Nexus 7K Authentication failure logging

Mahmoud Elsoury · ‎05-04-2015

I have found that illegal access logs for Nexus VDCs are all on the Admin context logs and no logs appear on each VDC, like the one below:

Authentication failure for illegal user cisco from 10.230.250.40 - sshd[20191

i.e if user tried to access the box through vty (any interface vlan) on any of the VDCs, the illegal access log will be in the Admin context logs.

I have searched alot for any documentation that explains that but found none, Is it noted anywhere?!

gmagno001 · ‎05-04-2015

Mahmoud Elsoury,

See the documentation above topic VDC Management

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_nx-os_cfg/vdc_overview.html#pgfId-1073818

If the topology correct try created a user local in the vdc to isolated problem with radius (tacas)

Regards,

Gus Magno

Mahmoud Elsoury · ‎05-05-2015

Thanks gmagno001, and please let me clarify the isuue.

I had some logs of illegal access on the Admin VDC, and when tracing found that there was a server scanning the network but not the Admin management network.

After some investigations, I found that it was scanning networks on other VDCs on the same box.

My question is: why the access logs did not appear on the data VDCs and only appeared on the management VDC?

gmagno001 · ‎05-05-2015

I get it Mahmoud Elsoury,

Try this command in the vdc that you want:

aaa authentication login error-enable

Refer: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_aaa.html#wp1281748

Regards.