cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3758
Views
0
Helpful
2
Replies
Highlighted
Beginner

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed]

Hi,

We have a C4948E switch which is generating the following logs every ten minutes:

May 28 12:44:13 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Username: -40.0] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:13 UTC Tue May 28 2013

May 28 12:44:59 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:59 UTC Tue May 28 2013

We have a terminal server (C2901) set up with reverse ssh to all the devices including the above C4948E. Can this be the one to initiate the logins?

The IOS of both devices is as below:

C4948E -  cat4500e-entservicesk9-mz.151-1.SG.bin

C2901 -  c2900-universalk9-mz.SPA.152-3.T.bin

I am unable to identify what is triggering the above logs to be created.

Any help to resolve this would be appreciated.

Many thanks

2 REPLIES 2
Hall of Fame Guru

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.

Your 2901 log should indicate what remote user/system is logging in to access the 4848. A 10 minute periodicity certainly sounds like a program-initiated activity. Perhaps a configuration management tool like Rancid or such with incorrect credentials configured?

Beginner

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.

Hi Marvin,

I have updated the IOS of the Cisco 2901 Terminal Server and since then the logs have stopped. It looks like there is some bug in the IOS, may be?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards