Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP Trap on Failed Telnet Attempt

We've recently implemented ACLs to block network ranges from telneting to ur routers and switches from unauthorised IP address ranges which is working well. We would like to log attempts from blocked ranges, preferably to our NMS via an SNMP trap. Is this possible at all? We already have TACACS+ logging to an ACS server for failed login attempts and could turn on syslogging, but would like to do it via SNMP so that the manager can see an instant alert from our NMS server screen which is SNMP only.

Many thanks for any help.


Re: SNMP Trap on Failed Telnet Attempt

I know that it is an issue that is device/mib specific. Some devices will indeed issue a trap for an SNMP authentication failure and the trap will include the IP of the offending device. Other will send the trap but it will not have a space for the offending device included. SNMP appears to be the only source for the auth failures. A failed telnet attempt does not appear to generate the same trap sequences. This appears to be a device feature. Higher end devices will include the IP. You may close the case. Unless you have some insight into how to get the devices to include the offending IP and to generate an auth fail trap for SNMP queries and for Telnet attempts, we can consider this a moot point.