This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Continuous AAA.authfail in Logs !!! Need help

Continuous AAA.authfail in Logs !!! Need help

Prashanth_Kumar
New Contributor

‎04-05-2017 08:50 AM

I Am having a continuous logs in my switch . see some logs below for reference

04/05/2017 09:00:55.66 Login failed for user shell through telnet (5.140.0.7)04/05/2017 09:00:55.34 Login failed for user enable through telnet (70.91.21.21)
04/05/2017 09:00:54.12 Login failed for user enable through telnet (5.140.0.7)
04/05/2017 09:00:53.66 Login failed for user supervisor through telnet (70.91.21.21)
04/05/2017 09:00:53.39 Login failed for user root through telnet (5.140.0.7)
04/05/2017 09:00:52.30 Switch, Code 5: Air flow mismatch detected in slot 1. Ensure all fantray and psu models are of similar air flow. (X460G2-48t-10G4, P/N: 800550-00-04, S/N: 1503N-40087, Rev: 4.0)
[7mPress to continue or to quit: [m [60;D [K04/05/2017 09:00:51.68 Login failed for user shell through telnet (70.91.21.21)
04/05/2017 09:00:51.50 Login failed for user shell through telnet (5.140.0.7)
04/05/2017 09:00:50.06 Login failed for user enable through telnet (70.91.21.21)
04/05/2017 09:00:49.61 Login failed for user enable through telnet (5.140.0.7)
04/05/2017 09:00:48.45 Login failed for user admin through telnet (70.91.21.21)
04/05/2017 09:00:47.99 Login failed for user root through telnet (5.140.0.7)
04/05/2017 09:00:46.75 Login failed for user shell through telnet (70.91.21.21)
04/05/2017 09:00:46.16 Login failed for user shell through telnet (5.140.0.7)
04/05/2017 09:00:45.07 Login failed for user enable through telnet (70.91.21.21)
04/05/2017 09:00:44.47 Login failed for user enable through telnet (5.140.0.7)
04/05/2017 09:00:43.90 Login failed for user enable through telnet (78.188.179.98)
04/05/2017 09:00:43.42 Login failed for user admin through telnet (70.91.21.21)
04/05/2017 09:00:42.90 Login failed for user root through telnet (5.140.0.7)
04/05/2017 09:00:41.39 Login failed for user shell through telnet (70.91.21.21)

This is continuously repeating in the logs ... is there a way to resolve this
0 Kudos
6 REPLIES 6

Stefano_Dall_Os
New Contributor III

‎04-05-2017 11:57 AM

agree with everybody else here:
- enable SSH
- put an ACL on BOTH telnet and SSH
- put an ACL also on SNMP (otherwise some bad guy can try to do nasty things using snmp on you switch)
- if you want, DISABLE public and private snmp commuinity

cheers

Stefano
0 Kudos

Leviodjos
New Contributor

‎04-05-2017 11:49 AM

I think it will be a good idea to disable telnet, and use SSH. Nick Yakimenko is right about making an ACL to allow only authorized IP addresses.
0 Kudos

Ronald_Dvorak
Honored Contributor

‎04-05-2017 11:37 AM

The question is whether the clients should be able to reach the switch but we can't answer that as we don't know your network.

But normaly a firewall should protect the network from the outside/internet = access to the switch shouldn't be allowed.

To add a ACL to the switch or disable telnet/ssh will only deny access to the switch but doens't protect the rest of the network.

0 Kudos

Frank
Contributor

‎04-05-2017 11:25 AM

Looks like your switch is reachable from the Internet and all its nefarious denizens.

I'd suggest what Nick said, specifically:
- enable ssh
- disable telnet
- if possible, only enable ssh on the management port
- if not, allow ssh only from specific IPs in your network

0 Kudos
GTM-P2G8KFN