsuccessful-attempts
aaa authentication login default method
4.For SNMP use following commands
snmp-server community RO-community ro
snmp-server community RW-community rw
snmp trap enable
snmp-server host ip_address [traps | informs] [version {1 | 2c | 3}]
community-string
HTH..rate if helpful..
10-03-2008 07:28 AM
Alan
There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295
[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.
HTH
Rick
10-03-2008 07:55 AM
Thank you Rick,
This is exactly what I was looking for. I just tested it and it worked exactly as I wanted. I greatly appreciate your help!
Alan
10-03-2008 09:25 AM
Alan
I am glad that my answer was able to point you in the right direction. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that a response was able to resolve the question.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: