Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

how to log the trials of telnet access on my router ?

hi ,

im using telnet access , with no access list nor any restrictions .to telnet .

i want to log all the trials of access my telnet router whatever it succeded or  failed .

i want the ips of who has tried to access my telnet with wrong passwords ,

could i know who tried to guess the password  ????

wt commands i need ???

regards

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions

how to log the trials of telnet access on my router ?

nevermind my post above. i read again your post and you already did a failed login attempt.

i reviewed your config again. the enhanced login feature will not work if VTY lines are just configured to use only a password.

authentication should be used with the local username and password database of the router.

Router(config)#username privilege 15 secret

Router(config)#line vty 0 4

Router(config-line)#login local

18 REPLIES
VIP Super Bronze

Re: how to log the trials of telnet access on my router ?

Hi Ahmed,

You can try these commands to log all failure and/or success attempts to your device

login on-failure

login on-success

Here are the rest of the options for logging:

Switch(config)#login ?

  block-for   Set quiet-mode active time period

  delay       Set delay between successive fail login

  on-failure  Set options for failed login attempt

  on-success  Set options for successful login attempt

  quiet-mode  Set quiet-mode options

Switch(config)#login

HTH

New Member

Re: how to log the trials of telnet access on my router ?

hi admin

thanks for reply

but how to see the log file of these trials ???

regards

Re: how to log the trials of telnet access on my router ?

hi ahmed,

you just issue the show log or show login failure commands once enhanced login security has been setup. see sample output below. please help rate useful posts.

Router#show log

*Apr  3 23:25:52.703: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source:

192.168.1.2] [localport: 23] [Reason: Login Authentication Failed - BadUser] at

23:25:52 UTC Tue Apr 3 2012

*Apr  3 23:25:58.891: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source:

192.168.1.2] [localport: 23] [Reason: Login Authentication Failed - BadUser] at

23:25:58 UTC Tue Apr 3 2012

Router#show login failure

Total failed logins: 5

Detailed information about last 50 failures

Username        SourceIPAddr    lPort Count TimeStamp

cisco           192.168.1.2     23    1     23:25:52 UTC Tue Apr 3 2012

admin           192.168.1.2     23    4     23:26:20 UTC Tue Apr 3 2012

New Member

Re: how to log the trials of telnet access on my router ?

hi , did a fail login but couldnt log it

Router#sh login

     No login delay has been applied.

     No Quiet-Mode access list has been configured.

     All successful login is logged and generate SNMP traps.

     All failed login is logged and generate SNMP traps.

     Router NOT enabled to watch for login Attacks

=================

Router#sh login failures

*** No logged failed login attempts with the device.***

note that i did a fail  login but was not monitored here !!!!!

wt do i need to do next ??

regards

Re: how to log the trials of telnet access on my router ?

hi ahmed,

kindly post your show run and remove any sensitive info.

New Member

Re: how to log the trials of telnet access on my router ?

i did wht u said, but uptil now i cant  mnitor any telnet log trails !!!!!!!!!!!

i type sh login failures not no thing is appeared like below:

Gateway2#sh login failures

*** No logged failed login attempts with the device.***

here is my config below:

##############################################

no ip domain lookup

!

!

!

login on-failure log

login on-success log

!

!

vtp mode transparent

mls flow ip interface-full

no mls flow ipv6

mls qos

mls cef error action reset

multilink bundle-name authenticated

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

system flowcontrol bus auto

diagnostic bootup level minimal

!        

redundancy

main-cpu

  auto-sync running-config

mode sso

!        

!        

!        

!        

vlan internal allocation policy ascending

vlan access-log ratelimit 2000

!        

vlan 2   

name NAVISSITE-OUTSIDE

!        

vlan 4   

name UPLOADS

!        

vlan 5   

name LEGACY-LB_ROUTE

!        

vlan 10  

name WEB-FRONT

!        

vlan 14  

name IMAGES

!        

vlan 18  

name APP-NET

!        

vlan 20  

name WEB-BACK

!        

vlan 24  

name IMAGES-BACK

!        

vlan 30  

name ConsoleNetwork

!        

vlan 40  

name NextWebs

!        

vlan 112 

name BackEnd

!        

vlan 150 

name WebServicesMulticastCluster

!        

vlan 192 

name fw-mgt

!        

vlan 209 

name TimeWarner-Outside

!        

!        

!        

class-map match-all wireless

match access-group name wireless

!        

policy-map wireless

class wireless

  police cir 15000000 conform-action transmit  exceed-action drop

class class-default

!        

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!        

interface Loopback2

ip address 1.1.1.1 255.255.255.0

!        

interface GigabitEthernet1/1

ip address 10.160.150.3 255.255.255.0

ip policy route-map test

!        

interface GigabitEthernet1/2

no ip address

shutdown

!        

interface GigabitEthernet1/3

no ip address

shutdown

!        

interface GigabitEthernet1/4

no ip address

shutdown

!        

interface GigabitEthernet1/5

no ip address

shutdown

!        

interface GigabitEthernet1/6

no ip address

shutdown

!        

interface GigabitEthernet1/7

no ip address

shutdown

!        

interface GigabitEthernet1/8

no ip address

shutdown

!        

interface Vlan1

no ip address

shutdown

!        

router bgp xxxxx

bgp log-neighbor-changes

network xxxx mask xxxxx

neighbor xxxxx remote-as xxxx

!        

ip forward-protocol nd

!        

no ip http server

no ip http secure-server

!        

ip access-list extended test

permit ip xxxxxxx any

ip access-list extended wireless

permit ip xxxxx.xxxx any

!        

!        

route-map ahmd permit 10

match ip address test

set ip next-hop 1.2.3.4

!        

snmp-server community public RO

!        

!        

control-plane

!        

banner login ^C

##############xxxx##############

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^wel^C

!        

line con 0

exec-timeout 0 0

password 7 xxxxxxxx

logging synchronous

login   

line vty 0 4

exec-timeout 0 0

password 7 xxxx

logging synchronous

login   

transport input lat pad mop udptn telnet rlogin ssh nasi acercon

!        

!        

!        

end      

Purple

how to log the trials of telnet access on my router ?

Hi,

I think you must use the login block-for command for the other 2 commands to work

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

how to log the trials of telnet access on my router ?

hi , i typed the command

Gateway2(config)#login block-for 1 attempts 6 within 60

but the same issue !!!!!!!!!!!

Purple

how to log the trials of telnet access on my router ?

Can you enter again the 2 commands and tell us if it is working now with the sh login failure.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

how to log the trials of telnet access on my router ?

hi ahmed,

did you test by intentionally using a wrong password?

mind though to create a quiet mode ACL if this router is to be put in production.

Router(config)# login quiet-mode access-class 

how to log the trials of telnet access on my router ?

nevermind my post above. i read again your post and you already did a failed login attempt.

i reviewed your config again. the enhanced login feature will not work if VTY lines are just configured to use only a password.

authentication should be used with the local username and password database of the router.

Router(config)#username privilege 15 secret

Router(config)#line vty 0 4

Router(config-line)#login local

New Member

how to log the trials of telnet access on my router ?

hi ,

it succeded finally

as u mentioned , it need usernmae and pass ,

my question is , does could i know if  wrong password which entered ???

rregards

how to log the trials of telnet access on my router ?

hi ahmed,

thanks for the rating! the syslogs will show you if either the username or password were wrongly typed in. see sample below:

Router1#sh run | i user

username Admin privilege 15 secret 5 $1$G66l$EQCLzT6I.7dpD4ki.n58L0   <<< SECRET PW: cisco

Router1#

*Jul 26 16:41:15.895: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Admin] [Sou

rce: 192.168.1.2] [localport: 23] [Reason: Login Authentication Failed - BadPass 

word] at 16:41:15 UTC Thu Jul 26 2012

*Jul 26 16:41:35.211: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Sou

rce: 192.168.1.2] [localport: 23] [Reason: Login Authentication Failed - BadPass  

word] at 16:41:35 UTC Thu Jul 26 2012

New Member

how to log the trials of telnet access on my router ?

hi ,

i mean the i want the uncorrected passwor dhwich was entered .

but it seems i cant see it .

assume the correct password is 123

and the user entered abc

i want to see the  uncorrect password abc in log ,  is my request  poissible ?

regards

how to log the trials of telnet access on my router ?

hi ahmed,

unfortunately, you won't see the incorrect password typed-in using a show command for this kind of setup.

New Member

how to log the trials of telnet access on my router ?

hi ,

another question

how to let the login failure line consolse at max

i mean it just display only about 50 lines in login failures attempts and after that it override the old lines

my request is how to increase the login failures lines when i type the command sh login failures ???

regards

New Member

how to log the trials of telnet access on my router ?

hi ,

i have a  aother problem ,

when i perform

login block-for 10 attempts 3 within 60

command , and some body lock the telnet access by exceeding the number of trails ,

when i type the commadn sh login failures , it seems to be empty !!!!!!!!!!!

i mean that if i configured  

login block-for 10 attempts 3 within 60

for command and somebody exceeded the trials , and  i tried to showe the failed logins , ========> it just show the last login and clear the previous   failed logins ,

my question is how to still let it showing the previuos failed logins  after applying

login block-for 10 attempts 3 within 60

  command ???

regards

Re: how to log the trials of telnet access on my router ?

To log all the trials of access my telnet router do

username ciscoxxx privil 15 passw 0 ciscoxxx

!

access-list 23 permit any log

!

line vty 0 4

access-class 23 in

  login local

transport input all

line vty 5 15

access-class 23 in

login local

transport input all

this will log all telnet attempts like

2960_48#sh logg

.......

Aug  9 15:27:53.844: %SEC-6-IPACCESSLOGS: list 23 permitted 192.168.2.1 2 packets

amd dont forget to rate post when you check config

2139
Views
5
Helpful
18
Replies
CreatePlease to create content