topic Re: Is there possible to ignore user continue trying login? in Switches, Hubs, and Modems

Is there possible to ignore user continue trying login?

wowhsieh — Tue, 31 Mar 2020 06:59:45 GMT

I noticed from switch 5130 system logs, there were a lot of user trying login, is there possible to ignore those login to prevent 5130 busy respond?

Re: Is there possible to ignore user continue trying login?

Ivan_B — Tue, 31 Mar 2020 12:56:53 GMT

Hello!

Do you want to suppress messages to prevent them from appearing in the logbuffer? If that is what you want, check 'info-center logging suppress module' command.

Examples
# Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module.
<Sysname> system-view
[Sysname] info-center logging suppress module shell mnemonic shell_login

Hope it helps!

Re: Is there possible to ignore user continue trying login?

wowhsieh — Tue, 31 Mar 2020 14:58:39 GMT

a simple topology like below~~

pc > layer2 switch > firewall > 5130 > modem > internet

a user said his pc software session always broke from time to time, I spent a lot of time to troubleshooting network and devices and still not found problem, but it seems that 5130 is the most possible problem,

just now(about 21:13) I noticed the network link broke at 5130, I look at the log and found a lot of "topology change" at port 15, the port link to a Cisco switch, I wonder maybe it's STP feature cause the network broke for a while?! so I turn off STP(default is on) and wait to see if that happened again ...

Re: Is there possible to ignore user continue trying login?

wowhsieh — Tue, 31 Mar 2020 15:26:23 GMT

is it possible that 5130 drop those users who trying to login(a lot of trying login in one minute) so 5130 won't pay attention to those trying.

Re: Is there possible to ignore user continue trying login?

Ivan_B — Tue, 31 Mar 2020 15:50:48 GMT

Hello!

If the switch will be rejecting all login attempts, how will it distinguish valid login attempt from non-valid? We need to think in this direction and the solution is below. But, in general, that idea to expose the switch to the Internet is quite dangerous, these devices do not have sophisticated security mechanisms, normally these are behind firewalls.

My suggestion - protect management plane of this switch with proper ACLs, allow only access from your local network and deny all other IP addresses. You can protect HTTP/HTTPS with ACL, as well as SSH or Telnet (which I suggest to disable, as it is not secure at all).

Check the Fundamentals Command Reference and Configuration guides for commands:

ip http acl
ip https acl

For VTY (telnet and SSH) protection, check:
user-interface vty 0 15
acl [ ipv6 ] acl-number { inbound | outbound }

Hope it helps!

Re: Is there possible to ignore user continue trying login?

Ivan_B — Wed, 29 Apr 2020 14:38:00 GMT

Hi @wowhsieh !

Did you have time to try the solution proposed? Did it resolve the problem?

Thank you in advance!