05-04-2015 02:09 AM - edited 03-01-2019 07:54 AM
I have found that illegal access logs for Nexus VDCs are all on the Admin context logs and no logs appear on each VDC, like the one below:
Authentication failure for illegal user cisco from 10.230.250.40 - sshd[20191
i.e if user tried to access the box through vty (any interface vlan) on any of the VDCs, the illegal access log will be in the Admin context logs.
I have searched alot for any documentation that explains that but found none, Is it noted anywhere?!
05-04-2015 08:08 AM
See the documentation above topic VDC Management
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_nx-os_cfg/vdc_overview.html#pgfId-1073818
If the topology correct try created a user local in the vdc to isolated problem with radius (tacas)
Regards,
Gus Magno
05-05-2015 12:15 AM
Thanks gmagno001, and please let me clarify the isuue.
I had some logs of illegal access on the Admin VDC, and when tracing found that there was a server scanning the network but not the Admin management network.
After some investigations, I found that it was scanning networks on other VDCs on the same box.
My question is: why the access logs did not appear on the data VDCs and only appeared on the management VDC?
05-05-2015 07:03 AM
I get it Mahmoud Elsoury,
Try this command in the vdc that you want:
aaa authentication login error-enable
Refer: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_aaa.html#wp1281748
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide