cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2324
Views
0
Helpful
10
Replies

login failures do not show user name for Telnet sessions

kst.amand
Level 1
Level 1

We currently have login on-failure configured, but have found the user information is blank for Telnet sessions. Whereas SSH failed logins DO show the user information.

We are running IOS 12.4(22)T.

Is this expected or possibly a configuration setting I am missing?

Thank you.

10 Replies 10

Erick Delgado
Level 1
Level 1

Hi,

I am a little bit confused about your setup.

Could you please attach the running config?

Please delete IP address and erase password even do if those are encrypted.

Thanks,

here is what I think the pertinent snipet is. If you need other portions of config, let me know

Thx

login block-for 60 attempts 3 within 60

login on-failure log every 3

login on-success log

Are you doing local AAA authentication?

Let me do a really quick LAB recreation for determine how we can fix this issue.

yes local AAA authentication

Thank you

So far I test in IOS version 12.4(15)T9 and it work as expected.

*Aug 19 21:29:49.987: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [S

ource: 192.168.250.24] [localport: 22] at 21:29:49 UTC Wed Aug 19 2009

*Aug 19 21:30:14.643: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [S

ource: 192.168.250.24] [localport: 23] at 21:30:14 UTC Wed Aug 19 2009

let me try with your IOS version.

Here are the results we are getting;

.Aug 19 17:37:21 edt: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.x.x.x] [localport: 23] [Reason: Login Authentication Failed] at

17:37:21 edt Wed Aug 19 2009

.Aug 19 17:37:25 edt: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.x.x.x] [localport: 23] [Reason: Login Authentication Failed] at

17:37:25 edt Wed Aug 19 2009

rhil1-aa-ar01#

Version Info;

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Wed 25-Feb-09 17:55 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

rhil1-aa-ar01 uptime is 12 weeks, 1 day, 12 hours, 3 minutes

System returned to ROM by reload at 05:30:00 edt Tue May 26 2009

System restarted at 05:32:38 edt Tue May 26 2009

System image file is "flash:c2800nm-advipservicesk9-mz.124-24.T.bin"

I hope this helps

Collin Clark
VIP Alumni
VIP Alumni

Telnet does not require usernames. You should disable telnet and only use SSH (for many reasons).

agreed - but unfortunately some of our NOC tools do not currently support anything but Telnet. Until we are able to upgrade those tools, we would like to obtain the userid for all failed logins.

thank you

Hi,

You are hitting the bug id CSCsd58148. This bug is solved in IOS version 12.4(24)T1.

I did the lab recreation on my lab please see logs below.

*Aug 19 22:08:28.531: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 192.168.250.24] [localport: 23] [Reason: Login Authentication Failed] at 22:08:28 UTC Wed Aug 19 2009

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Fri 19-Jun-09 15:13 by prod_rel_team

Please upgrade and if you still having the issue please let me know.

I have a couple of issues on this:

"Telnet does not require usernames". Not sure what you mean by this. If you have AAA authentication properly configured, you will get username prompt.

Even if you ugrade to 12.4(15)T9 or in my case, 12.4(20)T3, you will not get the username in the log message when you have authentication failure, only with success one.