cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7189
Views
0
Helpful
2
Replies

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed]

kishore.rajani
Level 1
Level 1

Hi,

We have a C4948E switch which is generating the following logs every ten minutes:

May 28 12:44:13 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Username: -40.0] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:13 UTC Tue May 28 2013

May 28 12:44:59 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:59 UTC Tue May 28 2013

We have a terminal server (C2901) set up with reverse ssh to all the devices including the above C4948E. Can this be the one to initiate the logins?

The IOS of both devices is as below:

C4948E -  cat4500e-entservicesk9-mz.151-1.SG.bin

C2901 -  c2900-universalk9-mz.SPA.152-3.T.bin

I am unable to identify what is triggering the above logs to be created.

Any help to resolve this would be appreciated.

Many thanks

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Your 2901 log should indicate what remote user/system is logging in to access the 4848. A 10 minute periodicity certainly sounds like a program-initiated activity. Perhaps a configuration management tool like Rancid or such with incorrect credentials configured?

Hi Marvin,

I have updated the IOS of the Cisco 2901 Terminal Server and since then the logs have stopped. It looks like there is some bug in the IOS, may be?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: