08-19-2009 12:30 PM - edited 03-10-2019 04:39 PM
We currently have login on-failure configured, but have found the user information is blank for Telnet sessions. Whereas SSH failed logins DO show the user information.
We are running IOS 12.4(22)T.
Is this expected or possibly a configuration setting I am missing?
Thank you.
08-19-2009 01:09 PM
Hi,
I am a little bit confused about your setup.
Could you please attach the running config?
Please delete IP address and erase password even do if those are encrypted.
Thanks,
08-19-2009 01:15 PM
here is what I think the pertinent snipet is. If you need other portions of config, let me know
Thx
login block-for 60 attempts 3 within 60
login on-failure log every 3
login on-success log
08-19-2009 01:24 PM
Are you doing local AAA authentication?
Let me do a really quick LAB recreation for determine how we can fix this issue.
08-19-2009 01:29 PM
yes local AAA authentication
Thank you
08-19-2009 01:28 PM
So far I test in IOS version 12.4(15)T9 and it work as expected.
*Aug 19 21:29:49.987: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [S
ource: 192.168.250.24] [localport: 22] at 21:29:49 UTC Wed Aug 19 2009
*Aug 19 21:30:14.643: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [S
ource: 192.168.250.24] [localport: 23] at 21:30:14 UTC Wed Aug 19 2009
let me try with your IOS version.
08-19-2009 01:39 PM
Here are the results we are getting;
.Aug 19 17:37:21 edt: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.x.x.x] [localport: 23] [Reason: Login Authentication Failed] at
17:37:21 edt Wed Aug 19 2009
.Aug 19 17:37:25 edt: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.x.x.x] [localport: 23] [Reason: Login Authentication Failed] at
17:37:25 edt Wed Aug 19 2009
rhil1-aa-ar01#
Version Info;
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 25-Feb-09 17:55 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
rhil1-aa-ar01 uptime is 12 weeks, 1 day, 12 hours, 3 minutes
System returned to ROM by reload at 05:30:00 edt Tue May 26 2009
System restarted at 05:32:38 edt Tue May 26 2009
System image file is "flash:c2800nm-advipservicesk9-mz.124-24.T.bin"
I hope this helps
08-19-2009 01:10 PM
Telnet does not require usernames. You should disable telnet and only use SSH (for many reasons).
08-19-2009 01:17 PM
agreed - but unfortunately some of our NOC tools do not currently support anything but Telnet. Until we are able to upgrade those tools, we would like to obtain the userid for all failed logins.
thank you
08-19-2009 02:11 PM
Hi,
You are hitting the bug id CSCsd58148. This bug is solved in IOS version 12.4(24)T1.
I did the lab recreation on my lab please see logs below.
*Aug 19 22:08:28.531: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 192.168.250.24] [localport: 23] [Reason: Login Authentication Failed] at 22:08:28 UTC Wed Aug 19 2009
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 19-Jun-09 15:13 by prod_rel_team
Please upgrade and if you still having the issue please let me know.
08-19-2009 06:10 PM
I have a couple of issues on this:
"Telnet does not require usernames". Not sure what you mean by this. If you have AAA authentication properly configured, you will get username prompt.
Even if you ugrade to 12.4(15)T9 or in my case, 12.4(20)T3, you will not get the username in the log message when you have authentication failure, only with success one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide