[c-nsp] debug to see what IP is trying to log in via telnet
Andrew Koch
andrew.koch at gawul.net
Wed Feb 23 16:10:04 EST 2011
On Wed, Feb 23, 2011 at 14:21, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> wouldn't the IP of the host it speaks of in the logs? or does it just say "failed log in from somewhere out on the network"…?
>>
>> my logs have a src…
>>
>> %SEC-6-IPACCESSLOGP: list denied tcp 88.243.16.148(3900) -> 10.142.7.1(23), 1 packet
>
> the device is on a legit bit of network so will be allowed by the
> current VTY/management plane ACLs ... AAA system sees query from the switch
> not from the originator of the login. its trivial i know that (which
> is the frustrating part! :-) )
You can log the successful ACL attempts too, even though the login
failed. This is provided the box is not too overly active with valid
login attempts.
access-list 80 permit 0.0.0.0 0.0.0.0 log
line vty 0 4
access-class 80 in
Then you get a log like so, indicating the ACL was passed, not
necessarily that a login was completed:
Aug 14 09:34:45.082 CDT: %SEC-6-IPACCESSLOGS: list 80 permitted
x.x.x.x 2 packets
HTH,
Andy
More information about the cisco-nsp
mailing list