Hi Alan, The following command might help. It needs aaa new-model to be enabled I believe.
login on-failure log Feb 23 21:46:23.922: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: test] [Source: 10.0.0.1] [localport: 22] [Reason: Login Authentication Failed] at 21:46:23 CET Wed Feb 23 2011 Tested on 12.2(33)SXI3 , 12.2(53)SE and 15.0(1)M4. http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1180994 Best regards, Andras On Wed, Feb 23, 2011 at 8:40 PM, Alan Buxey <a.l.m.bu...@lboro.ac.uk> wrote: > hi, > > okay...i appear to have mislaid some memory cells over the past month > which coincides with a major bout of unable to drive google/bing or cisco.com > properly(!) ;-) > > basically, auth logs show a device somewhere is trying to log into > some switches with wrong user/pass..... and I cant recall/dig how to > debug on the switch to see what IP is causing the mischief > > the obvious 'debug telnet' only debugs the negotiation/method/junk > rather than provide anything useful....any chance someone can throw > me a line to jog my memory on this score? > > cheers > > alan > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/