Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
6
Replies

Tracking remote logon access to my 3750 switch

Go to solution
doddman11
Level 1
Level 1

‎12-18-2015 08:26 AM - edited ‎02-21-2020 05:39 AM

I need to know if someone logged into my switch without my knowledge. Is this information in default logs? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
7367wells
Level 1
Level 1
In response to doddman11

‎12-18-2015 09:05 AM

Ah okay, in that case I dont know of a way to do it. 

In the short term you can set up an ACL to restrict which VLANs have access via SSH to your switch. Then research setting up some kind AAA method, that way you can make sure there is a log of who is authenticating, a list of who can authenticate and what commands they have done. 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
7367wells
Level 1
Level 1

‎12-18-2015 08:43 AM

Do you have some TACACS or similar configured?

0 Helpful

Go to solution
doddman11
Level 1
Level 1
In response to 7367wells

‎12-18-2015 08:56 AM

I had to google this term - I do not. 

0 Helpful

Go to solution
7367wells
Level 1
Level 1
In response to doddman11

‎12-18-2015 09:05 AM

Ah okay, in that case I dont know of a way to do it. 

In the short term you can set up an ACL to restrict which VLANs have access via SSH to your switch. Then research setting up some kind AAA method, that way you can make sure there is a log of who is authenticating, a list of who can authenticate and what commands they have done. 

0 Helpful

Go to solution
doddman11
Level 1
Level 1
In response to 7367wells

‎12-18-2015 10:09 AM

follow-up questions:

1. Does AAA require a central server with specific software? And by server, does it mean a computer? 

2. These lines are at the end of the config:

line con 0
password x
login
exec-timeout 2 30
line vty 0 4
password x
login
exec-timeout 2 30
line vty 5 15
password x

login
exec-timeout 2 30

Wouldn't "line 0 15" do the same thing if the passwords are the same? 

3. What about system messages saved to the default syslog? Are these cleared once you log out of console or vty? 

0 Helpful

Go to solution
7367wells
Level 1
Level 1
In response to doddman11

‎12-21-2015 07:10 AM

1. Yes you configure ACS on a server (virtual is fine). Then you can configure the switch to authenticate that ACS server. (ACS provides the AAA)

2. https://learningnetwork.cisco.com/thread/2367  should be able to shed some light on that for you. Incidentally you have exec timeout configured on only the first 5 lines.

3. I think you are referring to the normal log (show log) then it isnt cleared when you log out. 

0 Helpful

Go to solution
doddman11
Level 1
Level 1

‎12-18-2015 09:39 AM

Thanks for your help and time. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card