[c-nsp] debug to see what IP is trying to log in via telnet
Tóth András
diosbejgli at gmail.com
Wed Feb 23 15:55:29 EST 2011
Hi Alan,
The following command might help. It needs aaa new-model to be enabled
I believe.
login on-failure log
Feb 23 21:46:23.922: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:
test] [Source: 10.0.0.1] [localport: 22] [Reason: Login Authentication
Failed] at 21:46:23 CET Wed Feb 23 2011
Tested on 12.2(33)SXI3 , 12.2(53)SE and 15.0(1)M4.
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1180994
Best regards,
Andras
On Wed, Feb 23, 2011 at 8:40 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> hi,
>
> okay...i appear to have mislaid some memory cells over the past month
> which coincides with a major bout of unable to drive google/bing or cisco.com
> properly(!) ;-)
>
> basically, auth logs show a device somewhere is trying to log into
> some switches with wrong user/pass..... and I cant recall/dig how to
> debug on the switch to see what IP is causing the mischief
>
> the obvious 'debug telnet' only debugs the negotiation/method/junk
> rather than provide anything useful....any chance someone can throw
> me a line to jog my memory on this score?
>
> cheers
>
> alan
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list