Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1778
Views
0
Helpful
3
Replies

E-mails about unsuccessfull login attempts by Prime. How do we resolve the issue?

Nevyn Bergstrom
Level 1
Level 1

‎04-07-2013 11:46 PM - edited ‎07-03-2021 11:51 PM

Just last week we changed the password of our controllers and this weekend we got some copies of the following e-mail:

------------------------------------------------------------------------------------------------

Virtual Domain: ROOT-DOMAIN

NCS has detected one or more alarms of category Security and severity Critical in Virtual Domain ROOT-DOMAIN

for the following items:

1. Message: User 'admin' with IP Address '10.xx.xx.xx' has made too many unsuccessful login attempts.

E-mail will be suppressed up to 30 minutes for these alarms.

------------------------------------------------------------------------------------------------

10.xx.xx.xx is the ip of our primary Prime-server.

I would assume that we need to change the password somewhere in Prime, the question is where? Or is this something else?User 'adm

2 people had this problem
Labels:
0 Helpful
3 Replies 3

David Melanz
Level 1
Level 1

‎07-08-2013 11:17 AM

I am also experiencing a problem very similar to this.  Any help on the matter will be greatly appreciated!

0 Helpful

Rollin Kibbe
Cisco Employee
Cisco Employee

‎07-09-2013 10:40 AM

Hi Nevyn:

Cisco's Prime family of products has several members.  I'm going to assume that you're talking about Prime Infrastructure. 

The default user to the administrative command line interface is named "admin".  That user's credentials are stored in the CARS application that provides that command line interface.  While admin's password can be changed in the CLI with the configuration level command

config t

username admin password plain role admin

end

write mem

if admin's password is forgotten, one has to download the .iso image of Prime Infrastructure, boot off that to reset admin's password.

The default administrative user in the GUI of Prime Infrastructure is named "root".  That user's credentials are stored in Prime Infrastructure's Oracle database, and can be changed through Administration > AAA  > Users, or from the CLI with the command

ncs password root password

There's no facility in place to monitor, track or report of attempted login failures to the CLI, so these reported failed attempts have to be attempts to log into the GUI.  This is probably something as simple as an admin user who's used to logging in at the CLI trying to log into the GUI with the same credentials they "always use" rather than "root" or whatever their particular GUI username and password are.  It could also be someone trying to gain access, assuming that there's a GUI user named "admin", too. 

Your CLI access seems to be secure.

Your GUI access either needs to be explained to someone trying to use the wrong user in the wrong place, or you've indeed got a security issue with an attacker. 

0 Helpful

David Melanz
Level 1
Level 1

‎07-10-2013 03:04 PM

Make sure your username and password under Telnet/SSH Parameters in the controller settings on Prime Infrastructure are the same as the GUI/CLI username and password on the physical controller. 

Configure>Devices>Controllers>select controller>properties>settings>Telnet/SSH Parameters>username, password, confirm password.

What is happening is Prime Infrastructure is trying to log into the device via telnet/SSH and was failing because either the username or password was mismatched.  Also make sure to verify the priority order for the management user on your controller.  Make sure it refects which ever authentication method you're using, i.e. local authentication being a local user or radius authentication using ACS or ISE as the authenticator.

Security>Priorty Order>Management User.

Hope this helps!

-Dave

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card