Re: Telnet access and syslog messages

carrara_ictc · ‎01-18-2008

Hi,

in this forum I found that to log telnet access to routers (Successful/Unsuccessful - Authorized/Unauthorized) a possible configuration is:

access-list 10 permit 10.1.1.1

access-list 10 permit 10.51.21.34

access-list 10 permit 10.51.8.32

I find on cisco.com these syslog events related to telnet:

%TN-2-BADLOGIN : Bad login string pointer [hex]

%TN-3-BADSTATE : Illegal state [dec]

%TN-3-READLINE : Unknown return code [dec] from telnet_readline()

(http://www.cisco.com/en/US/docs/ios/12_3/sem2/system/messages/emgtdm.html#wp139576)

"%TN-2-BADLOGIN : Bad login string pointer [hex]" is related to unauthorized telnet access to the router?

Can you suggest me some syslog messages generated when someone tries to access a router?

Thanks a lot

ivillegas · ‎01-24-2008

I have experienced "% telnet connections not permitted from this terminal " messages on the console. Issuing the command "transport output telnet ssh " under line vty 04 resolves this issues.

cisco24x7 · ‎01-24-2008

Try this:

login block-for 1 attempts 3 within 1

login delay 1

login on-failure log

Here is a message of someone login unsuccessfully to a router:

Jan 24 17:59:16 10.109.114.101 13632: Jan 24 19:59:15: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: dkdkdk] [Source: 192.168.1.1] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 19:59:15 UTC Thu Jan 24 2008

Easy right?

CCIE Security

fisko · ‎04-21-2010

What about OLD IOS this is extended login feature in 12.4(3)?