Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
4
Replies

How can I get recorded the information of accessing router via telnet ?

snakayama
Level 3
Level 3

‎05-27-2004 12:35 AM - edited ‎03-09-2019 07:32 AM

Hi,

I would like to get recorded the information

"Who is getting logged into the router via telnet ?"

by using the function router has itself that is just

using "username" and "aaa authentication ... local"

commands, not using TACACS + or RADIUS.

I understand that I can record the information of

accessing NVRAM by telnet user using "conf t" command

with the following configuration.

----

username xxx password xxx

aaa authentication login test local

line vty 0 4

login authentication test

----

By configuring above, router logs the following

information/message onto the buffer which can be seen

by "sh log" command later.

%SYS-5-CONFIG_I: Configured from console

by "username" on vty 0 (xxx.xxx.xxx.xxx)

However this message is just generated when telnet

user access the NVRAM by "conf t" command.

It means I have no idea who is on the router, as

long as he executes the "conf t" command.

Are there any way to work out this issue or I can't

work out it without TACACS+ or RADIUS ?

Any information would be appreciated.

Regards,

Labels:
0 Helpful
4 Replies 4

piergiorgio
Level 1
Level 1

‎05-27-2004 06:19 AM

If I understand your problem you can create an access-list:

access-list 101 permit tcp source-ip wildcard destination-ip wildcard -eq 23 log

with the log option you can log the user that access to the router

I think that you can use also logging buffered command

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to piergiorgio

‎05-27-2004 06:51 AM

With an extended access list like 101 there are issues like what interface will it be applied to (probably the answer needs to be every interface) and what address needs to be defined as dentination address (probably every address on the router) and how do you distinguish telnet traffic going THROUGH the router (do not want to log that) from traffic going TO the router (do want to log that).

I believe a better solution would be:

access-list 1 permit any log

line vty 0 4

access-class 1 in

the access-class uses a standard access list to examine specifically telnet traffic where the router is the destination, so there is no issue of transit traffic vs destination traffic. Also it will examine only telnet traffic, where with an access list applied to an interface it will examine ALL packets coming into that interface which would be much more overhead on the router.

HTH

Rick
0 Helpful

piergiorgio
Level 1
Level 1
In response to Richard Burts

‎05-27-2004 10:17 AM

Yes, I'm agree whith you, it's a better solution,rburts.

0 Helpful

snakayama
Level 3
Level 3
In response to piergiorgio

‎05-27-2004 06:10 PM

Hi all,

Thank you very much for your help.

I understand I can record the IP adddresses which

used by telnet user (source IP address of telnet

traffic) by using access-class.

In this case, however, I think I still can not

record "username" which used by telnet user to get

logged into the router.

I would like to get recorded the "username" instead

of IP address of telnet user.

Regards,

0 Helpful
Customers Also Viewed These Support Documents