Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3750 sw is not sending SSH login failure SNMP trap

Hi experts,

I want to make my switch send trap when failed SSH login is detected. I found the "login Enhancement" feature and enabled the trap and logging for the failed attempt.

3750# sh run | in login

aaa authentication login default local

login delay 1

login on-failure

3750# sh login

     A login delay of 1 seconds is applied.

     No Quiet-Mode access list has been configured.

     All failed login is logged and generate SNMP traps.

     Router NOT enabled to watch for login Attacks

Then I enabled all the traps except the one for the syslog (because I don't want all the log messages are sent as SNMP traps...)

(config)# snmp-server enable traps

(config)# no snmp-server enable traps syslog

(config)# snmp-server host 10.1.1.1 mysnmpkey

Now when I try to login with incorrect password I do see the log but I don't receive the trap...

Nov 23 12:39:27: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: admin] [Source: 10.1.1.1] [localport: 22] [Reason: Login Authentication Failed] at 12:39:27 EST Wed Nov 23 2011

Of course when I enable the "syslog" trap I see something but that's more just for this log message

Any idea why??

My 3750-24TS-E is running

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)

Thanks!

Difan

7 REPLIES

3750 sw is not sending SSH login failure SNMP trap

Hi,

Can you please configure following and check:

R1(config)#snmp-server enable traps aaa_server

HTH,

Smitesh

New Member

3750 sw is not sending SSH login failure SNMP trap

Hey Smitesh thanks for the reply. However my switch doesn't support the aaa_server trap...

#snmp-server enable traps ?

  auth-framework    Enable SNMP CISCO-AUTH-FRAMEWORK-MIB traps

  bgp               Enable BGP traps

  ...

Mine is a 3750 switch. Is this command for routers?

Thanks,

Difan

3750 sw is not sending SSH login failure SNMP trap

Hi,

It is 3725 with IOS 12.4 (15) T5

Regards,

Smitesh

New Member

3750 sw is not sending SSH login failure SNMP trap

Hi Smitesh, does that mean that this feature is supported on my switches? So there is no way to send trap upon failed login?

Thanks

3750 sw is not sending SSH login failure SNMP trap

Hi,

Not sure, but there iss one 3750 coming to my NOC this afternoon. I will check on that and will get back to you.

Regards,
Smitesh

3750 sw is not sending SSH login failure SNMP trap

Hi,

I'm sorry, I couldn't find that option in 3750. Need to do little more digging.

If I find anything, I will get back to you.

Regards,

Smitesh

New Member

3750 sw is not sending SSH login failure SNMP trap

Hey thanks. I appreciate it. Please keep me posted.

1394
Views
0
Helpful
7
Replies