Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst 6513 and SNMP logging issue

I have a Catalyst 6513 that I would like to have snmp report failed login attempts to the logging buffer when the maximum limit it reached. I have enabled all traps and the log does not pick this up. I notice on my older 6500's with CAT OS this is sent to the logging buffer (on the switch side). Does anyone know if this is possible with IOS? My current code version is Version 12.2(18)SXF7

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Catalyst 6513 and SNMP logging issue

Alan

There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295

[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.

HTH

Rick

4 REPLIES

Re: Catalyst 6513 and SNMP logging issue

Hi,

1.A system message is generated when a user is either locked by the system or unlocked by the system administrator. The following is an example of such a system message:

%AAA-5-USER_LOCKED: User user1 locked out on authentication failure.

2.If you have commands like

logging buffered 16384

logging trap notifications

logging on

it should log to the buffer which you can see using "show log" command

3. To lockout the user after max. attempts use following commands.

username name [privilege level] password encryption-type password

aaa new-model

aaa local authentication attempts max-fail number-of-unsuccessful-attempts

aaa authentication login default method

4.For SNMP use following commands

snmp-server community RO-community ro

snmp-server community RW-community rw

snmp trap enable

snmp-server host ip_address [traps | informs] [version {1 | 2c | 3}]

community-string

HTH..rate if helpful..

Hall of Fame Super Silver

Re: Catalyst 6513 and SNMP logging issue

Alan

There is an enhancement in recent versions of IOS that does what you want about logging failed attempts to login. This link should give you information to get you started:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_login_enhance.html#wp1048295

[note] this is done with syslog and not with snmp, and the catalyst switch is doing it with syslog also and not snmp.

HTH

Rick

New Member

Re: Catalyst 6513 and SNMP logging issue

Thank you Rick,

This is exactly what I was looking for. I just tested it and it worked exactly as I wanted. I greatly appreciate your help!

Alan

Hall of Fame Super Silver

Re: Catalyst 6513 and SNMP logging issue

Alan

I am glad that my answer was able to point you in the right direction. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that a response was able to resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

271
Views
5
Helpful
4
Replies
CreatePlease to create content